[Newbies] Squeak in commercial projects

Bert Freudenberg bert at freudenbergs.de
Wed Mar 7 18:29:28 UTC 2007 

Well, it's basically just

	#myFirst:secret:selector: become: #a:a:a:

and then rehash the method dictionaries where it was used and class  
Symbol. The VM does not care, it only looks at identity.

- Bert -

On Mar 7, 2007, at 17:11 , Ron Teitelbaum wrote:

> Hey Bert,
>
> This sounds pretty interesting, can you share more about how to mangle
> names.  Does it require a change in the VM to de-mangle?
>
> Ron Teitelbaum
>
>> From: Bert Freudenberg
>>
>> On Mar 7, 2007, at 8:57 , goran at krampe.se wrote:
>>
>>> Hi!
>>>
>>> Just a note - decompiling from bytecodes is very easy in Squeak. The
>>> only thing missing is the original indentation and any comments. But
>>> everything else is there. Just so you know.
>>
>> Well, if you're really concerned about decompiling, just mangle the
>> selectors. As long as you are not constructing Symbols at runtime
>> (#asSymbol, #intern:) this works perfectly well. Same for class names
>> and instance variable names.
>>
>>> Locking down the image is of course doable - so that you can't  
>>> easily
>>> get to the tools etc - but there are of course ways to go around  
>>> that
>>> too. For example, I guess you can use an image file analyzer  
>>> (there is
>>> at least one I think) or hack a VM to do stuff when the image is
>>> loaded.
>>
>> Sure. But if the names are mangled this is about as much fun as
>> reverse engineering machine code. No wait, the tool support is still
>> better ;)
>>
>>>> But doesn't this imply that the source is downloaded, making it  
>>>> easy
>>>> (easier) to hack the system? I could make the private Monticello
>>>> connection secure, update the system and then delete the source...
>>>> just
>>>> thinking out loud.
>>>
>>> Yes - a Monticello package is just a zip file of source code. Sure,
>>> you
>>> can make the transfer "secure" using SSL or whatever - and you can
>>> apply
>>> it and throw it away
>>
>> Well, you certainly would want to encrypt and sign the patch. If you
>> are *that* paranoid I'd not even use MC but just image segments.
>>
>> It's all a question of cost/value. I for one would be more concerned
>> about preventing malicious code injection than the possibility of
>> reverse engineering. But you have to weigh that yourself.

More information about the Beginners mailing list