Stunnix Perl-Obfus (Single Developer Standard Edition)

Stunnix Perl-obfus - the obfuscator for Perl source code

Introduction to Stunnix Perl-obfus

The current trend in the application and web development industry is switching from compiled languages like C/C++ and Delphi to scripting languages like Perl, Javascript or VBScript. One of the main disadvantages of these languages for developers of commercial applications is great ease of studying, analysing and reuse of source code texts of the applications written in these programming languages by customers and competitors. For custom solutions the risk of losing control over intellectual property is even much higher since it's much more difficult to track violations of intellectual property in them due to the highly targeted or even exclusive distribution of such solutions or products - so in such cases violations of intellectual property can be in form of reuse of original source code even with arbitrary level of adaptation! Due to the ease of study and modification, it's extremely difficult to ensure licensing conditions of the code are met too - for example that the program is used only on the hosts it was licensed to, and only till the date it was licensed to run.

Stunnix Perl-obfus is the unique solution for this problem for code written in Perl programming language - it's the advanced and reliable obfuscator for Perl source code that has advanced support for adding extremely difficult to remove automatic checks of licensing conditions. It converts the perl source files (.pl and .pm) into highly mangled and obfuscated form, making it extermely difficult to study, analyse, reuse and re-work for competitors or customers, while fully retaining functionality of the original source code. By default since version 1.3 that highly mangled and obfuscated code is encoded afterwards to hide the structure of the program completely. Stunnix Perl-obfus is not a compiler to machine code - the obufscated form will still be the usual perl source code, thus it will work on all platforms the original source worked on. State of the art support for ensuring license conditions (lifetime expiration, several types of hostname checks, user-defined checks) is present in Stunnix Perl-Obfus since version 1.5.

Please note that tools that convert code into executables like PAR and PerlApp are not a solution to the code hiding, since all source code of the application gets written to some temporary directory once executable produced by these tools is run, allowing curious users to get to your code in couple of seconds. However, using these tools on the output of Stunnix Perl-Obfus is perfectly supported, for cases when standalone executable needs to be produced from code protected by Stunnix Perl-Obfus.

The obfuscation means:

replacing all symbol names it's possible to with the non-meaningfull ones, e.g. replacing @files with @zcadaa4fc81, while preserving syntaxical and semantical correctness of the source code. Of course predefined symbols like @ARGV and symbols from the third-party or standard Perl modules the perl source code uses will be left the same so the obfuscated code will still work without requiring to obfuscate those third-party or standard Perl modules;
substitution of numeric values with the arithmetic expressions using (random or constant for the same numeric value as requested by the options) decimial and hexadecimial numeric values that evaluate to the same value;
using hexadecimial character codes for all characters in strings;
replacing strings with interpolated variables with the concatenation of the appropriate components;
adding extra parenthesis for the expressions;
removing extra white spaces;
jamming as much code on each line as possible.

The encoding means converting code into special form that completely hides program structure and adding a special advanced decoding code, that will decode the code at runtime and execute it. Since the code to decode encoded body is automatically included into each file, no standalone decoders or interpreters are needed. By default encoding is applied to the result of obfuscation, but it's possible to apply encoding to original source to allow effortless code hiding not requiring any changes to the code to be hidden.

Even only obfuscated code with no encoding applied is extremely difficult to understand for a human since the name of variables and subroutines and other symbols are totally meaningless and hard to remember (e.g. @files becomes @zcadaa4fc81). It's possible to control all aspects of code hiding using the commandline switches of the perl-obfus. An example of how cryptic typical file after obfuscation and encoding with Perl-Obfus looks like is available.

The features summary of Stunnix Perl-obfus:

Stunnix Perl-obfus features in detail

Project Manager - an advanced user interface for projects of any complexity

Power and flexibility of Stunnix Obfuscators are now available via graphical user interface, eliminating the need to even read descriptions of commandline options supported! Stunnix Obfuscator Project Manager - an advanced intuitive cross-platform graphical user interface is included. It allows to protect projects of any complexity, consisting of files of any type, and possibly including code of any type (client-side, server-side, .asp pages with both server side and client-side code, .html files with client-side code), even allowing code in some files to be processed with different sets of options or even not processed at all. It has 'build project' functionality available in most popular IDEs that will result in processing only files which are more fresh than their protected version; files free from code (like images or .css files) will simply be copied to the directory with protected version of the project, allowing to use Project Manager as a generic replacement for 'Make'-like utility. It completely eliminates the need to compose and invoke commandlines manually, all operations can be performed using mouse.

Users who prefer to use commandline will be able to compose build script (a special project-specific perl program that effectively is a smart stand-alone replacement for project-specific Makefile that already includes functionality of the Make utility) for a project using Project Manager and just invoke that build script to perform desired operation like cleaning all output files, rebuilding only changed files or rebuilding all files (with ability to specify only a subset of files to be subject of an operation).

You can see Stunnix Perl-Obfus Project Manager running on our site in demo mode (destructive and editing operations are disabled in it).

You can evaluate Project Manager by downloading it to your computer.

Full support for all Perl language constructs

Due to the deep integration with Perl language interpreter, Stunnix Perl-obfus provides unique level of support for all Perl language constructs and their advanced use, that all other products aiming for obfuscation of Perl source code just technically and theoretically can not provide. Stunnix Perl-obfus supports advanced Perl constructs including nested regular expressions (i.e. regular expressions inside substitution part of s///e operator), all forms of interpolating variables of all types in strings and in regular expressions even with so-called extened patterns, perl formats, all quote and quote-like operators, "<<EOF" constructs and several ways of handling POD documentation and data after __DATA__ sections. This means that majority of the Perl source code obfuscated with Stunnix Perl-obfus will really function the same as non-obfuscated code - this is really unique feature of the Stunnix Perl-obfus. In order to make easier checking the obfuscated code for correctness, a special utility is included that allows to detect names of undeclared subroutines and other symbols.

Full support for applications consisting of several Perl modules

Stunnix Perl-Obfus, unlike other tools, was designed with multi-module programs in mind. Stunnix Perl-obfus allows to keep module export list and arbitrary strings that are treated as symbol names (e.g. portions of the argument of eval builtin function) in sync with the obfuscated names of variables and subroutines automatically, once module source code is modified to markup the list of symbol names to export and string constants that are symbol names.

Full support for keeping library modules application uses in non-obfuscated (original) form

Most applications use Perl standard modules like File::Path or third-party modules. In case of standard Perl modules it's much more preferable not to ship obfuscated version of such standard module, but force the program to use the version that comes with Perl in order to reduce distribution size and to avoid licensing issues. In case of a third-party modules - licensing conditions most often disallow modification of those modules, thus there are no options except shipping them in original, non-obfuscated form. Stunnix Perl-obfus perfectly allows such cases with the concept of the exception lists; utility to generate such exception lists is included into the suite.

Encoding of the file is performed by default

To make the result of processing not even resembling source code in any programming language, encoding is applied to the result of obfuscation by default. No standalone decoder is required for support of encoding files.

Support for ensuring license conditions

There is a state of the art support for program expiration and several variants of hostname checking (single allowed host name, list of hostname tails, regular expression hostname should match). In case license conditions are not met, the program can be removed; also there is an option to print the custom notification message; the program is terminated afterwards. User-defined checks with actions are also supported at the same time too. All checks are grouped in the block of code, to which the special initialization code is added without which the program won't work correctly, and the whole resultant block is encoded to protect it from analysis and modification. This block of code can't be removed from the program body without making it malfunctioning. Several sources of information about current time and host name are suported. See more details here.

Supports source compression mode

Stunnix Perl-Obfus supports source code compression mode via the use of special aid included- in this mode symbols are renamed to the shortest random allowed symbol name possible in order to minimize resultant size of output (the more used symbols are renamed to the shorter symbols). This turns Stunnix Perl-Obfus into so-called "source code compressor" tool. This module works perfectly for multimodule projects too.

Available in Standard and Lite Editions

Stunnix Perl-Obfus is available in Standard and Lite Editions in order to be even more cost-effective. You don't have to pay for very advanced features if you don't need them! There is a document listing differences between editions.

Special mode for as quick preparing of project for protection as possible

A special obfuscation modes are present that let project to be adapted for obfuscation very quickly. There is no need to spend valuable time while performing trial-and-error process of preparation. Due to availability of unique utilities for symbol extraction not available with any other products, the preparation process is short as theoretically possible.

A lot of options to tightly control the obfuscation

As all Stunnix products, programs of a Stunnix Perl-obfus suite have a lot of commandline options to tightly control each aspect of their operation. All options have intuitive names, and there is extensive documentation on each option available. Default options for main part of the Stunnix Perl-obfus suite can be stored in a globally-visible file in order to make use of it more convenient.

There are free very useful web-based commandline builders for Perl-Obfus too; they are very useful for getting impressions of what abilities Perl-Obfus provides.

Utilities to make preparing code for obfuscation easier included

Three extra utilities are included to make preparing code for perfect obfuscation - gen-ident-exceptions.pl, find-undeclared-subs.pl and get-idents-from-html.pl. The gen-ident-exceptions.pl allows to generate a list of symbol names that shouldn't be obfuscated (e.g. ones from third-party modules). The find-undeclared-subs.pl is designed for checking the obfuscated code for absence of undeclared subroutines and other types of symbols, and get-idents-from-html.pl is designed for extraction of names of html form fields.

Included are utilities to gather project-specific exceptions

Unique utilities to gather project-specific exceptions are included: utility to gather html form fields' names and IDs of html elements, and ability to extract all symbols from ActiveX or OLE components.

These utilities are a must have ones for any professional Obfuscator; without them composing lists of exceptions for a project of even medium size is very time-consuming, dull and error-prone process, most typically accomplished by using trial-and-error technique.

The functionality of both utilities is fully integrated into Project Manager user interface and thus can be carried on by using mouse only.

Includes utility to simplify turning protected code into standalone executable using third-party utilities like Perl2Exe

Special utility - get-mods-list.pl - is included to create lists of modules that perl code use's or require's. Such lists of modules are needed by various tools for converting perl code into standalone executables - like Perl2Exe and PAR toolkit.

Means to make analysis of changes between different releases of the obfuscated product more difficult

Among a variety of options that control each aspect of obfuscation and encoding, there are ones that make only obfuscated versions of the same source code to be different from each other. This can be used to make analysis of changes between different versions of the software much more difficult. Another use is distributing unique versions of the obfuscated code to each customer - this way developer can track which customer violated license conditions that resulted in distribution of the product to somebody else.

Key internal parameters of encoding already depend on random values, so the encoded version of the same file will be different on each run.

Easy to install on any Unix/Linux or Windows server

Stunnix Perl-obfus is a suite of Perl applications. It requires a working Perl version 5.8 or greater installed somewhere in your system (a so-called "interpreter for backend"). It needn't be a default perl interpreter in your system - you can install this version of perl into non-standard location for it to coexist with your system perl. Of course the perl version 5.8 or greater is required by Stunnix Perl-obfus itself only, obfuscated version of the code won't require any particular perl version if it didn't require one before. No additional non-standard Perl modules are required for Stunnix Perl-obfus. In case "interpreter for backend" is different from the system perl, no modules required by the program being obfuscated need to be installed for "interpreter for backend".

Stunnix Perl-obfus comes as an archive file in tar.gz or self-extracting archive format. It needs to be extracted to any directory you like. Optionally one can set default values for the site-specific options in the configuration file, however most people won't need to change the defaults.

Web-based commandline builder is available

Despite the fact that primary interface to Stunnix Perl-Obfus is commandline-based, there are very useful commandline builders for Perl-Obfus. There is a link to the documentation near each form field, that fully explains the purpose and semantics of corresponding option.

They are very useful for getting impressions of what abilities Perl-Obfus provides.

There are two editions of Stunnix Perl-obfus - Standard and Lite. There is a document listing differences between these editions.

IT Software Press Release and News