Kevin's place for skins...
Just a place to keep my skins and wodgets that I create in my never ending quest to change my PC so no one else can use it..
Protecting widget code
Is it at all possible?
Published on March 22, 2006 By Kevin_C In DesktopX
I've recently writeen an HTML application (HTA) that is essentially a PasswordSafe of sorts that allows you to save website usernames and passwords as well as account infomation and payment links in one application with one password protecting them. While I have a few mechanisms in place to protect the data files from someone easily pilfering the contents I realize that if someone can easily browse the code it isn't all that hard to discern the processes used for generating the encrypted data files and therefore decrytping the data. So, to that end I've used a code obfuscator/encrypter on the HTA code that will stop if not severely deter most people from even trying to steal the code. While I know nothing is perfect I don't think the information in these files is interesting enough to really get someone with the capabilities to reverse engineer the code to try.

Anyway, the reason for my post is that I am considering creating a DX widget out of the app but if I can't at the very least obfuscate portions of the code it really wouldn't be worth the trouble. I have DX Professional and I know I can create a widget exe but that is not really any help because anyone with DX Pro can just import the widget and get the script code. So, is there an obfuscator or encryptor for DX widget code?

Any tips would be appreciated.
Article Tags
desktopx
Popular Articles in this Category
Popular Articles from Kevin_C
Just re-subscribed to OD but Stardock Central still says I'm not subscribed...
Comments (Page 2)
2 Pages1 2 
16
bakerstreet
on Mar 23, 2006
lol, creature... you mean creator? Although... on second thought in this place it might be more apt...
17
RomanDA
on Mar 23, 2006
You might still want to check with Stardock how secure this is. I think perhaps they got utility to open gadgets. I could be wrong, but I imagine that I saw someone who'd lost their source file and only had the gadget file and SD could extract it for him/her.


This would be me, and yes they have a de-compiler for the EXE code that DX PRO Generates, as they have the compiler as well. But they would have to be the ones to de-code it.

It helped me, but they were really good to do it for me, i dont see them decompiling someones code just to see how they encrypted something.
18
thomassen
on Mar 24, 2006
This would be me, and yes they have a de-compiler for the EXE code that DX PRO Generates, as they have the compiler as well. But they would have to be the ones to de-code it.

But if they can do it, some reverse-enginer can most likely do it as well. Sure, you can do that with "normal" software as well, but I'm just wondering how much more easier/difficult it would be.
19
Kevin_C
on Mar 24, 2006
Never use obscurity as security


XX, I'm definitely not using just obscurity. I'm using an industry standard 256-bit cypher to encrypt the data. I've simply added some randomness to the key and salt generation such that the values used to encrypt a given piece of text are more unique than if I had used the same key and salt value for every call to encrypt data. The encryption is actually done using an open-source ActiveX dll that I found out on the web, so it's using an actual compiled binary for this purpose. Which is possibly one thing that would keep me from being able to release it if I ever get it to that point.

some reverse-enginer can most likely do it as well


thomassen, I would guess this probably depends on what the actual compilation process does to the data. Seeing as Gadgets are based on a scripting language the scripts have to be kept in such a way that they will actually work when the gadget is executed. So, I would guess they are doing something to possibly encrypt and compress the data that is stored in the exe. The real question is whether the scripts are written to disk when the gadget is run. Maybe I'll run a few gadgets while running one of the fabulous tools from SysInternals to see exactly what the gadget does when it runs..
20
Kevin_C
on Mar 24, 2006
OK, downloaded a Gadget, ran it and peeked at its activities. The scripts are most definitely encrypted/compressed on disk. So, someone could get the scripts but I think it would take them a good bit of work to actually get anything usable from them.
21
thomassen
on Mar 24, 2006
Ah, ok. I had a feeling it'd be something like that.
22
jlaj1989
on Mar 24, 2006
huh, So there is a way to "edit" gadgets but it might be a pain. Ive found if you open windows media player skins in WinZip yuo can export all the graphics and scripts. Maybe it is along the lines of that.
23
XX
on Mar 24, 2006
Ahh I see. It would work that way.
24
Kevin_C
on Mar 24, 2006
So there is a way to "edit" gadgets but it might be a pain


Uhh, I'd say it would be a tad bit more than a pain. The scripts are encrypted or compressed or both but they are definitely not plain text. The files in a gadget are extracted when you run it, but like I said the scripts are not plain text.
2 Pages1 2 
Meta
Views
» 5673
Comments
» 24
Category
» DesktopX
Comment
Recent Article Comments
LightStar Design Windowblind...
I need a joke today
The national debt.
Let's see your political mem...
Is it just me??
Saying "Hi"
Let's start a New Jammin Thr...
Climate Change Zealots
v2.5 & Warlords Expansion Gu...
Quick thoughts on Warlords f...
Sponsored Links
Terms of Service Privacy Policy About Us Contact Us Stardock.com
© 2024 Stardock Corporation. All rights reserved.
JoeUser v1.0.0.0