Of course names that are part of APIs are not mangled otherwise the program will work incorrectly. APIs can be standard (builtin language functions) or user-defined (for 3rd-party libraries that the developer decided not to obfuscate). Names of symbols that are part of APIs are referred to as "obfuscation exceptions" or simply "exceptions".

The following obfuscation methods are supported:

• Md5 sum with user-specified "salt": sample replacement is zd7b6a02ec5. The salt, number of characters from hexified version of md5 sum and a prefix ("z" in the sample above) are the options of this mangler;
• Combinations of characters from a user-specified set: e.g. if set is "l" and "I" (i.e. capital 'i' and small 'L'), it will generate names like "lIIlllIl". If the set is all lowercase letters, names like "bjhepjsdlrf" will be generated. Manglers take three options: a set of characters, salt string and length of resultant name;
• Shortest possible symbol name (great for minimizing output size) - so-called Perl compression mode. All Perl in the project will be studied and symbol use count calculated.
• Prefixing symbol: listOfCustomers becomes; MyPrefix_listOfCustomers — great for debugging, since all error messages identify which symbol in the input file caused the problem;

The results of all the methods (called "symbol name obfuscators" or "symbol manglers" in documentation ), except the last one (listOfCustomers-> MyPrefix_listOfCustomers) cannot be reveresed. This guarantees obfuscated Perl code cannot be recovered and makes it hard to analyze,

All "symbolname manglers" can be applied to Perl Protection Projects consisting of an arbitrary number of files.

Mapping between the original and replacement symbol names are stored along with the project so developers can always recall the original name of symbol.

Users have an option to manually specify symbol replacement.

Users have an option to specify symbols that shouldn't be renamed (lists can be attached to each individual file). Strictly speaking, there are 2 types of such lists, ones in which symbols are checked case-sensitive, and others in which symbols are checked case-insensitive.

Users can also define lists of suffixes that should be kept in symbols as-is (so everything before the suffix is mangled, while keeping suffix the same) — that is if _onClick is in the list of such suffixes to keep and md5 symbolname mangler is active, then openBtn_onClick it will be replaced with something like zd8ac37d6e_onClick, Lists of symbols for standard interfaces used by Perl are shipped with Perl Obfuscator. Users can easliy disable some of the "exceptions" in these shipped lists by listing some symbols as "antiexceptions" (these can be individually specified for each Perl file in the project).

There is an option of storing a symbol map as a comment inside protected version of each file.

Obfuscation of numeric constants make code harder to read - e.g. iteration from 1 to 5 will be totally non-obvious if loop limits are obfuscated this way.

The replacement expression can be made different even for the same constant, but in different places in your code (e.g. in one place and (0xd99+5451-0x21fc) 2 lines below it), or it can be the same for a given numeric constant. This makes analysis of changes between different builds of your code more difficult.

Of course there is an option not to obfuscate numeric constants.

This obfuscation stage makes the Perl code more difficult to understand at a first glance, more difficult to search for error messages and so on.It slightly increases the size of the code, though.

International characters in the strings will be left as is. There is also an option to replace strings with expressions that are create from individual characters using character codes, e.g. "cust" will look like this: (join("",map { chr($_); } ((0x04f8+ 8150-0x246b),(0x04eb+ 397-0x0603),(0x0783+ 1026-0x0b12),(0x0331+ 2600-0x0ce5)))) or (join("",map { chr($_); } (99,117,115,116))) . Of course it will increase size of your obfuscated code even more.

There is also an option to not obfuscate strings at all.

Perl Obfuscator automatically puts parenthesis around expressions in the code to make them more confusing to read.

Perl Obfuscator applies obfuscation to variables used in string interpolation. Strings with variable interpolations are automatically converted into concatenation operations that involve constant strings parts and variables. This makes your code even more difficult to read.

Comments can be completely removed. Since Perl Obfuscator is very flexible and powerful tool, there are other ways to obfuscate them (besides keeping them as is):

• Leave only newlines in the comments. I.e. comments will span same number of lines but there won't be any text in them. This will keep line numbers of the protected code same as in original code (if you specify newlines in the protected code are not to be removed),
• Replace all characters but newlines with 'x'
• Replace all characters but spaces and newlines with 'x'

This Perl obfuscation stage removes all spacing and identation in the code. This makes the code more difficult to read, and greatly reduces its size.

This step won't do anything with linebreaks in the code.

Of course this stage is optional.

This Perl obfuscation stage turns all the code into single line. Statement separators will be inserted in the appropriate places. This makes even looking at code difficult, since the viewer will have to scroll back and forth.

There is a setting to rewrap the code into several lines, each being no longer than specified number of characters.

Sometimes it's better not to apply this step if your code is not well-debugged and you wish error messages to contain line numbers matching your original code.

Of course this stage is optional.

Encoding means hiding Perl code by converting it into a special form that completely hides program structure. It also adds special advanced code that will decode the encoded script at runtime and execute it. Since the decoding code is automatically included into each protected file, no standalone decoders or interpreters are needed for running protected files.

By default, encoding is applied to the result of obfuscation, but it's possible to apply encoding to original source directly. This allows effortless code hiding that does not require any adaptation of the Perl code.

Of course this stage is optional too.

See samples for how encoded Perl looks like.

Perl Obfuscator is a suite of Perl applications. The Windows version includes Perl interpreter and all necessary files. Perl interpreter is already preinstalled on Mac OS X, Linux and most Unix OSes, so the package for Mac OS X and Linux/Unix is the same and doesn't include any Perl interpreter (it utilizes Perl already installed in the system and uses no non-standard modules).

By default, Perl Obfuscator encodes the result of script obfuscation, which makes studying even the structure of the code much harder (the number of functions, presence of conditionals and so on). Encoded Perl still runs on any compatible Perl interpreter.

The encoding performed by it cannot be undone by the majority of Perl decoders on the market.

It is possible to encode only a subset of the files of a Perl project.

It is also possible to encode only selected parts of the source code by activating special functionality of Perl Obfuscator.

Perl Obfuscator has a state of the art support for checking licensing conditions:

• making obfuscated and encoded Perl scripts expire (i.e. scripts will stop working after particular date), with ability to select the current time source;
• binding to server (single allowed host name, list of hostname tails, regular expression a server name must match) with ability to select the source of server name ;
• user-implemented checks that allow the implementation of any other checks (like making scripts not work on Sundays);

All licensing checks are assigned to a block of code by means of a special initialization code. Without this code, the Perl code won't work correctly. As well, the whole block of Perl code is encoded to protect it from analysis and modification. Removing this block of code from the script body will make the script malfunction.

See more details here.

Obfuscation Project Manager uses the concept of projects as a way to describe lists of files and protection options for Perl . Each Perl obfuscation project has several Perl protecting modes that specify settings to be used to obfuscate the Perl code .

A single Perl protecting mode can be attached to a given file; modes inherit settings from other modes (typically predefined ones) which requires very little effort to configure protection for the project. The mode concept allows the handling of some files in the project as files that have one set of symbols that should not be mangled, the other files - with another set of symbols that should not be mangled, and other group of files - as static files that are either copied as is to output directory, or are not copied at all. Modes also specify whether or not to encode Perl, so each Perl obfuscation project can partly contain files that have been Perl encoded and other Perl parts that have not been encoded, but are still obfuscated. Files with obfuscated Perl can have different copyright headers than other files; the mangling of strings or comments can also be performed differently in different files in the project.

Obfuscation Project Manager is designed to be a more convenient alternative to Makefiles so it has functionality present in all IDEs for managing the project - i.e. Build, Rebuild Changed, Clean operations.

Users who prefer to use the command line interface or single-click obfuscation and encoding of Perl and html in an entire project are able to compose a so-called build script. A build script is a special project-specific perl program that is a smart stand-alone replacement for a project-specific Makefile which already includes the functionality of the Make utility. For a project using Obfuscation Project Manager for Perl Obfuscator, just invoke that buildscript to perform operation such as cleaning all output files, reprotecting only changed files or reprotecting all files (with ability to specify only a subset of files).

You can see Perl Obfuscator Project Manager running on our site in demo mode (destructive and editing operations are disabled in it).

A special obfuscation mode is present in Perl Obfuscator that quickly adapts projects for obfuscation. When this mode is active, all symbols are prefixed using the same user-specified string (e.g. listOfCustomers becomes MyPrefix_listOfCustomers) thus making it easier to understand the error messages the script interpreter generates. Also, when this mode is active whitespace removal and integer and string mangling are turned off. There is no need to waste valuable time performing the trial-and-error process of obfuscation preparation!

Due to the unique ability to extract symbols from html files (that allows the extraction of the ids of html elements and names of form fields) and the unique ability to extract all symbols exported by a given ActiveX or OCX control — not available with any other products — the preparation process is as short as possible.

The following ways of generating obfuscated names are supported:

• prefixing symbol: listOfCustomers becomes; MyPrefix_listOfCustomers — great for debugging, since all error messages allow instant recovery of the symbol in the input file that caused the problem;
• using md5 sum with user-specified "salt": sample replacement is zd7b6a02ec5;
• using combinations of characters from a user-specified set: e.g. if set is "l" and "I" (i.e. capital 'i' and small 'L'), then names like "lIIlllIl" will be generated;
• shortest symbol name possible (great for minimizing output size) - so-called Perl compression mode.

All these ways (called "symbol name obfuscators" or "symbol manglers" in documentation ), except the first one (listOfCustomers-> MyPrefix_listOfCustomers) are irreversible. This guarantees that obfuscated Perl is unrecoverable and difficult to analyze.

All "symbolname manglers" can be applied to Perl Protection Projects consisting of an arbitrary number of files.

Mapping between original and replacement symbol names is stored along with the project so that the original name of a symbol can always be recalled.

Users have the option to specify symbol replcement.

Users have the option to list symbols that shouldn't be renamed (can be file specific). Strictly speaking, there are 2 types of such lists: ones in which symbols are checked case-sensitive, and others in which symbols are checked case-insensitive. Users can also define lists of suffixes that should be kept in symbols as-is (so everything before the suffix is mangled, while keeping suffix) — eg - if _onClick is in the list of suffixes to keep and md5 symbolname mangler is active, then openBtn_onClick it will be replaced with something like zd8ac37d6e_onClick, A symbols for standard interfaces used by Perl are shipped with Perl Obfuscator. User can easliy disable some of the exceptions in these shipped lists by designating some symbols as "antiexceptions" (these also can also be specified for each Perl file in the project).

There is an option to store a symbol map as a comment inside the protected version of each file.

Perl Obfuscator, unlike other Perl obfuscators or encoders, was designed with multi-file complex projects in mind. This means that with the same set of obfuscation parameters given to a Perl symbol name will be obfuscated to the same name independant of its position and file location.

In case some of the input files are changed, users can reprotect and redeploy only that file, without the need to reprotect entire Perl project.

Perl Obfuscator also has support for code that uses eval() or any other statement that uses string containing names of variables or methods. Once properly marked up (by splitting the string into an expression that joins parts of the string and turning parts that contain only the name of variables or methods into calls of a special function), names of variables and functions in the string will be obfuscated properly. This allows the obfuscated Perl code to work as the original. This functionality was first introduced in Perl Obfuscator among all obfuscators for Perl. This manual "markup" gives 100% stability accross project rebuilds and is much more useful than automatic guesswork performed by other obfuscators for Perl.

As with all Stunnix products, Perl Obfuscator suite has many options to tightly control each aspect of operation. GUI (Obfuscation Project Manager) and commandline interfaces are equally capable.

All names and semantics of commandline options are convenient and intuitive and follow GNU recommendations, forms in GUI are also easy to use and understand.

To get an idea of how many options are available, please view the online demo .

Among the variety of options that control each aspect of Perl obfuscation and encoding, are ones that make obfuscated non-encoded versions of the same Perl source code different from each other. This makes analysis of changes between different versions of the software much more difficult. Another use is distributing unique versions of the obfuscated Perl code to each customer - this way developer can track which customer violated license conditions that resulted in distribution of the product on the internet.

Key internal parameters of Perl encoding already depend on random values so the encoded version of the same file will be different on each run. Developers just have to run Perl Obfuscator to produce file specific to each customer.