retrieve livecode code from standalone desktop app
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller
-
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: retrieve livecode code from standalone desktop app
Besides, the essence of building a standalone is just combining the stack file with the runtime engine. All the "disassembler" does is find the markers that Dr. Raney used to be the starting and ending points of the stack data within the EXE, extract the contents in between, and save it to a file.
With the engine revisions later on (v4.x?) so much of standalone building changed, not quite so simple to extract the original stack file data.
But definitely not a problem in any sense, technical or otherwise, since anyone wanting to protect code should be using stack passwords.
With the engine revisions later on (v4.x?) so much of standalone building changed, not quite so simple to extract the original stack file data.
But definitely not a problem in any sense, technical or otherwise, since anyone wanting to protect code should be using stack passwords.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Posts: 361
- Joined: Wed Apr 27, 2011 2:12 pm
Re: retrieve livecode code from standalone desktop app
I know this is a old thread, but...
Is there any way today to decompile a livecode compiled stand-alone software program? I know it gets encrypted when its compiled, so I sure hope it is IMPOSSIBLE to decompile.
However, someone allaying my fears would be nice.
It is imperative that our Livecode software be as unhackable as possible.
Looking at the .exe in Notepad++ yields no information about our software. There's some stuff about runrev, but none of our code/text seems to be showing. Phew!
Mike
Is there any way today to decompile a livecode compiled stand-alone software program? I know it gets encrypted when its compiled, so I sure hope it is IMPOSSIBLE to decompile.
However, someone allaying my fears would be nice.
It is imperative that our Livecode software be as unhackable as possible.
Looking at the .exe in Notepad++ yields no information about our software. There's some stuff about runrev, but none of our code/text seems to be showing. Phew!
Mike
-
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: retrieve livecode code from standalone desktop app
"Possible" is a very large scope. "Practical" seems more achievable. How might one define either?It is imperative that our Livecode software be as unhackable as possible.
The bigger game companies will spend literally millions hiring the best minds in the business to build their anti-piracy mechanisms. And the best they hope for from all that effort is to slow the time-to-crack to 90 days.
LiveCode provides stronger options than most scripting languages (I'm not aware of any way to protect Python, PHP, JavaScript, Ruby, or others at all), but LC Ltd. cannot change how computing works.
Everything is hackable. All executable code in any language can be reverse-engineered via RAM dumps, disassemblers, and other tools.
Yet the software industry continues to thrive.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: retrieve livecode code from standalone desktop app
As an EFL teacher (English as an Effing Language), I am well aware that the vast majority of EFLYet the software industry continues to thrive.
operations use photocopies of copyright EFL books to a lesser or greater extent; this does not stop the HUGE EFL textbook industry thriving: so, while one can get a "warm fuzzy" about being moral, I sometimes wonder if one might be better using the energy one spends getting all hot-and-sweaty about this sort of thing on more productive stuff.
-
- VIP Livecode Opensource Backer
- Posts: 7215
- Joined: Sat Apr 08, 2006 8:31 pm
- Location: Minneapolis MN
- Contact:
Re: retrieve livecode code from standalone desktop app
Nothing is impossible but it is very difficult to decompile a LC standalone. I remember when the new format was introduced and Mark Waddingham was tasked with the job of decompiling one. It took him a very long time to figure it out, and he was the one who wrote it in the first place. If the author had a problem with it, I'd guess hackers would find it almost impossible.karmacomposer wrote: ↑Fri Sep 07, 2018 10:53 pmIs there any way today to decompile a livecode compiled stand-alone software program? I know it gets encrypted when its compiled, so I sure hope it is IMPOSSIBLE to decompile.
Be sure to set a password on the stack.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: retrieve livecode code from standalone desktop app
The reason people don't seem to bother writing viruses for Macintosh or Linux systems seems to be that the whole thing is far, far more complicated and time-consuming than writing them for Windows.It is imperative that our Livecode software be as unhackable as possible.
So, personally, I try to make my software sufficiently complicated that the average hacker thinks "can't be bothered" and goes elsewhere.
However: with TIME and that great motivator, MONEY . . . I'm sure a competent programmer can hack their way through anything.
Re: retrieve livecode code from standalone desktop app
Huh, I would tend to think it is more a ROI than a complication thing, based on which OS has the highest number of -richmond62 wrote: ↑Sat Sep 08, 2018 6:29 pmThe reason people don't seem to bother writing viruses for Macintosh or Linux systems seems to be that the whole thing is far, far more complicated and time-consuming than writing them for Windows.
- potential victims (targets) and
- most potential rewards as a byproduct of use
Regardless of how you or I might feel about Windows personally, there is little doubt that the greater amount of systems runs on it, as seen here, outside of mobile/web clients and servers - If your looking for a target, then Windows is the obvious platform to write malware for since, aside from your average consumer, the greater bulk of governments, banks, hospitals, etc run it. OSX has climbed considerably in this ranking from where it was only a few years ago, but is still little more than a blip on the radar in real numbers.
When it comes to mobile, Android becomes the prime target for the same reasons.
Re: retrieve livecode code from standalone desktop app
RichardG wrote:
Jim Lambert
Now that would look good on a T-shirt.Everything is hackable.
Jim Lambert
-
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: retrieve livecode code from standalone desktop app
I tried to order one, but the fulfillment site got hacked.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Posts: 361
- Joined: Wed Apr 27, 2011 2:12 pm
Re: retrieve livecode code from standalone desktop app
It's just that we need to keep data breaches to a minimum.
But I took a look at the encrypted code in notepad++ and it was reasonably unreadable.
Does anyone know if there is decompiler software available to anyone that could potentially decompile livecode's compiled, encrypted and password protected executeables?
Thanks.
Mike
But I took a look at the encrypted code in notepad++ and it was reasonably unreadable.
Does anyone know if there is decompiler software available to anyone that could potentially decompile livecode's compiled, encrypted and password protected executeables?
Thanks.
Mike
-
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: retrieve livecode code from standalone desktop app
All executable code in any language can be reverse-engineered via RAM dumps, disassemblers, and other tools.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
-
- Livecode Opensource Backer
- Posts: 9287
- Joined: Fri Feb 19, 2010 10:17 am
- Location: Bulgaria
Re: retrieve livecode code from standalone desktop app
Yes, well, we could go on a real cosmic OT journey on that one: but to no avail I'm afraid.Regardless of how you or I might feel about Windows personally
Re: retrieve livecode code from standalone desktop app
karma, the main problem with your question as Richard has pointed out at least twice is that there is no way to accomplish what your talking about in any language, depending on the skill of the person looking to disassemble your program.
A text editor, such as Notepad++, is (at best) only going to show you whatever is in text in the program, provided you don't get an error trying to open the binary in a text editor to begin with.
If you were, for example, to open a stack file in it, you will see a great deal of actual code, mixed with scrambled ascii where the binary bits are (again, provided the editor can open the file without error), such as what you see below... ...and here is Googles Sketchup installer .exe opened in that same text field... ... but when someone is thinking of taking a look at how a program executes with the goal of de-compiling or reverse engineering it, they are far more likely to be using a way to look at the assembly instructions moving through the registers, or a hex editor, dumps as Richard mentioned, or something like that.
Here is a light article on the topic that is pretty understandable for the layman, and here is the summary just in case your not really interested in going through the whole thing -
A text editor, such as Notepad++, is (at best) only going to show you whatever is in text in the program, provided you don't get an error trying to open the binary in a text editor to begin with.
If you were, for example, to open a stack file in it, you will see a great deal of actual code, mixed with scrambled ascii where the binary bits are (again, provided the editor can open the file without error), such as what you see below... ...and here is Googles Sketchup installer .exe opened in that same text field... ... but when someone is thinking of taking a look at how a program executes with the goal of de-compiling or reverse engineering it, they are far more likely to be using a way to look at the assembly instructions moving through the registers, or a hex editor, dumps as Richard mentioned, or something like that.
Here is a light article on the topic that is pretty understandable for the layman, and here is the summary just in case your not really interested in going through the whole thing -
Disassembling, Decompiling and Modifying executables wrote: So it is actually not so hard to crack an application
Yes, it’s not. With the difference that this process in an actual application will be more time-consuming. Do you know a single popular stand-alone application that has not been cracked ? That is why you need to think of better ways of protecting your software. Understand one simple thing :
Every application can be cracked, if you have access to its native image, just like every computer password can be broken, if you have physical access to the machine.
Of course, there are techniques that allows us to slow an attacker down, which might or might not be enough. But "slowing" doesn't mean "preventing", and that's a topic of another article.
-
- VIP Livecode Opensource Backer
- Posts: 9802
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: retrieve livecode code from standalone desktop app
Code that can be executed through a processor must conform to the expectations of the processor. Familiarity with the processor's instruction allows converting code from binary form into human-readable Assembler. Some tools can even turn Assembler into C. It's not good C, in terms of how you'd want to manage a code base, but if the algorithms are of such rare value that it's worth doing this it's better than nothing, and provides a foundation where an experienced programmer can then rewrite it into more productionable form.
Remember the old mantra of security: physical access = root. Access to anything running on a machine physically in your hands is limited only by your imagination, experience, and available time.
This is a feature of computing, rather than a bug. It's your computer. You should be able to know what it's doing. OSes make understanding what software is doing ever harder, but as every security discussion yields, such efforts only slow down that understanding. As long as code can be executed, that execution can become knowable.
If you don't want to the user to learn your algorithm, put the algorithm somewhere other than the user's machine.
If you have a security need beyond those of most software, one solution is to convert that algorithm to a network service: move the sensitive parts from the computer to a server, and establish an API where your local program sends inputs for the algorithm to the server, and uses the outputs from the server, but does not have the code for that algo on the user's machine at all.
This of course introduces its own security concerns, and may or may not be practical given the workflow requirements of a given app. But network services are common enough to inspire consideration, and any algorithm warranting such unusual considerations as discussed here would seem valuable enough to warrant the additional expense and workflow limitations of moving local functionality to the network, securing those communications, and sufficiently hardening the server.
Remember the old mantra of security: physical access = root. Access to anything running on a machine physically in your hands is limited only by your imagination, experience, and available time.
This is a feature of computing, rather than a bug. It's your computer. You should be able to know what it's doing. OSes make understanding what software is doing ever harder, but as every security discussion yields, such efforts only slow down that understanding. As long as code can be executed, that execution can become knowable.
If you don't want to the user to learn your algorithm, put the algorithm somewhere other than the user's machine.
If you have a security need beyond those of most software, one solution is to convert that algorithm to a network service: move the sensitive parts from the computer to a server, and establish an API where your local program sends inputs for the algorithm to the server, and uses the outputs from the server, but does not have the code for that algo on the user's machine at all.
This of course introduces its own security concerns, and may or may not be practical given the workflow requirements of a given app. But network services are common enough to inspire consideration, and any algorithm warranting such unusual considerations as discussed here would seem valuable enough to warrant the additional expense and workflow limitations of moving local functionality to the network, securing those communications, and sufficiently hardening the server.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn