Kevin's place for skins...
Just a place to keep my skins and wodgets that I create in my never ending quest to change my PC so no one else can use it..
Protecting widget code
Is it at all possible?
Published on March 22, 2006 By Kevin_C In DesktopX
I've recently writeen an HTML application (HTA) that is essentially a PasswordSafe of sorts that allows you to save website usernames and passwords as well as account infomation and payment links in one application with one password protecting them. While I have a few mechanisms in place to protect the data files from someone easily pilfering the contents I realize that if someone can easily browse the code it isn't all that hard to discern the processes used for generating the encrypted data files and therefore decrytping the data. So, to that end I've used a code obfuscator/encrypter on the HTA code that will stop if not severely deter most people from even trying to steal the code. While I know nothing is perfect I don't think the information in these files is interesting enough to really get someone with the capabilities to reverse engineer the code to try.

Anyway, the reason for my post is that I am considering creating a DX widget out of the app but if I can't at the very least obfuscate portions of the code it really wouldn't be worth the trouble. I have DX Professional and I know I can create a widget exe but that is not really any help because anyone with DX Pro can just import the widget and get the script code. So, is there an obfuscator or encryptor for DX widget code?

Any tips would be appreciated.
Article Tags
desktopx
Popular Articles in this Category
Popular Articles from Kevin_C
Just re-subscribed to OD but Stardock Central still says I'm not subscribed...
Comments (Page 1)
2 Pages1 2 
1
XX
on Mar 23, 2006
Well.. You could base data encryption on user's password. You could create a hash based on user's password, then use actual password as private key to encrypt the contents.

Basically, it would create new hash on typed password, check if it matches the stored hash, then decrypt the stored information. This way is fastest way to check before loading the possibly huge file and decrypt it.



Well other way would be simply try to decrypt the stored info directly using the password input, but if file is huge it may be a problem when password was wrong or mistyped.


Note: this WILL require user to input a password each time it have too load the data file! But this way it wouldn't matter if someone cracked and got the entire source code. It don't contain the info needed to actually read the worthy private information.
2
thomassen
on Mar 23, 2006
hmm... DX Pro will open widgets so will the starndard DX. But I haven't found my self able to import Gadgets (stand-alone) with either of them.
3
CerebroJD
on Mar 23, 2006
Thomassen is correct. Gadgets cannot 'disected', so you are safe to use your code in the building of a gadget, and only distribute that executable file.
4
Kevin_C
on Mar 23, 2006
XX,

Thanks but I'm not looking for a way to encrypt the passwords as I already have several techniques in place to achieve that. I've actually done something similar to what you've suggested but I'm actually using different keys and salt values to encrypt each password, and I have developed a system to re-create the proper information when it comes time to decrypt the data.

Thanks for the suggestions!
5
Kevin_C
on Mar 23, 2006
DX Pro will open widgets so will the starndard DX. But I haven't found my self able to import Gadgets (stand-alone) with either of them.


Perfect! Now, the question is can I create gadgets with DX Pro? Sorry for the silly question but it's been a bit since I've messed around with it to actually create anything.
6
ZubaZ
on Mar 23, 2006
The "new" Pro was the old Enterprise.
You probably have the "old" Pro, now called "Standard"
https://www.stardock.com/products/desktopx/purchase.asp

To check, try to export an object.

If you can export it as a gadget, you have Pro and are set. If you hae widget, you are standard and need to upgrade. The link above can assist you there too.

Posted via WinCustomize Browser/Stardock Central
7
Kevin_C
on Mar 23, 2006
Thanks for the info Zubaz! It turns out I do have the new Pro as I have the export as gadget option. Now all I need to do is re-write it for DX.
8
PoSmedley
on Mar 23, 2006
Mine says PRO but I can't make gadgets, so I'm assuming I have the old one. Should I have gotten the new one with ODNT, or would it be extra? I have been wanting to make gadgets and can't.
9
ZubaZ
on Mar 23, 2006
The new Pro is an extra cost. I think it's $70 US.

There was a special a while back . . but I couldn't hide the required money from the wife. Missed a great window of oppertunity.

Anyone wanting to donate to my DX Pro fund can reach me by email.

Posted via WinCustomize Browser/Stardock Central
10
Kevin_C
on Mar 23, 2006
There was a special a while back


That's when I purchased it. I couldn't have justified the expense otherwise but it was such a deal I had to go ahead and get it! I believe it was something like $40 of the current price. So, instead of $70 it was $30, quite a steal!
11
XX
on Mar 23, 2006
Yeah. I missed the special too. Oh well.

Ohh I thought you wanted to protect the data and was concerned about code revealing a way to decode that data.

Yeah gadgets is best way to prevent code from being read. It's also the reason I want to buy DX pro, but couldn't justify that yet.

I adready recreated xxcalc using desktopx and it works.
12
thomassen
on Mar 23, 2006
You might still want to check with Stardock how secure this is. I think perhaps they got utility to open gadgets. I could be wrong, but I imagine that I saw someone who'd lost their source file and only had the gadget file and SD could extract it for him/her.
And I wonder if there might be some temp data which allows you to read the code when it's being run. (REALLY not sure about this one though. I might be confusing it with widget cache.) But since you are making a password manager you probably want to make sure.
13
Kevin_C
on Mar 23, 2006
Ohh I thought you wanted to protect the data and was concerned about code revealing a way to decode that data


Well, kind of. I have the data files encrypted and then I also compress them so they are very much unreadable. However, if someone had access to the code they could with some work reverse engineer the steps taken to encrypt the data and then write some code to decrypt the encrypted data. This would not be an easy task as I use different data to encrypt every password and the password that is used to protect the data file is encrypted in a random method every time and is stored using an SHA1 hash. Oooh, typing this gives me an idea!! Man, I just wish I could create the graphics for this myself, it would go much faster but I guess non-graphic inclined folks such as myself can't be too picky..
14
XX
on Mar 23, 2006
Well. Use something that would take a decent computer centuries to crack.

There IS encryption schemes that cannot be reverse engineered to somehow recover the contents without having any private key. Never use obscurity as security. So many people made that mistake.

Hmm interesting website. http://www.cryptography-tutorial.com/cryptosource.htm
15
CerebroJD
on Mar 23, 2006
Stardock does have a gadget de-compiler that they can use to re-create a widget from a gadget in case of the creature loosing sourcecode etc.
2 Pages1 2 
Meta
Views
» 5636
Comments
» 24
Category
» DesktopX
Comment
Recent Article Comments
Quick thoughts on Warlords f...
Let's start a New Jammin Thr...
AI Desktop Wallpaper 2023
LightStar Design Windowblind...
Are there any high quality O...
The Forum feature / improvem...
Saying "Hi"
GalCiv IV Dev Journal #19 - ...
How to get Windows Store app...
Let's see your political mem...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0