Code Protection in Standalone Binary during Deployment

Hello,

I am experimenting with the most suitable way for deploying my Prolog tool. So far, I want to host it somewhere in the cloud as a standalone executable with obfuscated code.

From the documentation (Creating executables on Unix/Linux), I used the following to create the executable.
$ swipl --stand_alone=true -o my_tool -g main -c my_tool.pl

My understanding is that the knowledge base contained in my_tool.pl is attached to the swipl binary as some sort of saved state.

But I still do not know how to obfuscate the code prior to that.

From the documentation (Protecting your code), the option obfuscate(true) is used with qsave_program/2 to make the code harder to reverse-engineer.

My question is: how do I create a saved stated for the program? Where do I set the obfuscation flag? and how do I instruct the binary-creation process to use a specific saved state (one with the code obfuscated)?

Thank you.

1 Like
41_> swipl -o lazy --stand_alone --obfuscate -c lazy.pl 
% Obfuscating predicates names (conservative) ...
% Obfuscated 13 predicate names

All qsave_program/2 options are simply mapped to --option[=value], where the default value for boolean options is true.

Note that the obfuscation is extremely conservative. In practice it mostly applies to predicates that are local to a module and whose name does not appear as an atom anywhere else in the program.

1 Like

Thank you very much,

It managed to obfuscate 3 predicates. That’s really conservative.

Saying that obfuscation mostly applies to predicates that are local to a module, what is a “module” in this context? A Prolog file? In my case, I have a main file that loads tens of other files. Does this mean that obfuscation only processes predicates in the main file?

It obfuscates predicates where the sole usage of an atom is to name this one and only predicate. That is really conservative, but if the atom is used elsewhere anyone may use call/N to call the predicate. It was a short exercise, getting the infrastructure for obfuscating in place. Proper obfuscation should do much more code analysis to find a much larger approximation of what can be obfuscated. It has not my priority though. I’d expect someone will sooner or later do it or pay someone to do it.

1 Like

Thank you :slight_smile: