Rubyencoder protects Ruby and Ruby on Rails files through compilation and encryption. The encrypted script is run by the rubyencoder loader. Rubyencoder is composedInovica LtdDeveloped. They also made a similar thing for PHP:Sourceguardian.
Rubyencoder can also protect part of the project, allowing plaintext RubyCodeAnd the configuration file. You can alsoProgramRestrict the trial version to a specific primary domain or set a deadline (for details, see the rubyencoder FAQ section ).
Infoq interviewed Alexander belonosov, the leader of rubyencoder, to talk about the project from a technical point of view.
Infoq: How is coding and loading/running performed?
First put RubySource codeCompile it into an internal intermediate format and then encrypt it. Once encoded, the source code is no longer in the protected script. You need to install
Rubyencoder loader to run protected scripts. The loader is actually a ruby extension used to decode and run protected scripts. Protected scripts are not related to the platform, which is very heavy.
Yes, you can run it on all supported platforms. Different operating systems and platforms have different loaders. We support the following platforms: OSX, Linux, and FreeBSD, and we have just launched
Solaris x86. We plan to add support for Windows and other UNIX systems in the near future.
Infoq: The source code is converted to an intermediate format. Do you have your own interpreter to run it or restore it to the original Ruby code?
The original Ruby Code cannot be restored. We use an internal intermediate format. [...] It is internal, binary, executable, and cannot be restored to the original code.
Infoq: If you have your own interpreter, how does it support metaprogramming and other Ruby dynamic features? Or is there no limit?
Contents
The loader returns the internal representation of the Code to Ruby for execution. This gives us maximum compatibility and maintains the dynamic nature of Ruby code. However, we are still looking for other methods.
A version to change or implement a new solution. In any case, using rubyencoder to protect products will be transparent to end users, and Ruby developers will get more advanced and higher
Encoder.
Infoq: We can use the parsetree gem package to access the parsing tree of a class or method. Will rubyencoder affect it?
Parsetree
It is a great extension that can be used to study Ruby and code optimization. If you want to ask if we want to restrict the use of parsetree, the answer is no. When you use
Parsetree and other tools, you must know what needs to be extracted from Ruby and how to discover it. I think you must also think about the reason, the time consumed, and the final result.
What is it :-)
Infoq: Are you planning to support other Ruby implementation versions, such as jruby? Is it possible to port the loader to Java to run jruby code?
Currently, we only support standard Ruby. Jruby is a great project and is growing. However, the target market will be a little different.
Infoq: Can bytecode obfuscators use jruby and compiled Ruby source code to achieve the same effect as rubyencoder?
Using jruby and compiled Ruby source code may provide a high level of protection. But it faces the Java environment. Our original intention is to protect the local Ruby and Ruby on Rails projects. In the future, we may decide to strengthen or expand our products.
Infoq: What language is rubyencoder written? Use Ruby and then encrypt yourself?
No, I'm not saying Ruby metaprogramming is poor, but rubyencoder and loader are written in C.
Rubyencoder is a commercial product. A 30-day trial is provided here.
Have you ever used such a code protection tool? Is there any experience to share?
View Original English text:Rubyencoder: obfuscation and code protection for Ruby