[erlang-questions] Re: reverse engineering beam files / obfuscation ?

Richard O'Keefe ok@REDACTED
Mon Feb 15 02:15:58 CET 2010


Quintus faced this issue many years ago now.

There is _nothing_ you can do to stop a sufficiently determined
cracker.  Here's an anecdote.

(1) The Quintus emulator was shipped as an executable binary with
     (a) most but not all of the C symbols stripped
     (b) many but not all of the atoms used in the Prolog system
         clobbered (things users were _supposed_ to be able to mention
         were preserved, everything else smashed).
     (c) we had a special in-house-ONLY tool for restoring the smashed  
names.
(2) Full *and* demo versions of Quintus Prolog were handed out after the
     purchaser signed a contract saying, amongst other things, that they
     would not disassemble the system.
(3) One organisation that got a free demo copy of Quintus Prolog was a
     large software company with a Prolog of their own.  (Fair enough,
     we had a demo copy of their system at one time.)
(4) They attempted to publish in a conference a paper detailing
     implementation techniques that were used, to the best of our  
knowledge,
     only in Quintus Prolog.  Judging from what some of the people  
from that
     company had said previously, they had not then been using these
     techniques themselves.
(5) We informed the conference, and the paper was not published.

The need to disassemble MC68020 instructions hadn't stopped them.
A contract saying they wouldn't reverse engineer hadn't stopped them.

At least if it's in the contract the crackers will KNOW they are
doing something wrong, not just difficult.





More information about the erlang-questions mailing list