Open Design and Integration Environment

Obfuscating Source Code in Toadkit
Bounty program for improvements to Tcl and certain Tcl packages.
Tcl 2018 Conference, Houston/TX, US, Oct 15-19
Send your abstracts to or submit via the online form
by Aug 20.

Toadkits include several tools to allow developers to obfuscate the Tcl source code embedded in a VFS. Toadkits take the approach of ONLY obfuscating individual files. The reasons are many, and should be obvious to anyone familiar with encryption.

Toadkits include odielb, which generates a random password and embeds it in C. That secret key is available in the build system as "password.txt" in the build directory. (You can also provide a manual password by replacing the contents of that file with your own chosen string.)

Also embedded in odielib is the following command: ::kit::crypt_eval. This command can directly execute a block of code that was obfuscated with the embedded key.

The kit also has a built in function to generate an obfuscated block of code: ::kit::encrypt. The default implementation uses a bare kit compiled without an attached VFS to act as a shell to run the scm-copy.tcl script distributed in the scripts folder.

Instead of copying the files into the VFS directory, the make system build an obfuscated version in the VFS, using this block of code:

  set VFS [file join $CWD toadkit.vfs]
  file mkdir $VFS
  # Copy in our "secret squirrel" code
  set SCMCOPY [list ::exec [BASEKIT define get tclkit_bare] [file join $::SRCDIR scripts scm-copy.tcl]]
  {*}$SCMCOPY [file join $::SRCDIR src] ${VFS}