On Wed, 11 Mar 2009 10:30:18 -0600
Use the same techniques to obfuscate this code as you're using to
obfuscate your native code.

B.

They are properly concerned. My advice would be to add some sort of
encryption to the byte code loader and compiler. If you're only worried
about authentication then the encryption could be limited to a hash of
the byte code stream at the end of each chunk being loaded. That would
allow post-processing of the compiled Lua byte codes.

I see a lot of other posts about "if they can get to the Lua they can
get to the C". That is not always true. In an embedded device it is
common to have some sort of console with a small language attached for
handling debugging or configuration. And it might also be common to have
loadable special-purpose pre-compiled binary chunks that are stored on
the client's host machine to be loaded when needed. While we don't do
that with our products (as yet!), we do have MIB configuration files
that act in a similar way. If we were to add the ability to run scripts
rather than just settings, we would be facing the same issues that your
management faces.

Given enough resources, it is always possible to get at the internals of
a device. But we're not talking about trying to beat NSA or anything -
just adding enough nuisance to make the breaking of the code more
trouble than its worth, in both effort and timeliness.

Doug
______________________________________________________________________________________
The information contained in this email transmission may contain proprietary and business
sensitive information. If you are not the intended recipient, you are hereby notified that
any review, dissemination, distribution or duplication of this communication is strictly
prohibited. Unauthorized interception of this e-mail is a violation of law. If you are not
the intended recipient, please contact the sender by reply email and immediately destroy all
copies of the original message.

Any technical data and/or information provided with or in this email may be subject to U.S.
export controls law. Export, diversion or disclosure contrary to U.S. law is prohibited.
Such technical data or information is not to be exported from the U.S. or given to any foreign
person in the U.S. without prior written authorization of Elbit Systems of America and the
appropriate U.S. Government agency.

If your app does not run Lua code provided by outside sources, then it's
pretty safe, as far as Lua is concerned. If your app does run user-provided
code, it does have to take special steps to make sure it does not mess with
your Lua environment, if you care about it. Then it's a matter of sandboxing.
But if your app runs user-provided Lua bytecode, then there are some holes
in the bytecode verifier that have been found recently. So, stick to running
user-provided Lua code in source form in a sandbox.
This is harder to avoid. Adobe Lightroom and The Sims don't seem worried about
this, but you can always encrypt the bytecode and decrypt it at load time.
But you're probably just inviting the hard-core hackers to break the encyption.

You can compile the Lua bytecode to native code and static compile that into
your application using llvm-lua. This will provide some obfuscation of the
Lua bytecode, with an added plus of faster Lua code.

Checkout the latest code here:
http://code.google.com/p/llvm-lua/source/checkout

The latest SVN code (I just committed the changes) has some new features:
* Stripping Lua opcodes from the native compiled Lua functions. Previous
versions still had the opcodes for tracebacks.
* Compiling lua files into loadable shared libraries (tested on linux, should
work on other plantforms).
* Support for embedding llvm-lua into other applications. Right now the
embeddable llvm-lua library requires linking the application with the LLVM
libs. I will try to make this optional later.

I will try to do a new llvm-lua release soon, maybe this week if my other work
doesn't get in the way.