Ruby Obfuscator

Ruby obfuscator

There are a few options, like RubyScript2Exe or AllInOneRuby. However, all obfuscators of interpreted languages tend to have a serious flaw: they usually don't understand more sophisticated metaprogramming techniques.

That is, they can't necessarily tell that something like foo.send(:bar, ...) is an invocation on the bar method in a completely different library, or that eval("require %w{abc def ghi}") means to require three different libraries. These are trivial examples -- things get much more complex when you throw method_missing and its ilk into the mix.

When an obfuscator encounters this sort of code, it will dutifully compile the appropriate instructions, but it may not know to also include certain libraries or other code from elsewhere. That can cause serious issues, since the dynamically included or required will not be available at runtime in a statically linked executable.

Unfortunately, many gems and libraries use sophisticated metaprogramming techniques. You'll likely get into trouble here if you try to use obfuscation and expect your program to have the same behavior. Worse still, because there are so many levels of indirection, if a bug occurs in the obfuscated version, you may never know what exactly happened or how to reproduce it.

Ruby code obfuscation

Write a native extension in C, putting your sensitive code in there, along with enough of the program's critical logic to make the extension essential to the program's execution.

That doesn't make it impossible for someone to bypass or reverse engineer your sensitive code, but it does make it harder. Also, there are better techniques for making compiled code harder to reverse engineer than there are for making Ruby code hard to reverse engineer.

Ruby on Rails source code security / obfuscation

Similar to Matt Briggs's point is that if you don't trust your web host, you're addressing the wrong problem.If your web host wants to steal your data, cripple your website, redirect your users, etc., nothing can stop them. Even if the code is fully compiled binary code written in assembler, your admin could still find a hack, replace resources, or replace your code altogether. Moral of the story, find a web host you trust, don't bother obfuscating your code

Compiled or obfuscated Ruby

This is code compiled to a Ruby Virtual Machine. It is using the iseq gem which exposes the private method RubyVM::InstructionSequence::load.

You can't extract the original source code from it, but the debugger should work. You can read the compiled code in something like a human readable form with RubyVM::InstructionSequence#disassemble. Assuming Marshal.load returns a RubyVM::InstructionSequence object, this should do it.

require 'iseq';puts RubyVM::InstructionSequence.load(Marshal.load(File.read(__FILE__,nil,161))).disass‌​emble

Regex to obfuscate substring of a repeating substring

Given:

> s
=> "abc_1234 xyz def_123aa4a56"

You can do:

> s.gsub(/(?<=abc_|def_)(.*?)(..)(?=(?:abc_|def_|$))/) { |m| "*" * $1.length<<$2  }
=> "abc_*******z def_*******56"

obfuscate id in Rails with begin range

The reason why the id is small is because the UUID string is being converted into an integer. Use SecureRandom.random_number(100000000000) instead.

You need to check if the number is bigger than 1000000 and not already in the system.

before_create :generate_random_id

private 

def generate_random_id
  while self.id.nil? || Model.find_by_id(self.id) do
    self.id = SecureRandom.random_number(100000000000) + 1000000
  end
end 

OR

Use uuid as the native id. Postgresql supports this natively pretty well with an extension:

CREATE EXTENSION pgcrypto;  
CREATE TABLE mymodel(  
   id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
   ...
);

obfuscate emails with ruby to protect against harvesters

Whats wrong in using sub or gsub to achieve the same

"example@example.com".sub("@","-at-") #=> example-at-example.com
"example@example.org".sub("@","{at}") #=> example{at}example.org

---

Related Topics