retrieve livecode code from standalone desktop app

Got a LiveCode personal license? Are you a beginner, hobbyist or educator that's new to LiveCode? This forum is the place to go for help getting started. Welcome!

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: retrieve livecode code from standalone desktop app

Post by FourthWorld » Tue Aug 25, 2015 7:52 am

Besides, the essence of building a standalone is just combining the stack file with the runtime engine. All the "disassembler" does is find the markers that Dr. Raney used to be the starting and ending points of the stack data within the EXE, extract the contents in between, and save it to a file.

With the engine revisions later on (v4.x?) so much of standalone building changed, not quite so simple to extract the original stack file data.

But definitely not a problem in any sense, technical or otherwise, since anyone wanting to protect code should be using stack passwords.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

karmacomposer
Posts: 361
Joined: Wed Apr 27, 2011 2:12 pm

Re: retrieve livecode code from standalone desktop app

Post by karmacomposer » Fri Sep 07, 2018 10:53 pm

I know this is a old thread, but...

Is there any way today to decompile a livecode compiled stand-alone software program? I know it gets encrypted when its compiled, so I sure hope it is IMPOSSIBLE to decompile.

However, someone allaying my fears would be nice.

It is imperative that our Livecode software be as unhackable as possible.

Looking at the .exe in Notepad++ yields no information about our software. There's some stuff about runrev, but none of our code/text seems to be showing. Phew!

Mike

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: retrieve livecode code from standalone desktop app

Post by FourthWorld » Sat Sep 08, 2018 12:17 am

It is imperative that our Livecode software be as unhackable as possible.
"Possible" is a very large scope. "Practical" seems more achievable. How might one define either?

The bigger game companies will spend literally millions hiring the best minds in the business to build their anti-piracy mechanisms. And the best they hope for from all that effort is to slow the time-to-crack to 90 days.

LiveCode provides stronger options than most scripting languages (I'm not aware of any way to protect Python, PHP, JavaScript, Ruby, or others at all), but LC Ltd. cannot change how computing works.

Everything is hackable. All executable code in any language can be reverse-engineered via RAM dumps, disassemblers, and other tools.

Yet the software industry continues to thrive.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

richmond62
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 9287
Joined: Fri Feb 19, 2010 10:17 am
Location: Bulgaria

Re: retrieve livecode code from standalone desktop app

Post by richmond62 » Sat Sep 08, 2018 2:02 pm

Yet the software industry continues to thrive.
As an EFL teacher (English as an Effing Language), I am well aware that the vast majority of EFL
operations use photocopies of copyright EFL books to a lesser or greater extent; this does not stop the HUGE EFL textbook industry thriving: so, while one can get a "warm fuzzy" about being moral, I sometimes wonder if one might be better using the energy one spends getting all hot-and-sweaty about this sort of thing on more productive stuff.

jacque
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 7215
Joined: Sat Apr 08, 2006 8:31 pm
Location: Minneapolis MN
Contact:

Re: retrieve livecode code from standalone desktop app

Post by jacque » Sat Sep 08, 2018 6:15 pm

karmacomposer wrote:
Fri Sep 07, 2018 10:53 pm
Is there any way today to decompile a livecode compiled stand-alone software program? I know it gets encrypted when its compiled, so I sure hope it is IMPOSSIBLE to decompile.
Nothing is impossible but it is very difficult to decompile a LC standalone. I remember when the new format was introduced and Mark Waddingham was tasked with the job of decompiling one. It took him a very long time to figure it out, and he was the one who wrote it in the first place. If the author had a problem with it, I'd guess hackers would find it almost impossible.

Be sure to set a password on the stack.
Jacqueline Landman Gay | jacque at hyperactivesw dot com
HyperActive Software | http://www.hyperactivesw.com

richmond62
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 9287
Joined: Fri Feb 19, 2010 10:17 am
Location: Bulgaria

Re: retrieve livecode code from standalone desktop app

Post by richmond62 » Sat Sep 08, 2018 6:29 pm

It is imperative that our Livecode software be as unhackable as possible.
The reason people don't seem to bother writing viruses for Macintosh or Linux systems seems to be that the whole thing is far, far more complicated and time-consuming than writing them for Windows.

So, personally, I try to make my software sufficiently complicated that the average hacker thinks "can't be bothered" and goes elsewhere.

However: with TIME and that great motivator, MONEY . . . I'm sure a competent programmer can hack their way through anything.

bogs
Posts: 5435
Joined: Sat Feb 25, 2017 10:45 pm

Re: retrieve livecode code from standalone desktop app

Post by bogs » Sat Sep 08, 2018 7:43 pm

richmond62 wrote:
Sat Sep 08, 2018 6:29 pm
The reason people don't seem to bother writing viruses for Macintosh or Linux systems seems to be that the whole thing is far, far more complicated and time-consuming than writing them for Windows.
Huh, I would tend to think it is more a ROI than a complication thing, based on which OS has the highest number of -
  • potential victims (targets) and
  • most potential rewards as a byproduct of use

Regardless of how you or I might feel about Windows personally, there is little doubt that the greater amount of systems runs on it, as seen here, outside of mobile/web clients and servers -
Selection_003.png
Operating System Stats...
Selection_003.png (15.44 KiB) Viewed 5668 times
If your looking for a target, then Windows is the obvious platform to write malware for since, aside from your average consumer, the greater bulk of governments, banks, hospitals, etc run it. OSX has climbed considerably in this ranking from where it was only a few years ago, but is still little more than a blip on the radar in real numbers.

When it comes to mobile, Android becomes the prime target for the same reasons.
Image

jiml
Posts: 336
Joined: Sat Dec 09, 2006 1:27 am
Location: Los Angeles

Re: retrieve livecode code from standalone desktop app

Post by jiml » Sat Sep 08, 2018 9:44 pm

RichardG wrote:
Everything is hackable.
Now that would look good on a T-shirt.

Jim Lambert

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: retrieve livecode code from standalone desktop app

Post by FourthWorld » Sat Sep 08, 2018 10:56 pm

jiml wrote:
Sat Sep 08, 2018 9:44 pm
RichardG wrote:
Everything is hackable.
Now that would look good on a T-shirt.
I tried to order one, but the fulfillment site got hacked. ;)
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

karmacomposer
Posts: 361
Joined: Wed Apr 27, 2011 2:12 pm

Re: retrieve livecode code from standalone desktop app

Post by karmacomposer » Sun Sep 09, 2018 12:42 am

It's just that we need to keep data breaches to a minimum.

But I took a look at the encrypted code in notepad++ and it was reasonably unreadable.

Does anyone know if there is decompiler software available to anyone that could potentially decompile livecode's compiled, encrypted and password protected executeables?

Thanks.

Mike

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: retrieve livecode code from standalone desktop app

Post by FourthWorld » Sun Sep 09, 2018 3:39 am

All executable code in any language can be reverse-engineered via RAM dumps, disassemblers, and other tools.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

richmond62
Livecode Opensource Backer
Livecode Opensource Backer
Posts: 9287
Joined: Fri Feb 19, 2010 10:17 am
Location: Bulgaria

Re: retrieve livecode code from standalone desktop app

Post by richmond62 » Sun Sep 09, 2018 1:08 pm

Regardless of how you or I might feel about Windows personally
Yes, well, we could go on a real cosmic OT journey on that one: but to no avail I'm afraid.

bogs
Posts: 5435
Joined: Sat Feb 25, 2017 10:45 pm

Re: retrieve livecode code from standalone desktop app

Post by bogs » Sun Sep 09, 2018 1:19 pm

karma, the main problem with your question as Richard has pointed out at least twice is that there is no way to accomplish what your talking about in any language, depending on the skill of the person looking to disassemble your program.

A text editor, such as Notepad++, is (at best) only going to show you whatever is in text in the program, provided you don't get an error trying to open the binary in a text editor to begin with.

If you were, for example, to open a stack file in it, you will see a great deal of actual code, mixed with scrambled ascii where the binary bits are (again, provided the editor can open the file without error), such as what you see below...
Selection_003.png
Stack open in a text field...
...and here is Googles Sketchup installer .exe opened in that same text field...
Selection_004.png
Google Sketchup Installer open in a text field...
... but when someone is thinking of taking a look at how a program executes with the goal of de-compiling or reverse engineering it, they are far more likely to be using a way to look at the assembly instructions moving through the registers, or a hex editor, dumps as Richard mentioned, or something like that.

Here is a light article on the topic that is pretty understandable for the layman, and here is the summary just in case your not really interested in going through the whole thing -
Disassembling, Decompiling and Modifying executables wrote: So it is actually not so hard to crack an application

Yes, it’s not. With the difference that this process in an actual application will be more time-consuming. Do you know a single popular stand-alone application that has not been cracked ? That is why you need to think of better ways of protecting your software. Understand one simple thing :

Every application can be cracked, if you have access to its native image, just like every computer password can be broken, if you have physical access to the machine.

Of course, there are techniques that allows us to slow an attacker down, which might or might not be enough. But "slowing" doesn't mean "preventing", and that's a topic of another article.
Image

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9802
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: retrieve livecode code from standalone desktop app

Post by FourthWorld » Sun Sep 09, 2018 5:07 pm

Code that can be executed through a processor must conform to the expectations of the processor. Familiarity with the processor's instruction allows converting code from binary form into human-readable Assembler. Some tools can even turn Assembler into C. It's not good C, in terms of how you'd want to manage a code base, but if the algorithms are of such rare value that it's worth doing this it's better than nothing, and provides a foundation where an experienced programmer can then rewrite it into more productionable form.

Remember the old mantra of security: physical access = root. Access to anything running on a machine physically in your hands is limited only by your imagination, experience, and available time.

This is a feature of computing, rather than a bug. It's your computer. You should be able to know what it's doing. OSes make understanding what software is doing ever harder, but as every security discussion yields, such efforts only slow down that understanding. As long as code can be executed, that execution can become knowable.

If you don't want to the user to learn your algorithm, put the algorithm somewhere other than the user's machine.

If you have a security need beyond those of most software, one solution is to convert that algorithm to a network service: move the sensitive parts from the computer to a server, and establish an API where your local program sends inputs for the algorithm to the server, and uses the outputs from the server, but does not have the code for that algo on the user's machine at all.

This of course introduces its own security concerns, and may or may not be practical given the workflow requirements of a given app. But network services are common enough to inspire consideration, and any algorithm warranting such unusual considerations as discussed here would seem valuable enough to warrant the additional expense and workflow limitations of moving local functionality to the network, securing those communications, and sufficiently hardening the server.
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

Post Reply

Return to “Getting Started with LiveCode - Complete Beginners”