Development and testing of (not *with*, *of*) the GNU Compiler Collection

Arch hvv | 16 Jun 2012 13:01

a fork of gcc is sold for $26k?

Hello,

Just found morpher dot com - it's based on GCC:

Morpher is a compiler driven obfuscation solution for
C/C++/ObjC/ObjC++. Being a compiler, our tool has much more structural
information than any other tool that works directly with binary
format. Therefore the abilities of Morpher's C++ source obfuscation
are much higher than any binary cryptor can suggest. Our algorithm
distorts the control flow graph in a controllable manner. We allow you
to tweak the size and speed limitations to make application protection
against reverse engineering most effective.

One of many Morpher's areas of applicability is DRM market. Our
software protection system allows obfuscating critical pieces of
access control code flexibly and without severe performance losses.
This effectively supplements your original copy protection scheme.

They sell it for $26k (if you select all options and all platforms).

Here http://stackoverflow.com/questions/4111808/c-c-compiler-generating-obfuscated-code
one of its developers explains more about it:

It is essentially a version of llvm-gcc with additional obfuscation
passes - you're supposed to use Morpher as a drop-in replacement for
gcc. Obfuscation passes include constant protection, cloning of basic
blocks and functions, CFG arches meshing and others; they are
described in the documentation section with examples of assembly.

It looks it's developed by people from parts of ex-Soviet Union.

(Continue reading)

headers

Jonathan Wakely | 16 Jun 2012 13:16

Re: a fork of gcc is sold for $26k?

On 16 June 2012 12:01, Arch hvv wrote:
> Have anybody inspected it? Is GPL violated in this case or not (e.g.
> do they provide all patches they've made to gcc)?

If it's based on llvm-gcc then it only uses GCC as the front-end so
there may be no reason to patch GCC.

headers

Michael Matz | 16 Jun 2012 20:24

Re: a fork of gcc is sold for $26k?

Hi,

On Sat, 16 Jun 2012, Jonathan Wakely wrote:

> On 16 June 2012 12:01, Arch hvv wrote:
> > Have anybody inspected it? Is GPL violated in this case or not (e.g.
> > do they provide all patches they've made to gcc)?
> 
> If it's based on llvm-gcc then it only uses GCC as the front-end so
> there may be no reason to patch GCC.

In case they link-edit against GCC frontend (or backend, or just generally 
GPL protected) files and distribute the resulting binary they still must 
provide their own code linking against those under a GPL compatible 
license.  I don't know of they do the former (or use llvm plugins), and if 
so, if they do the latter.  The FSF might want to know, though.

Ciao,
Michael.

headers

Ian Lance Taylor | 16 Jun 2012 20:26

Re: a fork of gcc is sold for $26k?

Arch hvv <arch.hvv <at> gmail.com> writes:

> Have anybody inspected it? Is GPL violated in this case or not (e.g.
> do they provide all patches they've made to gcc)?

If they provide the source code to anybody who purchases their package,
then they are doing nothing wrong according to the GPL.  I don't know
whether they do or not, but in the absence of evidence I see no reason
to assume they do not.  In particular, there is no requirement that they
make their source code available to the public at large.

That said, discussions of GPL compliance are off-topic for this mailing
list.  If you want to pursue this, please write to
licence-violation <at> gnu.org, as described at
http://www.gnu.org/licenses/gpl-violation.html .  Thanks.

Ian