vlad.grb
Obfuscation in Elixir/Erlang
Is there any way to protect and obfuscate my elixir application? Is it required at all? As I understood I can remove debug info but does it affect my application or updating process in the future?
Most Liked
OvermindDL1
Removing debug info is the way to do that, however the BEAM file is reverse engineerable, if you want something obfuscated then I’d say first of all you are using the entirely WRONG kind of ‘security’ (Security through obfuscation is not security), second that you are using the wrong language, and third, if you really need to, move the parts you need to protect to a native language over a port or something, but know that even machine code is pretty decompileable nowadays (I know very well, I used to do it a lot).
Obfuscation is NOT security and should NEVER be used for anything related to security. At best it might be a consequence of minimization in languages where that matters, but again Elixir is not one of those either.
Again, do NOT use obfuscation as protection, it is one of the stupidest things to do in any language (again, I have a LOT of personal experience in breaking those in native machine code, Java, even machine code secure VM’s that are common in, say, modern game copy protection are breakable and those are the top tier in that research right now).
In essence, if code needs to run, there is no amount of protection you can apply to it other that hardwiring it in a read-only chip that breaks apart if attempted to be taken apart while being scanner resistant. Running it on an operating system like Windows or Linux or Mac will NEVER EVER EVER be secure. All it takes is one person to decompile it and release the secrets.
However yes, removing debug info makes it change from ‘trivially decompileable’ to ‘it takes a lot more work’, but you also lose a whole host of functionality as well (mostly related to tracing/debugging/etc…/etc… of which different parts become more difficult and others become impossible) and you need to be fully aware what you are doing before you change those defaults.
The better questions are “Why?” “What are you actually trying to accomplish overall?”
NobbZ
Yeah, but encrypting my local drive does not help here ![]()
And to be honest, we sell our software accompanied by long term maintanance contracts, so we do get our money, independently of anything the client does ![]()
cmkarlsson
You can also encrypt the debug information. This means that if you have the key you can still have access to ilve debugging which is useful.
I agree but there are degrees in hell
While obfuscation is not security and can never be made secure it can raise the level of skill required to access it. For example you might block out script kiddies but fail at criminal enterprise. Obfuscation is the only thing you can use if you run on an open platform.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








