[SOLVED] How to prevent sdxkit to unwrap back the TCL source code

How to prevent sdxkit to unwrap back the TCL source code

I am using sdxkit for wrapping my source code

$ ./sdx wrap Project

But i can easily unwrap it back:

$ ./sdx unwrap Project

which will give me back my whole source code. How can i prevent from unwrapping the code back? Any argument or option provided by sdxkit?

Solution

The only technology that is recommended for use for preventing extraction is the “Tcl Bytecode Compiler” that is part of TclDevKit, a commercial product by ActiveState. There are some other derivatives of the TclPro codebase that the “compiler” came from, but they're not updated to support the Tcl 8.5 and later as far as I'm aware. The result is then usually packaged into a starkit; you could use sdx to extract the compiled code, but it doesn't really help all that much.

Despite being called a compiler, it isn't; it's actually a bytecode serializer that uses a fairly strange format that is relatively resistant to disassembly (and the converse bytecode loader — tbcload — flags the code to prevent a whole range of accidental and deliberate information leaks). The actual compiler used is the same one that is built into Tcl. Indeed, compiling bytecode from Tcl source is actually faster than loading it with tbcload…

Note that there's no real open source version of this code, and no real appetite for producing one: for open source code — or purely internal deployments — there's no need to obscure more deeply; either you ought to want the code to be open (open source is open source!) or you're only packing things up for convenience of deployment and to stop people from accidentally breaking things. The only real value is in situations where you're deploying commercial code untrusted users, and then the shrouding of the code should be viewed in the context of using legal measures to prevent problems as well. In short, if you're not selling the code (or closely related services), you probably don't want the “compiler”; if you're not needing to shroud the code, packing in a starkit (or starpack) is enough. If you do need shrouding, you can also justify the cost of the commercial tool to do it.