vlad.grb

vlad.grb

Obfuscation in Elixir/Erlang

Is there any way to protect and obfuscate my elixir application? Is it required at all? As I understood I can remove debug info but does it affect my application or updating process in the future?

Most Liked

OvermindDL1

OvermindDL1

Removing debug info is the way to do that, however the BEAM file is reverse engineerable, if you want something obfuscated then I’d say first of all you are using the entirely WRONG kind of ‘security’ (Security through obfuscation is not security), second that you are using the wrong language, and third, if you really need to, move the parts you need to protect to a native language over a port or something, but know that even machine code is pretty decompileable nowadays (I know very well, I used to do it a lot).

Obfuscation is NOT security and should NEVER be used for anything related to security. At best it might be a consequence of minimization in languages where that matters, but again Elixir is not one of those either.

Again, do NOT use obfuscation as protection, it is one of the stupidest things to do in any language (again, I have a LOT of personal experience in breaking those in native machine code, Java, even machine code secure VM’s that are common in, say, modern game copy protection are breakable and those are the top tier in that research right now).

In essence, if code needs to run, there is no amount of protection you can apply to it other that hardwiring it in a read-only chip that breaks apart if attempted to be taken apart while being scanner resistant. Running it on an operating system like Windows or Linux or Mac will NEVER EVER EVER be secure. All it takes is one person to decompile it and release the secrets.

However yes, removing debug info makes it change from ‘trivially decompileable’ to ‘it takes a lot more work’, but you also lose a whole host of functionality as well (mostly related to tracing/debugging/etc…/etc… of which different parts become more difficult and others become impossible) and you need to be fully aware what you are doing before you change those defaults.

The better questions are “Why?” “What are you actually trying to accomplish overall?”

NobbZ

NobbZ

Yeah, but encrypting my local drive does not help here :wink:

And to be honest, we sell our software accompanied by long term maintanance contracts, so we do get our money, independently of anything the client does :wink:

cmkarlsson

cmkarlsson

You can also encrypt the debug information. This means that if you have the key you can still have access to ilve debugging which is useful.

I agree but there are degrees in hell :slight_smile: While obfuscation is not security and can never be made secure it can raise the level of skill required to access it. For example you might block out script kiddies but fail at criminal enterprise. Obfuscation is the only thing you can use if you run on an open platform.

Where Next?

Popular in Questions Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
JulienCorb
I am trying to implement my new.html.eex file to create new posts on my website. new.html.eex: <h1>Create Post</h1> <%= ...
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
lucidguppy
I have a super simple question about elixir - how would I take a file like this foo bar baz and output a new file that enumerates th...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New

Other popular topics Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39297 209
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New

We're in Beta

About us Mission Statement