Protect a lua script which has been compiled

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Protect a lua script which has been compiled

Jean Marc VENET
Hello,

I've coded a lua script and compiled it to a .bin file ...

I search a way to protect this .bin file to avoid that the users copy
and use this .bin on other computers .

Is it possible, per example with a registration under an encrypted key
of the HDD serial number in the registry ?

If OK, how to do it ?

Thanks for replying

JM Venet

jmvenet.vcf (158 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Charles Heywood
First - the compiled Lua source is NOT portable. You can't guarantee that it works between machines. Machines that don't support certain things will fail if the bytecode is not compatible with bytecode that would be generated on that machine.

If you still want to continue with doing this, chances are the best bet is to obfuscate the source before compilation and distribution. That would make it harder to understand - but not impossible. You might also look into the bytecode optimizer that was posted a while back because that can help with reduction of reverse-compiling, or someone generating source code from a compiled output.

On Thu, Jan 19, 2017 at 2:25 AM JM Venet Magic.fr <[hidden email]> wrote:
Hello,

I've coded a lua script and compiled it to a .bin file ...

I search a way to protect this .bin file to avoid that the users copy
and use this .bin on other computers .

Is it possible, per example with a registration under an encrypted key
of the HDD serial number in the registry ?

If OK, how to do it ?

Thanks for replying

JM Venet
--

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Dirk Laurie-2
2017-01-19 11:10 GMT+02:00 Charles Heywood <[hidden email]>:

> If you still want to continue with doing this, chances are the best bet is
> to obfuscate the source before compilation and distribution. That would make
> it harder to understand - but not impossible.

On a Un*x system, you can simply mark the executable execute-only.
    chmod go-rw+x myprog.lua

I.e. only the root user can change, copy or reverse-engineer it,
but anyone can run it. You don't even need to compile the Lua
script, a shebang turns any Lua source file into an executable.

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Michael Shalayeff
On Thu, Jan 19, 2017 at 11:49:07AM +0200, Dirk Laurie wrote:

> 2017-01-19 11:10 GMT+02:00 Charles Heywood <[hidden email]>:
>
> > If you still want to continue with doing this, chances are the best bet is
> > to obfuscate the source before compilation and distribution. That would make
> > it harder to understand - but not impossible.
>
> On a Un*x system, you can simply mark the executable execute-only.
>     chmod go-rw+x myprog.lua
>
> I.e. only the root user can change, copy or reverse-engineer it,
> but anyone can run it. You don't even need to compile the Lua
> script, a shebang turns any Lua source file into an executable.

kamon!
anyone with two bits and an adb(1) can has access to the script
that is executable!
in the worst case -- have you heard about those things called
signals and core dumps?
cu
--
    paranoic mickey      (my employers have changed but, the name has remained)

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Charles Heywood
In reply to this post by Dirk Laurie-2
If anyone has either root or physical access to the computer, this is hardly a defence.

On Thu, Jan 19, 2017 at 4:07 AM Dirk Laurie <[hidden email]> wrote:
2017-01-19 11:10 GMT+02:00 Charles Heywood <[hidden email]>:

> If you still want to continue with doing this, chances are the best bet is
> to obfuscate the source before compilation and distribution. That would make
> it harder to understand - but not impossible.

On a Un*x system, you can simply mark the executable execute-only.
    chmod go-rw+x myprog.lua

I.e. only the root user can change, copy or reverse-engineer it,
but anyone can run it. You don't even need to compile the Lua
script, a shebang turns any Lua source file into an executable.

--

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Dirk Laurie-2
In reply to this post by Michael Shalayeff
2017-01-19 12:07 GMT+02:00 Michael Shalayeff <[hidden email]>:

> On Thu, Jan 19, 2017 at 11:49:07AM +0200, Dirk Laurie wrote:
>> 2017-01-19 11:10 GMT+02:00 Charles Heywood <[hidden email]>:
>>
>> > If you still want to continue with doing this, chances are the best bet is
>> > to obfuscate the source before compilation and distribution. That would make
>> > it harder to understand - but not impossible.
>>
>> On a Un*x system, you can simply mark the executable execute-only.
>>     chmod go-rw+x myprog.lua
>>
>> I.e. only the root user can change, copy or reverse-engineer it,
>> but anyone can run it. You don't even need to compile the Lua
>> script, a shebang turns any Lua source file into an executable.
>
> kamon!
> anyone with two bits and an adb(1) can has access to the script
> that is executable!
> in the worst case -- have you heard about those things called
> signals and core dumps?
> cu

The question seemed to be at the level of people playing
computer games, not that of serious pirates or even of people
who jailbreak smartphones.

If one's opponent is any hacker worth the name, not even the
US Department of Defence is safe.

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Bernd Eggink
In reply to this post by Dirk Laurie-2
Am 19.01.2017 um 10:49 schrieb Dirk Laurie:
> 2017-01-19 11:10 GMT+02:00 Charles Heywood <[hidden email]>:
>
>> If you still want to continue with doing this, chances are the best bet is
>> to obfuscate the source before compilation and distribution. That would make
>> it harder to understand - but not impossible.
>
> On a Un*x system, you can simply mark the executable execute-only.
>     chmod go-rw+x myprog.lua

No, that won't work. Any script or executable has to be readable to be
executed.

- Bernd

Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Hisham
In reply to this post by Charles Heywood
On 19 January 2017 at 07:10, Charles Heywood <[hidden email]> wrote:
> First - the compiled Lua source is NOT portable. You can't guarantee that it
> works between machines. Machines that don't support certain things will fail
> if the bytecode is not compatible with bytecode that would be generated on
> that machine.

You mean that it is not portable across architectures, right? People
do distribute bytecode across machines.

-- Hisham

hz
Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

hz
In reply to this post by Jean Marc VENET
cocos2d will encrypt the compiled script, you can reference their solution.

/hz

发自我的 iPhone

> 在 2017年1月19日,上午12:24,JM Venet Magic.fr <[hidden email]> 写道:
>
> Hello,
>
> I've coded a lua script and compiled it to a .bin file ...
>
> I search a way to protect this .bin file to avoid that the users copy and use this .bin on other computers .
>
> Is it possible, per example with a registration under an encrypted key of the HDD serial number in the registry ?
>
> If OK, how to do it ?
>
> Thanks for replying
>
> JM Venet
> <jmvenet.vcf>


Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Rena
In reply to this post by Jean Marc VENET
On Jan 19, 2017 3:25 AM, "JM Venet Magic.fr" <[hidden email]> wrote:
Hello,

I've coded a lua script and compiled it to a .bin file ...

I search a way to protect this .bin file to avoid that the users copy and use this .bin on other computers .

Is it possible, per example with a registration under an encrypted key of the HDD serial number in the registry ?

If OK, how to do it ?

Thanks for replying

JM Venet

What you're looking for is called DRM and doesn't really relate to Lua itself. You can encrypt/protect your data file however you like, but your app will need to decrypt it in memory before passing it to Lua. So ultimately the encryption method doesn't have anything to do with Lua.

I wouldn't recommend anything more complex than encrypting the file using a key derived from the system (eg disk serial number). That will be enough to prevent "casual" piracy (where non-technical users share files, maybe accidentally). If someone really *wants* to bypass your protections, there's not much you can do to prevent it - even multi-million-dollar industries have that problem.
Reply | Threaded
Open this post in threaded view
|

Re: Protect a lua script which has been compiled

Nagaev Boris
In reply to this post by Jean Marc VENET
On Thu, Jan 19, 2017 at 8:24 AM, JM Venet Magic.fr <[hidden email]> wrote:

> Hello,
>
> I've coded a lua script and compiled it to a .bin file ...
>
> I search a way to protect this .bin file to avoid that the users copy and
> use this .bin on other computers .
>
> Is it possible, per example with a registration under an encrypted key of
> the HDD serial number in the registry ?
>
> If OK, how to do it ?
>
> Thanks for replying
>
> JM Venet

I made a tool called luacryptor [1] which can encrypt lua source or
bytecode. There is a mode of operation which encrypt each function
individually.

[1] https://github.com/starius/luacryptor


--
Best regards,
Boris Nagaev