Encrypt debug info

aus · May 26, 2022, 10:22am

I’m trying to encrypt the debug info when compiling by using the following command:

ERL_COMPILER_OPTIONS='[encrypt_debug_info]' mix compile

As suggested in the Erlang docs, .erlang.crypt is set to [{debug_info, des3_cbc, [], "%>7}|pc/DM6Cga*68$Mw]L#&_Gejr]G^"}].

When I decompile the .beam files using The BEAMdasm disassembler, I do not see any difference whatsoever between the encrypted and the not encrypted files. Am I missing anything?

Thanks!

al2o3cr · May 26, 2022, 3:44pm

Is that disassembler picking up the key from .erlang.crypt? Does it still work if you move that file?

aus · May 26, 2022, 7:36pm

Is that disassembler picking up the key from .erlang.crypt? Does it still work if you move that file?

yes, it does pick it up. If I remove it, I get ** (CompileError) mix.exs: no crypto key supplied.

al2o3cr · May 26, 2022, 7:42pm

To clarify, I meant remove the key after compiling with encryption enabled - something like this:

set up .erlang.crypt
run ERL_COMPILER_OPTIONS='[encrypt_debug_info]' mix compile
remove .erlang.crypt
start up the editor and try to use the disassembler

aus · May 26, 2022, 7:45pm

I just tried: the disassembled files look exactly like the one I get without encryption.

garazdawi · May 27, 2022, 9:33am

There should be a chunk in the .beam file called Dbgi (if it was compiled with debug_info). That is the chunk that gets encrypted by using encrypt_debug_info. None of the other chunks are encrypted. There is no way to encrypt the contents of any other chunk in a .beam file. So if your goal is to encrypt the code that the compiler emits there is no way to do that using the Erlang compiler. You will need to use some external tool.

NobbZ · May 29, 2022, 5:58pm

beamdasm is a disassembler, that means it just converts the bytes to readable “beam assembler” using written Mnemonics, rather than raw bytes.

It does not look at the debug info at all.