I should have added what my needs are, since it makes my reasoning more
clear. My project runs on mobile phones, with content (lua scripts etc)
that can be downloaded to expand the game at a later date. I need to
guard against casual copying and modification of data files. The
encryption does both, since the key is tied to the specific handset
(each file is encrypted by the server on the fly prior to download) and
also stops modification of the lua scripts.
I was not even attempting to guard against reverse engineering of the
whole application by someone running a debugger. That would be way too
much work, even if it were possible. As has been pointed out, if it is
possible for the CPU to run your code, then it is possible for someone
to reverse engineer it. Difficult perhaps, but possible.
From: [hidden email] [mailto:[hidden email]] On Behalf Of Daniel Collins
Sent: Tuesday, 2 May 2006 9:24 AM
To: 'Lua list'
Subject: RE: obfuscating / protecting LUA code
For my current project, I have to take some measures to protect the lua
scripts against hacking. Rather than try to obfuscate the lua code
itself though, I was just going to pack a bundle of lua scripts and
other resources into encrypted and compressed archive files. I have a
runtime system that loads an archive file and mimics a file interface to
the contents. So lua requires no changes at all and just keeps opening
things from files, but the lua scripts are also protected from unwanted
And sure, a determined hacker could break the encryption but the system
seems reasonable for my needs.