Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Protect from refox
Message
From
30/10/2005 23:35:18
Jos Pols
C., South Africa
 
 
To
30/10/2005 15:42:38
Denis Chasse
Ultimax
Montréal, Quebec, Canada
General information
Forum:
Visual FoxPro
Category:
Troubleshooting
Title:
Re: Protect from refox
Miscellaneous
Thread ID:
01062778
Message ID:
01063425
Views:
42
><snip>
>
>I understand and Agree with you and Peter.
>
>With you Jos because ReFox is a tool that can be really useful and seem to do a good job out of recovering source code.
>
>I agree with Peter because I, like Peter (if I understood correctly), don't want to have to buy ReFox to protect my application against being decompiled by ReFox. To me there seems to be a gimmick in there <g>
>
>So I have a solution to propose. In the main program of my application if the string "ReFox is not welcome in here" is there then ReFox won't recover the source code for that application.
>
>If I ever lose my source code and that string was there then I'll have to live with the consequences <g>
>
>Does that make sense to you guys?

Denis, think about this - have you ever tried to open a VFP "compiled" exe without "encryption" turned on inside of Notepad.exe? Scroll down a little and see your wonderful source code complete with comments even. Must we outlaw Notepad.exe? At this point every text editor is a cracking tool.

OK so turn on encryption, oooh, ahhh. Now what you get is gibberish right? But this is not a complex encoding algorithm and does not use a secret key, as in proper encryption, so really its not a huge job to write a reverse encoder. Anyone with VFP can perform a chosen plaintext attack on the encoding routine to derive the algorithm. So lets all agree that the encoding (encryption) is less than useless because of the false sense of security it gives people.

So now you want to put a text string in your app which Refox can check for and it would not reverse your app? Some problems; (1) Anyone with half a brain could remove your string from your app, (2) Someone else will write another decoding program (they already exist), (3) Someone will hack Refox to bypass the hidden string test, (4) Someone will use a whole variety of other cracking tools and get your code, like when it loads un-encoded into memory, etc.

Therefore, if you want protection against Refox you are being too focused on one product. What you want is protection against decompilation in general. In which case you must go for one of the options (or similar) that I mentioned in my other post while at the same time, if you are so inclined, push for stronger legislation against software piracy in its many forms.

Refox is not the problem. The problem is crackers. You and Peter are trying to solve the wrong problem.
In the End, we will remember not the words of our enemies, but the silence of our friends - Martin Luther King, Jr.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform