Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VFP Encryption question 4

Status
Not open for further replies.

TinyNinja

Programmer
Oct 1, 2018
99
US
Hey VFP Community,

I found on VFP Project info this checkbox option. Does this encrypted option do anything? I am using VFP 9.2.

I also have another question. I have seen VFPA 32 bit & 64 bit ( options have an encryption option made into the compile program. Has anyone used that and if so does it do a good job at protecting your code?
I'm interested in buying the advanced version for some future projects and want to know if this encryption will prevent the de-compilers from working and is a good purchase.

vfp_Profile_v2n093.png
 
With that unticked any executable you create will contain the source code for your project in a form that is not that difficult to extract.
With it ticked, the source is encrypted and a bit harder to extract, although I think there are products that can do it, ReFox springs
to mind - but I am not sure.

Take a look at this thread : thread184-286147


Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
You can see this for yourself. Build an executable with Encrypted left unticked. Then open the executable in a hex editor. As you scroll down, you will see a lot of recognisable text, including the names of your functions, procedures, classes, properties, methods, etc., plus the text of your user messages and even some of your comments. If you look carefully, you will be able to see what you have set various properties to.

You won't see any of your code, but the code is there, in tokenised form, such that a decompiler (or a very knowledgeable developer) can retrieve it.

Now repeat the exercise with the Ecrypted checkbox ticked. The chances are you won't recognise any of the text in the executable.

So, ticking the box adds a certain measure of source code security. The reason not to tick it is that, if you also tick Debug Info, you can use the VFP debugger to debug the executable, and your error routine can get more information to help you deal with runtime errors.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
Sorry to say, your code will be visible in plain text if you open a VFP executable in a hex editor:

Capture_orb0jr.jpg



Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
( options have an encryption option made into the compile program. Has anyone used that and if so does it do a good job at protecting your code?

I don't know this product, but they claim that it is a true compiler (rather than a pseudo-compiler like VFP) and will therefore protect your code. Why don't you download the demo version and give it a try. (Although, frankly, the lack of information on their website does not inspire much confidence).

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
Is that the same people who do VFP 10(ish) in 64 bit?

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Hey everyone,

Thanks for everyone's thoughts.

I will be checking that encrypted box from now on with my EXE files.

I first found about VFPA from the sessions list on Southwest Fox ( I didn't go to that conference but I did find links from people who attended that pointed to ( as being the team who are developing the improvements.

I did play with the demo options for a months ago but couldn't get the compiler to make an EXE. I might have messed up since I was trying to rush the app I was playing with. I think I will give it another testing.

I looked at Refox and pretty surprised how much more it costs compared to VFPA.

Has anyone here tried making an application with VFPA 32 or 64 bit and had it turn out well?
 
GriffMG
No it is not the same people .
VFP advanced is was introduced in 2010 as an option to compile a foxpro application in 64bit (China)
Refox has been around for much longer to allow a user to decompile a foxpro application (Czech Republic)



If you want to get the best response to a question, please check out FAQ184-2483 first.
 
Mike G is absolutely right about Refox and to reinforce this, I bought it many years ago to protect an app.
The good thing about it is that you can encrypt your coding and password protect it or permanently encrypt it.
A back up is a must if you go for either encryption method.

Thank you

Steve Williams
VFP9, SP2, Windows 10
 
Obviously we all want to protect our source code, but just how serious is the risk?

Even if someone managed to extract the source code from our executables, what are they going to do with it? They would end up with just raw code, with no obvious way of putting it together; no understanding of how it works; no information about our class hierarchies or our data structures; almost no comments and no documentation of any kind. They would need a great deal of skill and patience to reverse engineer an entire application - to the extent that it would probably be easier to write a new application from scratch.

If you have some particularly clever bit of code which, for some reason, you don't want anyone else to see or understand, then it would be worth encrypting it. But I would guess that for most routine VFP development, it would scarcely be worth the effort.

Mike



__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
Of course, I might encrypt my own code, because I'm embarrassed by it...

B-)

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
I might encrypt my own code, because I'm embarrassed by it...

So it would embarrass you if someone else looked at your code? Me, I'm often embarrassed when I look at my own code - especially code I wrote when I was starting out with VFP.

But on a more serious note ...

Griff, I mentioned earlier that the actual code is in tokenised form. But your screen shot shows the code as clear text. After a bit more experimenting, I think you get the tokenised code only if you don't tick the "Debug info" checkbox. If you do tick it, you can read the actual code (albeit with difficulty).

I also noticed that, with "Debug info" ticked, you can see the comments, which surprised me a bit.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads
 
I think the 'Debug Info' needs the comments to get the correct line numbers - to assist in debugging and error handling...

I wouldn't really be embarrassed for other people to read my code, I sometimes do apologise to T-T readers for the scrappy examples I post on here though!

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Just a thought: I agree with Mike's genertal idea that it would be more trouble than it's worth for somebody to "steal" my code. What I might worry about can be done in a hex editor or something like by changing a single or multiple characters in an exe without even changing the file size.

For example changing .F. to .T. in a login line such as
IF m.paidUp=.T.
could allow an unauthorized user to steal the entire app.

I think it's possible a good obfuscation program could fix that, but I don't know any.

Steve

 
I don't THINK changing any readable text in the executable will make any difference - VFP runs the p-code, it doesn't recompile the source.
The text is there to help debugging, not to provide something to compile at runtime.

I did a little experiment to confirm this. I also noticed that not ALL the code was in the executable. I searched for the contents of a public variable
declared in the 'main' program and could not find it (it was the name of the application).

Regards

Griff
Keep [Smile]ing

There are 10 kinds of people in the world, those who understand binary and those who don't.

I'm trying to cut down on the use of shrieks (exclamation marks), I'm told they are !good for you.
 
Hey Mike, to your earlier point of what is the risk. I'm interested in taking one of my programs to the next level and the information being handled will be sensitive and I need to keep it under lock and key so I'm looking into encrypting solutions. I don't want someone to look at the source code and find that a variable is pointing to a certain place that could give them insight how or where to go to break into something.
 
Tiny,
If it is your concern that someone could see in your code something =which would enable them to break into something I would than start with encrytpting that something entry, you dont need to encrypt your complete code.
Also donot forget to encrypt your data as data normaly reveals more sensitive data then your codings.
Stay healthy,
Koen
 
Koen,
Thank you for that info. I have dug deeper into solutions for encrypting data.
 
Griff,
Very informative. Thanks. I never actually tried to change that character in the exe. So if the p-code is run instead of (re)compiling the exe, where is the p-code and could "IT" be changed? Or am I asking the wrong question? Just curious for now.
Steve
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top