advertisement

Article:
  Protect Your Source Code: Obfuscation 101
Subject:   You are teaching people to throw away their money.
Date:   2005-04-13 14:16:25
From:   schwern
Response to: I think you missed the point.

A friend of mine pointed out that I still hadn't mde the core point clear enough. So here it is.


Obfuscation is a waste of your time and money. By teaching people that obfuscation adds any deterence you are teaching them to throw away their time and money.


Why?


Because you are fighting against the entire Internet. You will lose.


Because some bored teenager is going to reverse the obfuscation and post it on the Internet irregardless of its value to him. The more interesting the anti-piracy measure the better, its about challenge not economics. Then anyone who can use google can find and download a copy.


This has been true for the last 20 years and it gets more true all the time.


With this in mind, your obfuscation presents about as much a barrier to pirating your software as byte-compiling it does. That is, it changes it from simply opening up the file and looking at it to doing about 5 minutes of work. For byte-compiling: finding and using a decompiler. For obfuscation: a google search. Since obfuscating is not adding any more anti-piracy value to your product than you're already getting by byte-compiling any amount of time you put into it is a waste of your employer's money.


Furthermore.


Because it increases code complexity which increases code maintenance costs.


If you obfuscate the code by hand, woe be unto the next person who has to maintain that code. Or even if its you, six months later, when you've forgotten what in the hell you did. The automated obfuscator solves this problem, but because it is using rote transforms (ie. refactoring) and well-known obfuscation techniques the pirates will go through it like tissue paper.


I wouldn't even be surprised if someone came out with an automated deobfuscator to undo each Sandmark transform.


That said, I would like to reiterate that the Sandmark automated obfuscator is interesting. An article focusing on how that accomplishes its obfuscations (not just how to use the thing) and how it measures code complexity would be very interesting.


Just don't try to say that its security.


1 to 1 of 1
  1. Matthew Russell photo You are teaching people to throw away their money.
    2005-04-13 15:08:05  Matthew Russell | O'Reilly AuthorO'Reilly Blogger [View]

1 to 1 of 1