|1.||Strip the Perl binary to remove all symbols.|
|2.||Build the decrypt extension using static linking. If the extension is provided as a dynamic module, there is nothing to stop someone from linking it at run time with a modified Perl binary.|
Do not build Perl with -DDEBUGGING. If you do then your source can
be retrieved with the -Dp command line option.
The sample filter contains logic to detect the DEBUGGING option.
|4.||Do not build Perl with C debugging support enabled.|
|5.||Do not implement the decryption filter as a sub-process (like the cpp source filter). It is possible to peek into the pipe that connects to the sub-process.|
Check that the Perl Compiler isnt being used.
There is code in the BOOT: section of decrypt.xs that shows how to detect the presence of the Compiler. Make sure you include it in your module.
Assuming you havent taken any steps to spot when the compiler is in use and you have an encrypted Perl script called myscript.pl, you can get access the source code inside it using the perl Compiler backend, like this
Note that even if you have included the BOOT: test, it is still possible to use the Deparse module to get the source code for individual subroutines.
|7.||Do not use the decrypt filter as-is. The algorithm used in this filter has been purposefully left simple.|
19th December 1995
|perl v5.20.3||DECRYPT (3)||2015-07-26|