|
Knight Chat X
Squire
USA
24 Posts |
 Posted - Dec 06 2004 : 04:39:49 AM
|
I just don't know anymore, I used to feel sameway until people started stealing my ideas and anything I posted on website for their own personal gain to compete that's when I thought differently because the info was being used in a negative way and the people using the info didn't care because to them it was freely available. Free source is how people learn this stuff, in that it's a good thing, I hear about Microsoft's source not being available but the truth is it always has been, in fact, that's the reason security problems have become the way they are now. example:
When Outlook Express & IE interaction source code became available, information related to tampering with security related settings and send emails sparked the internet attacks which we know as an internet worm that was spread through email systems which is to this day what we all face. Because information about the inner working of IE & Outlook were given, nothing stopped the wrong person getting this info and create a program which spamed everyone in their addressbook, put this information into the hands of millions worldwide and before you know it you gotta problem.
Because the lack of knowledge on VB.Net and DirectX9.0c is so little right now it seems like sharing info would be a good thing, sharing source code freely is ok as you've got a choice, the problem is when you have no choice, especially if you are hosting a commercial service or commercial app.
Thanks for the input.
|
The net is getting bigger and bigger. |
 |
|
|
cbx
Swordmaster
Canada
296 Posts |
Posted - Dec 06 2004 : 05:34:18 AM
|
Ohh ohhh! I think I may have come up with a solution. See it only took a few minutes of pondering and bing! it hit me! You could protect your VB.NET code by err um,... Not compiling your app!?!
Write your vb.net app as a strongly interface driven application. Then load and compile your apps code at runtime. You will have to create a small app that does this.
Basically you load your previously encrypted source code files, decrypt them, compile them and run them all at runtime! That way the only code that others would be able to pick apart would be the small app that is doing the decrypting and compiling and not your source code.
I guess It would help if I provided a demonstration... and Voila! Not 1, not 2, but 3 examples of compiling code at runtime! By yours truly.
http://www.gpwiki.org/index.php/Tutorials_and_Source_Code
http://www.gpwiki.org/index.php/VBNET:ScriptingisthepastPart1
http://www.gpwiki.org/index.php/VBNET:ScriptingisthepastPart2
http://www.gpwiki.org/index.php/VBNET:ScriptingisthepastPart3
Or i just had another idea but it is less practical/yet more secure. Why not have your users run your app directly from the internet! The user downloads a small app from the internet, and uses it to run your app. When the app is run it requests the source code for your app through a secure internet connection, your app downloads the encrypted code, decrypts it, compiles it, then runs it all without it saving anything to the hard drive. This would also allow you to ensure that all users are running the latest source code for your app and would be like getting automatic updates for your app! And the end user never has access to your applications source code, because it is never stored on the end users hard drive everything is kept in memory.
You are probably going to have a few questions about this process so it might be best to start a new thread... Further disscussion about this process will surly take a number of paragraphs to explain. But feel free to ask. |
Created by: X
http://www.createdbyx.com/ |
|
|
|
VBBR
Moderator
Brazil
617 Posts |
Posted - Dec 06 2004 : 05:41:53 AM
|
| Wouldn't "compile on-the-fly" be horribly slow for huge programs? |
Whatever. Who knows... |
|
|
|
cbx
Swordmaster
Canada
296 Posts |
Posted - Dec 06 2004 : 05:45:15 AM
|
quote:
Originally posted by VBBR
Wouldn't "compile on-the-fly" be horribly slow for huge programs?
Depends on what you mean by huge? My computer can compile 100Kbs or more of vb.net code in about 2 seconds flat. Thats a fair ammount of code. And a minimal ammount of time to compile and run it.
But if you are talking an application like MS Word then you would actually only download and run only the parts of the applications source code as your users need them. |
Created by: X
http://www.createdbyx.com/ |
|
|
|
VBBR
Moderator
Brazil
617 Posts |
Posted - Dec 06 2004 : 09:55:28 AM
|
| Hm, that makes sense. Just compile what you need. Thanks for explaining. |
Whatever. Who knows... |
|
|
|
Eric Coleman
Gladiator
USA
811 Posts |
Posted - Dec 06 2004 : 10:34:55 AM
|
I'm not a hacker, but compiling on the fly is not a safeguard. The code, at one point, must be recognizable by the compiler, i.e. decrypted and available on the target computer, and also it is trivial to hook into the code (especially .NET code) and simply extract the code.
|
|
|
|
Knight Chat X
Squire
USA
24 Posts |
Posted - Dec 06 2004 : 2:06:19 PM
|
Bingo Eric, that's what I was tryin to say! 
cbx that idea isn't bad though, would come in handy for a game engine, could setup a custom language for scripting to make loading a level easier. Reminds me of internet explorer, which downloads the source of a webpage then parses it to display a page, IE acts as an interpreter. |
The net is getting bigger and bigger. |
|
|
|
Eric Coleman
Gladiator
USA
811 Posts |
Posted - Dec 06 2004 : 4:11:21 PM
|
Well, the .NET framwork (the end user, not the SDK) does install the C# compiler. There is also a C++ example in the Directx 9.0c SDK that uses C# as a scripting language. However, that's not a solution to any code theft problem.
Code theft seems to be the major point of this discussion, but code modification is just as serious. If you create a multiplayer game and people can decompile and recompile with relative ease (MSIL is high level in my opinion), then cheating would be a really serious problem. I know it's an issue already, but people are limited to the tools that only a select few people create. And personally, I'm paranoid about stuff like that containing viruses and trojans. Also, the difference between custom modifications to a program versus premade cheating tools is that custom mods are your own creation and don't have to follow the same patterns that normal tools (such as aim bots) have that make it apparent that they're being used. |
|
|
|
cbx
Swordmaster
Canada
296 Posts |
Posted - Dec 06 2004 : 5:45:52 PM
|
quote:
Originally posted by Eric Coleman
I'm not a hacker, but compiling on the fly is not a safeguard. The code, at one point, must be recognizable by the compiler, i.e. decrypted and available on the target computer, and also it is trivial to hook into the code (especially .NET code) and simply extract the code.
Really? How can you hook into .NET code on a running .NET app? You also made me think of somthing I had overlooked and that is that the source code you compile may actually be passed to the vbc.exe (vb.net command line compiler) as a temp file!
Actually 1 sec..... Yep it does. I just took a minute to run a modified version of my scripted interface example and used filemon on it and sure enough you can see the code file being called by vbc.exe.
Scripted interface example: http://www.gpwiki.org/index.php/VBNET:ScriptingisthepastPart3
FileMon: http://www.sysinternals.com/ntw2k/source/filemon.shtml
Last night I also looked into the possibility of downloading a precompiled dll from the internet and creating objects from it just like the example I gave before, but the problem is you can't seem to load an assembly from a stream only from files. So that would not work either. dang  |
Created by: X
http://www.createdbyx.com/ |
|
|
|
Eric Coleman
Gladiator
USA
811 Posts |
Posted - Dec 07 2004 : 12:25:20 AM
|
quote:
Originally posted by cbx
How can you hook into .NET code on a running .NET app?
I honestly don't know, but you can download the CLR profiler from Microsoft (I found it on the directx download page), it comes with source code. The CLR profiler is limited to profiling your code since that's what it was designed for. Since it can so easily snoop around to see what a .NET program is doing, then I'm sure that it would be easy to make it do a bit more than just profile code. |
|
|
|
Knight Chat X
Squire
USA
24 Posts |
Posted - Dec 07 2004 : 05:12:06 AM
|
quote:
Originally posted by Eric Coleman
Code theft seems to be the major point of this discussion, but code modification is just as serious. If you create a multiplayer game and people can decompile and recompile with relative ease (MSIL is high level in my opinion), then cheating would be a really serious problem. I know it's an issue already, but people are limited to the tools that only a select few people create. And personally, I'm paranoid about stuff like that containing viruses and trojans. Also, the difference between custom modifications to a program versus premade cheating tools is that custom mods are your own creation and don't have to follow the same patterns that normal tools (such as aim bots) have that make it apparent that they're being used.
Yep, and believe it or not is same reason 1 antivirus program will only pick up commonly reported virus/trojans and not 1 antivirus will pick up all, a custom virus or trojan will not be detected unless it uses a familiar pattern of an unpatched system, it takes multiple program submissions and deep analysis to determine what is really going on in which a person has to manually type pattern information (eg. Registry entries created/modified, file/folder changes) into a file known as a definition file, a scan engine simply loads the file and uses for pattern comparisons. A reason programs are left in a way you could undo them might be so analysis like this can be easier. The problem is at the root in that once you have a human readable source form that's visible is where theft can occur, hardware and software are designed in a way that allow information to be read straight from the CPU registers and memory still.
Luckily, Microsoft may have a grip on this in future operating systems as it seems memory control is going towards the route of a single file system stored in memory with extremely restricted access to memory operations which will be almost invisible.
I agree, on the gaming aspect this enables cheating and has been happening, I remember playing America's Army one time and somebody noticed a player was hovering in mid air and shooting down below in which immediately after the game suddenly came to a close.
|
The net is getting bigger and bigger. |
|
|
|
cbx
Swordmaster
Canada
296 Posts |
Posted - Dec 07 2004 : 07:39:22 AM
|
quote:
Originally posted by Knight Chat X
[quote]Originally posted by Eric Coleman
<br>
I agree, on the gaming aspect this enables cheating and has been happening, I remember playing America's Army one time and somebody noticed a player was hovering in mid air and shooting down below in which immediately after the game suddenly came to a close.
lol Or maybe he was simply a genetically engeneered super soldger! |
Created by: X
http://www.createdbyx.com/ |
|
|
|
Knight Chat X
Squire
USA
24 Posts |
Posted - Dec 07 2004 : 07:51:22 AM
|
Haha, too funny!  |
The net is getting bigger and bigger. |
|
|
VB6, and .net. Total noobness...help?
