Hi Christof.

Your technique obviously makes things more difficult for a person who has to read the decompiled code. However, the first thing I would do is globally replace your purposefully confusing variable names, like "gÜäXùšÝÑšQë5RíÁÁÓÑwŒãÎUœyÌÑÈycÄp", with just plain and simple variable names, like "xVar_001". The variable names are still meaningless but no longer impossible to read. This would then result in code that is not much worse than code that just uses bad variable names (like other peoples code :) One could then global replace these plain variable names with more meaningful names once the variable purpose is more clearly understood - which would almost always be in the line where it is first declared.

In the final analysis I think it is not a huge hurdle to overcome for a cracker who really wants to understand the underlying code.



>Hi Denis,
>
>> A tool that goes throught a VFP project and does a replace of all the variables, function names, procedure names ... by a meaningless name.
>
>Guess what. VFP comes with such a tool. It's called the pre-processor. <g>
>
>In my security session I gave at the conference in Frakfurt last year, I demonstrated obfuscation for VFP by using an include file that translates variable names into hard to decipher strings:
>
>

>#DEFINE VAR_Sum        QÍEÃúÿec2ÏÞJåVâ_Aêb1MûÈvuÔwÈYYEÉÒÆàáÑÅpKþOrÁkZÈ
>#DEFINE VAR_Count      gÜäXùšÝÑšQë5RíÁÁÓÑwŒãÎUœyÌÑÈycÄp
>

>The name on the right side might look strange, but they are all valid variable names created by a little utility program I wrote:
>

>*========================================================================================
>* Returns a random name that is a valid variable name in Visual FoxPro and 20 to 64
>* characters long.
>*========================================================================================
>Procedure GetRandomName
>
>	Local lnLength, lcName, lnChar
>	
>	lnLength = Int(Rand()*44)+20
>	lcName = GetChar("A_")
>	For m.lnChar = 2 to m.lnLength
>		lcName = m.lcName + GetChar("A_D")
>	EndFor
>
>Return m.lcName
>
>
>*========================================================================================
>* Returns a random character.
>*========================================================================================
>Procedure GetChar
>LParameter tcTypes
>
>	Local lnChar
>
>	Do while .T.
>		lnChar = Int(Rand()*256)
>		Do case
>		Case IsAlpha(Chr(m.lnChar)) and "A" $ m.tcTypes
>			Exit
>		Case IsDigit(Chr(m.lnChar)) and "D" $ m.tcTypes
>			Exit
>		Case Chr(m.lnChar) == "_" and "_" $ m.tcTypes
>			Exit
>		EndCase
>	EndDo
>
>Return Chr(m.lnChar)
>

>Since there's no way to prevent someone from decompiling the code, you must make it hard to understand the code for others, while keeping it easy for you.