Obfuscation

General
61

You gave me some good ideas that I modified slightly. I didn’t see the benefit of the multiplier vs. the adder (perhaps you can convince me), but the comments were a good idea. More importantly, I modified to paste the code directly above the highlighted string and put most of it in an If statement. The upshot is that you can encode several strings in the same method without an error.

  Function RndInRange (startIndex As Integer, endIndex As Integer) As Integer
    dim d as Double = Rnd
    dim range as Integer = endIndex - startIndex
    return Round( range * d ) + startIndex
  End Function
  
  dim origString as String = SelText
  if origString.Trim = "" then
    print "Select some text first."
    return
  end if
  
  origString = origString.ReplaceAll( """""", """" )
  dim chars() as String = Split( origString, "" )
  
  dim startQuote as boolean = chars( 0 ) = """"
  dim endQuote as boolean = chars( chars.Ubound ) = """"
  
  if endQuote then
    chars.Remove chars.Ubound
  end if
  
  if chars.Ubound <> -1 and startQuote then
    chars.Remove 0
  end if
  
  if chars.Ubound = -1 then
    print "Select some valid text first."
    return
  end if
  
  dim stringToEncode as String = Join( chars, "" )
  dim b as String = ShowDialog( "You are about to encode this string. Proceed?", stringToEncode, "Yes", "No", "" )
  if b = "No" then
    return
  end if
  
  dim index as Integer
  dim codeArr() as String
  dim indexArr() as String
  dim addArr() as String
  dim randomizerArr() as Integer
  for index = 0 to chars.Ubound
    dim thisAdd as Integer = RndInRange( 64001, 100000 )
    codeArr.Append Str( Asc( chars( index ) ) + thisAdd )
    indexArr.Append Str( index )
    addArr.Append Str( thisAdd )
    randomizerArr.Append RndInRange( 0, chars.Ubound * 100 )
  next index
  
  randomizerArr.SortWith( codeArr, indexArr, addArr )
  
  // Construct the code
  dim eol as String = EndOfLine
  dim resultArr() as String
  
  resultArr.Append "dim decodedString as String"
  resultArr.Append eol
  resultArr.Append eol
  
  resultArr.Append "// Encoding for value: "
  resultArr.Append stringToEncode
  resultArr.Append eol
  
  resultArr.Append "if True then"
  resultArr.Append eol
  
  resultArr.Append "dim codeArr() as Integer = Array( "
  resultArr.Append Join( codeArr, ", " )
  resultArr.Append " )"
  resultArr.Append eol
  
  resultArr.Append "dim adderArr() as Integer = Array( "
  resultArr.Append Join( addArr, ", " )
  resultArr.Append " )"
  resultArr.Append eol
  
  resultArr.Append "dim indexArr() as Integer = Array( "
  resultArr.Append Join( indexArr, ", " )
  resultArr.Append " )"
  resultArr.Append eol
  
  resultArr.Append "indexArr.SortWith codeArr, adderArr"
  resultArr.Append eol
  
  resultArr.Append eol
  
  resultArr.Append "dim decodedChars() as String"
  resultArr.Append eol
  
  resultArr.Append "for i as Integer = 0 to codeArr.Ubound"
  resultArr.Append eol
  
  resultArr.Append "decodedChars.Append Chr( codeArr( i ) - adderArr( i ) )"
  resultArr.Append eol
  
  resultArr.Append "next i"
  resultArr.Append eol
  
  resultArr.Append eol
  
  resultArr.Append "decodedString = Join( decodedChars, """" )"
  resultArr.Append eol
  
  resultArr.Append "end if // True"
  resultArr.Append eol
  
  resultArr.Append "// End Encoding for value: "
  resultArr.Append stringToEncode
  resultArr.Append eol
  
  dim result as String = Join( resultArr, "" )
  
  b = ShowDialog( "Paste into this method or Copy to clipboard?", result, "Paste", "Cancel", "Copy" )
  select case b
  case "Cancel"
    return
  case "Copy"
    Clipboard = result
  case "Paste"
    // See if we need the initial declaration
    if Text.InStr( resultArr( 0 ) ) <> 0 then
      for index = 1 to 2
        resultArr.Remove 0
      next index
      result = Join( resultArr, "" )
    end if
    
    // Figure out where we should paste
    dim curText as String = Text
    dim curSelStart as Integer = SelStart
    dim newSelStart as Integer
    for index = curSelStart downto 1
      dim curChar as String = curText.Mid( index, 1 )
      if curChar = Chr( 13 ) or curChar = Chr( 10 ) then
        newSelStart = index
        exit
      end if
    next index
    
    SelText = "decodedString"
    SelStart = newSelStart
    SelLength = 0
    SelText = result
    SelText = eol
  end select
1 Like
62

Well if you HAVE to have it in the software store it encrypted in the software
Using some public key key cryptography or something else cryptographically decent
Recompute the key to decrypt it by way of side effects & never directly via method calls like “DecryptKey” :slight_smile: as that makes a dead easy path
But if you do have to decrypt the serial at SOME point in your code THAT is the point in your running code the person grabs it IF they are so inclined and capable

You can stop the casual onlooker from grabbing it using the strings command or any other simple hex dump
But someone who really wants it will find it - its just a matter of how much time it takes & whether they decide its worth it
A single serial # probably isn’t - low value for a more than moderate effort

BUT then I’ve also seen folks crack $1 apps just for fun

63

Off topic side note:

Despite of knowing better, I’m going to spend some seconds to think and write about him:

As far as I can see, Matthew has until now not released anything to this community which was mature and usable. Just big mouthing. A lot of “I have done miraculous things, but I cannot release it because of this and that”. And the things he releases are immature and / or questionable.

So I just ask myself why someone like you, Brad, who has released high quality software to the community, is allowing yourself to get so much irritated about him? Why do you dedicate even a second of your time to someone who has not proven to be useful? He gets to much attention. (And trying to get attention is probably what his screaming adds are all about.)

64

Respectfully, Oliver. Matthew’s claims in his initial posting about the need for his tool do a great deal of unnecessary damage to a delicate balance that allows software to be sold into this market. It is not his place to point out and outline how to steal from another developer. I really don’t care what his “deal” is and whether we should otherwise feel some special compassion for him. That was a jerk move by a jerk. Nobody asked for his help increasing their profits. Nobody in their right mind would want it.

(Add) I don’t want to discourage anyone in the community from working on anything regardless of how obscure, worthless, or overdone it might be. However, it isn’t cool to insert yourself into specific other people’s specific security issues. It is exceedingly uncool.

65

I know you have been to that thread, but as Sasha Schepmuller researched replacing strings in the source code with the same concern to shield strings, I found out that IDE script is not able to do a global replace. Probably even less what you think off.

FWIW, I worked on automating further the IDE, and succeeded in obtaining a global replace.

https://forum.xojo.com/12365-search-and-replace-in-sourcecode-using-ide-script?search=%22mouse+click+utility+clicks%22

66

Good point.

67

I didn’t follow this whole conversation but just wanted to point out, in case it wasn’t known, that Arbed can assist in obfuscation strings in a project:

It lists ALL your strings, lets you enter RbScript code to obfuscate them, and then apply the conversion of those strings to select strings (and it remember the selection). It also inserts code to decode those encoded strings, i.e. call a custom function in your code does that decding job.

Of course, a skilled hacker with disassembly skills will still be able to analyse that decoding function, but I’m sure that this has already been discussed here - it’s still a much more efficient deterrent than leaving critical strings in your code in plain view for anyone using a plain text or hex viewer.

68

[quote=92914:@Kem Tekinay]You gave me some good ideas that I modified slightly. I didn’t see the benefit of the multiplier vs. the adder (perhaps you can convince me), but the comments were a good idea. More importantly, I modified to paste the code directly above the highlighted string and put most of it in an If statement. The upshot is that you can encode several strings in the same method without an error.

[code]
Function RndInRange (startIndex As Integer, endIndex As Integer) As Integer
dim d as Double = Rnd
dim range as Integer = endIndex - startIndex
return Round( range * d ) + startIndex
End Function

dim origString as String = SelText
if origString.Trim = “” then
print “Select some text first.”
return
end if

origString = origString.ReplaceAll( “”"""", “”"" )
dim chars() as String = Split( origString, “” )

dim startQuote as boolean = chars( 0 ) = “”""
dim endQuote as boolean = chars( chars.Ubound ) = “”""

if endQuote then
chars.Remove chars.Ubound
end if

if chars.Ubound <> -1 and startQuote then
chars.Remove 0
end if

if chars.Ubound = -1 then
print “Select some valid text first.”
return
end if

dim stringToEncode as String = Join( chars, “” )
dim b as String = ShowDialog( “You are about to encode this string. Proceed?”, stringToEncode, “Yes”, “No”, “” )
if b = “No” then
return
end if

dim index as Integer
dim codeArr() as String
dim indexArr() as String
dim addArr() as String
dim randomizerArr() as Integer
for index = 0 to chars.Ubound
dim thisAdd as Integer = RndInRange( 64001, 100000 )
codeArr.Append Str( Asc( chars( index ) ) + thisAdd )
indexArr.Append Str( index )
addArr.Append Str( thisAdd )
randomizerArr.Append RndInRange( 0, chars.Ubound * 100 )
next index

randomizerArr.SortWith( codeArr, indexArr, addArr )

// Construct the code
dim eol as String = EndOfLine
dim resultArr() as String

resultArr.Append “dim decodedString as String”
resultArr.Append eol
resultArr.Append eol

resultArr.Append "// Encoding for value: "
resultArr.Append stringToEncode
resultArr.Append eol

resultArr.Append “if True then”
resultArr.Append eol

resultArr.Append "dim codeArr() as Integer = Array( "
resultArr.Append Join( codeArr, “, " )
resultArr.Append " )”
resultArr.Append eol

resultArr.Append "dim adderArr() as Integer = Array( "
resultArr.Append Join( addArr, “, " )
resultArr.Append " )”
resultArr.Append eol

resultArr.Append "dim indexArr() as Integer = Array( "
resultArr.Append Join( indexArr, “, " )
resultArr.Append " )”
resultArr.Append eol

resultArr.Append “indexArr.SortWith codeArr, adderArr”
resultArr.Append eol

resultArr.Append eol

resultArr.Append “dim decodedChars() as String”
resultArr.Append eol

resultArr.Append “for i as Integer = 0 to codeArr.Ubound”
resultArr.Append eol

resultArr.Append “decodedChars.Append Chr( codeArr( i ) - adderArr( i ) )”
resultArr.Append eol

resultArr.Append “next i”
resultArr.Append eol

resultArr.Append eol

resultArr.Append “decodedString = Join( decodedChars, “””" )"
resultArr.Append eol

resultArr.Append “end if // True”
resultArr.Append eol

resultArr.Append "// End Encoding for value: "
resultArr.Append stringToEncode
resultArr.Append eol

dim result as String = Join( resultArr, “” )

b = ShowDialog( “Paste into this method or Copy to clipboard?”, result, “Paste”, “Cancel”, “Copy” )
select case b
case “Cancel”
return
case “Copy”
Clipboard = result
case “Paste”
// See if we need the initial declaration
if Text.InStr( resultArr( 0 ) ) <> 0 then
for index = 1 to 2
resultArr.Remove 0
next index
result = Join( resultArr, “” )
end if

// Figure out where we should paste
dim curText as String = Text
dim curSelStart as Integer = SelStart
dim newSelStart as Integer
for index = curSelStart downto 1
  dim curChar as String = curText.Mid( index, 1 )
  if curChar = Chr( 13 ) or curChar = Chr( 10 ) then
    newSelStart = index
    exit
  end if
next index

SelText = "decodedString"
SelStart = newSelStart
SelLength = 0
SelText = result
SelText = eol

end select
[/code][/quote]
Can anyone make the script above into a ready to use xojo project?, newbie here, confused on how to run script above.