Call: +44 (0)1904 557620 Call
Features

PFCLObfuscate Features

PFCLObfuscate has its own Graphical User Interface (GUI) and all of the obfuscators features and configurations can be controlled from this interface. All of the PL/SQL source code for a schema can be downloaded and viewed and then chosen for obfuscation or not. The GUI allows full control and viewing of original source code and also obfuscated source code.

Here is an example of some of the PFCLObfuscate configuration:

PFCLObfuscate dynamic obfuscation feature

PFCLObfuscate was designed as a command line tool originally to allow it to be easily integrated into any existing build processes or scripts or indeed to be added as a user tool / plugin to existing GUI Database Development tools. PFCLObfuscate comes with simple command line tools that allow a complete set of source code files to be processed in one step. This command line use is still possible of course.

PFCLObfuscate is used to parse PL/SQL, SQL and SQL*Plus scripts and locate variables and function names and replace them with meaningless names that are very similar to each other to make it hard for an observer of the source code to understand the resulting obfuscated source code.

PFCLObfuscate features include the following:

  • Comment removal: Enable the removal of comments from the PL/SQL or SQL*Plus scource code via a simple configuration switch
  • Code compaction: Enable compacting to remove most white space from the source code. This is further enhanced by allowing the end user to choose the resulting line length of code lines.
  • Variable and identifier obfuscation: Enable obfuscation to change readable identifiers to unreadable values scrambling the meaning of the source code. Variables are scrambled randomly and you can control the length, first character and character set used.
  • Choose character set: Choose the character set used for the obfuscated variable names – i.e. OolLi01 would be a good set that when used generates variables that are hard to distinguish from each other.
  • Choose variable length: Choose the length of variables that are generated
  • Transpose list: Download all converted variables after obfuscation for reference
  • Support Obfuscated Code: For support issues related to your own code easy feature to allow reversal of your obfuscations to help see the original code
  • Command line: Command line for ease of integration with build tools/scripts
  • Line length: Choose output line length
  • Keywords: Add more keywords dynamically
  • Control the obfuscation process: Choose variables to not obfuscate
  • Obfuscate one or many source code files: Works on multiple source files allowing correlation across all files
  • Dynamically add omit lists: Omit public interfaces such as PL/SQL, TABLES, VIEWS and more with built in tools
  • Configuration: Fine grained configuration of the tool both in the GUI and at the command line
  • Control the obfuscation process: Omit strings from obfuscation by listing
  • Force obfuscation: Force obfuscation of variables if necessary
  • String obfuscation: Obfuscate strings in a number of ways
  • Types of obfuscation: Able to obfuscate PL/SQL functions, procedures, packages, types
  • SQL*Plus: Able to obfuscate SQL*Plus scripts
  • SQL hints: Omit SQL hints
  • Documentation: We have a user documentation manual and samples
  • Debug and trace: Debug and trace interface to help resolve configuration issues

How does it work: The tool is the equivalent to the front-end of a compiler. It reads SQL, SQL*Plus and PL/SQL files extracts source code tokens and obfuscates identifiers individually and also correlates the same variable names across your multiple source code files. If an API (Application Programming Interface) for instance is called TEST_PROC and it is obfuscated to a variable {random string for instance “oOiil0ll”} in the implementation and also the same {random string} variable is used in all files where the procedure TEST_PROC is used allowing correlation between source codes.

The character space used – i.e. the letters used in the variables is specified in the configuration as is the length of the variables to be generated. The PFCLObfuscate tool also compacts source code and removes comments.

PFCLObfuscate also has dynamic obfuscation to also automatically add your own code to create license type features such as limiting when your code can be run and by who and from where. You can also add tamperproof features to your code automatically to prevent it being modified by an attacker to defeat license type features. We provide a scriptable interface to PFCLObfuscate allowing PL/SQL code to easily be inserted at 6 different “hook” points within your PL/SQL. This provides a stronger string encryption and obfuscation of integers and also the ability to obfuscate standard and configurable package calls.