If I have several functions that return a decoded obfuscated string, is it safe to keep these functions grouped together in one module? Or should these functions be scattered around the app, in random classes and/or modules?
Thanks
I have written a few cipher/decipher programs for small companies to use for their email. The companies have no problem with me using Xojo, but claim that Xojo code is more easily decompiled than some others, so they specifically asked that I hide the cipher functions throughout the program.
I also believe there are programs that will take compiled code and obfuscate the code to make decompilation nearly impossible. I have never used them, however.
Hope this helps,
Bob
[quote=178462:@Robert Birge]I have written a few cipher/decipher programs for small companies to use for their email. The companies have no problem with me using Xojo, but claim that Xojo code is more easily decompiled than some others, so they specifically asked that I hide the cipher functions throughout the program.
[/quote]
That claim is really specious but whatever.
Check out Hopper and point it at pretty much ANY compiled code on OS X (and there are tools for other platforms)
Decompiling the code isn’t the issue. Thats possible for pretty much any well documented exe format.
The trick is more how readable the disassembled code is.
Java and Android code is really nice to decompile and you can even get tools that decompile it into Java source.
It wont be the same source code that was shoved into the compiler but its often quite readable.
C# can be decompiled nicely too.
Disassembling an x86 binary gives you assembler. And that could come from any number of sources, and lord knows what the compiler has done to it on the way to generating the x86 in terms of optimizations etc.
And our old compiler did some very interesting things that actually make tracing that machine code kind of a pain in the butt.
Ask joe 
@Norman,
why are the names of the xojo methods appearing clearly in Hopper ?
there is a checkbox “includefunctionnames” in the advanced tab of the app properties (at least in RS2012)
but if you check it or not it is the same, the names appears in hopper
it should not be so difficult to have “methodxxx” instead of the name in clear ?
Introspection meta data has the names
So they appear regardless of that setting (otherwise introspection won’t work at all) and it actually cannot be turned off
I dont recall if there was a bug about include function names not stripping them at one point
But I have an inkling that there was at one time
Norman,
I am no expert on decompilation, but my users claim that when I use RB2007 R4 that decompilation is rather useless, but when I use the more recent Xojo compilers, decompilation reveals too much. Is this what you meant by “old compiler”, or do we have to go back further in time to get access to that “old compiler”?
RB2007 R4 also generates much faster code. Naturally, there are limitations implicit in using RB2007R4, so this is not a general solution for us.