Hi all,

As the original OP of the question Renne on Twitter (@colmsmyth) please let me clarify more what I meant.  This is kind of for IP protection but also just to be a bit fancy really.  Is there a way that you could open a *.sas program and the code is already garbled or obfuscated etc, this would have been done via a saved macro or something like that.

However, I would then also want the ability to de-scramble it again by calling a save macro perhaps from saved shortcut button on the tool bar, perhaps prompting for a password before the de-scrambling happens.

So you know when you get a file in a particular format and you try to open it with the wrong application, it opens but it looks like webdings basically....thats kinda what i want

Cheers

Hi,

I took a stab at this.  It's rudimentary, but hopefully it's enough to get you going. It reads a SAS program one line at a time, and converts each character using a "key" which can be changed to your liking. It then writes each character out to an output file (obfuscated, if you will). You can call the same macro with an inverse (?) of the key to un-obfuscate it to another output file.

filename testfile '/<some path>/<some original program>.sas';
filename fileout1 '/<some path>/<some obfuscated program>.sas';

filename fileout2 '/<some path>/<un-obfuscated program>.sas';

%macro obfuscate(key=,filein=testfile, fileout=fileout1);
data garble1;
    infile &filein truncover length=linesize;
    file &fileout ;
    length record $80. asc_char_in varylen key 8.;
    varylen=80;
    key = &key; ;
    input record $varying. varylen;
    do i = 1 to linesize;
      asc_char_in=rank(substr(record,i,1));
      char_out= byte(asc_char_in + key);
      put char_out $1. @;
    end;
    put;
run;
%mend;
%obfuscate(key=_n_+7);
%obfuscate(key=0-(_n_+7), filein=fileout1, fileout=fileout2);

Hi Jason,

Great stuff....tried this out and works quite well, reversing did not quite bring back all the code identically especially for commented portions of the source code.

Now, further to my original post, my ideal situation is that write code, its validated, stored somewhere safe, then its obfuscated, and that obfuscated program would be recognized by SAS and would be run-able.

However I dont think SAS can do this other than with PWENCODE, i.e it knows what that scrambled code is as its a built in function etc.

Thoughts ?

EDIT: In fact if SAS could use the Oracle dbms_obfuscation_toolkit.DESDecrypt feature you could obfuscate the entire program, then read in the scrambled program and decrypt it on the fly to a self deleting temporary file for example which is run during the process...if that makes sense

I'm fairly certain with a little tweaking, you could make the "key" idea a bit more robust. I hope it was sufficient to give an idea of how it could work.

The PWENCODE procedure seems to only work for passwords, not entire program files.

Your Oracle obfuscation tookit idea looks like it could work, albeit with a bit of pl/sql coding that is out of my league - but it's a great idea if you don't mind storing the code in an Oracle table.

I really don't agree with hiding your code on purpose.  You will generate more actual problems than any potential problems you would have from just leaving the code in plain text.

But what is the problem with using compiled macros, compiled data datasets, etc?  What is it that you want to hide that you cannot hide that way?  Not really much different than shipping compiled binaries without source code in terms of hiding.

I can see why one would want to do it - in some industries rather complete libraries of code exist that allow them to produce work faster than their competitors. Sometimes, there is lots of turnover too, between the competing companies, and a crafty individual might try and walk off with the code and become a hotshot at a competitor.

Thanks everyone for your opinion and advice, let me say though this is purely a topic i started with the intention of info gathering on the subject, I absolutely do not need to do this, nor probably allowed anyway in production.

But I wanted to see what was possible, and it looks like to a degree it is, even better would be a built in feature of SAS itself to actual obscure un-obscure the code via password prompt, but would be run-able either way.

Thanks everyone

C.

It's (pre-) compilation without storing the source in the same place and with suppression of log (eg. mlogic) what you can do in the way ForumAdmin@sas suggested.

...but loose the source code and you'll never be able to restore your stuff from the compiled versions anymore nor to change it in any way.