Open Design and Integration Environment

Artifact [6d395bac20]
Login
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2018 Conference, Houston/TX, US, Oct 15-19
Send your abstracts to tclconference@googlegroups.com or submit via the online form
by Aug 20.

Artifact 6d395bac20364951b16996d2c75efe55f67b441a:

Wiki page [Obfuscating Source Code in Toadkit] by hypnotoad 2017-08-30 22:41:43.
D 2017-08-30T22:41:43.380
L Obfuscating\sSource\sCode\sin\sToadkit
U hypnotoad
W 1430
Toadkits include several tools to allow developers to obfuscate the Tcl source code embedded in a VFS. Toadkits take the approach of ONLY obfuscating individual files. The reasons are many, and should be obvious to anyone familiar with encryption.

Toadkits include odielb, which generates a random password and embeds it in C. That secret key is available in the build system as "password.txt" in the build directory. (You can also provide a manual password by replacing the contents of that file with your own chosen string.)

Also embedded in odielib is the following command: <b>::kit::crypt_eval</b>. This command can directly execute a block of code that was obfuscated with the embedded key.

The kit also has a built in function to generate an obfuscated block of code: <b>::kit::encrypt</b>. The default implementation uses a bare kit compiled without an attached VFS to act as a shell to run the scm-copy.tcl script distributed in the <a href=/fossil/odie/dir?ci=tip&name=scripts>scripts</a> folder.

Instead of copying the files into the VFS directory, the make system build an obfuscated version in the VFS, using this block of code:
<verbatim>
  set VFS [file join $CWD toadkit.vfs]
  file mkdir $VFS
  # Copy in our "secret squirrel" code
  set SCMCOPY [list ::exec [BASEKIT define get tclkit_bare] [file join $::SRCDIR scripts scm-copy.tcl]]
  {*}$SCMCOPY [file join $::SRCDIR src] ${VFS}
</verbatim>
Z a11cc77bda3c23f75dd51ee55ec8e754