Author Topic: VLX file security  (Read 4068 times)

0 Members and 1 Guest are viewing this topic.

AwAD

  • Guest
VLX file security
« on: September 27, 2019, 10:58:53 AM »
Hello every one,

I'am not trying to hack a compiled routine, but should I trust the compiled vlx file "by vlide new application wizard" as I want to distribute some lisp routine that will contain some confidential information "mostly logic operations" and I'm sure that some with programming background will be eager find it out.

So I've done my research and found a tool to convert vlx back to fas, then another tool to decrypt that fas file, and a tool to disassemble the fas file.

I'm attaching a simple lisp routine, its compiled vlx, the decrypted fas file, and the disassembly text file. As I does not understand what had happened.

PLEASE NOTE that the decryption process for the fas file took almost a day, And if someone want the tools links i'll provide them in a message so not to help distribute them  :-( .

« Last Edit: September 28, 2019, 06:25:57 AM by AwAD »

VovKa

  • Water Moccasin
  • Posts: 1626
  • Ukraine
Re: VLX file security
« Reply #1 on: September 28, 2019, 05:54:20 AM »
lisp routine that will contain some confidential information "mostly logic operations" and I'm sure that some professional programmers will be eager find it out.
i bet, the professional programmer will just write his own routine

the decryption process for the fas file took almost a day
strange
i tried the decompilation tool in the past and it always worked almost instantly

AwAD

  • Guest
Re: VLX file security
« Reply #2 on: September 28, 2019, 06:40:49 AM »
Hello VovKa, thank's for your answer.
i bet, the professional programmer will just write his own routine
No he wont as it is based on some information that he doesn't know.
strange
i tried the decompilation tool in the past and it always worked almost instantly
So do you mean that the fas security is compromised ?

VovKa

  • Water Moccasin
  • Posts: 1626
  • Ukraine
Re: VLX file security
« Reply #3 on: September 28, 2019, 07:54:19 AM »
So do you mean that the fas security is compromised ?
idk
you've seen the decompilation output yourself

all programs can be cracked and vlx is no different

MP

  • Seagull
  • Posts: 17750
  • Have thousands of dwgs to process? Contact me.
Re: VLX file security
« Reply #4 on: September 28, 2019, 10:26:24 AM »
the professional programmer will just write his own routine

Agree!

No he wont as it is based on some information that he doesn't know.

I have earned my living for over 25 years doing nothing but designing and writing programs - so I may fall under the category of "professional programmer" - and have never reverse engineered, decompiled a program due to "information that he doesn't know"*. I believe the programmers I've had the pleasure to work with would report same.

I also don't worry about vlx / fas decompilation. If it's cracked it's cracked. Next.

* Data encoding and encryption schemes are a different beast. I've cracked too many to count out of necessity or simply the challenge. e.g. data format of PLC programs written out by GE9070 software ... how the educational flag is stored in dwg files. The difference is I need - or want - to modify or respond to elements of the data - not "lift an algorithm".
Engineering Technologist • CAD Automation Practitioner
Automation ▸ Design ▸ Drafting ▸ Document Control ▸ Client
cadanalyst@gmail.comhttp://cadanalyst.slack.comhttp://linkedin.com/in/cadanalyst

BIGAL

  • Swamp Rat
  • Posts: 1396
  • 40 + years of using Autocad
Re: VLX file security
« Reply #5 on: September 30, 2019, 12:17:48 AM »
Like MP lisp used kelvinator then decrypt appeared. Ok if you want to spend hours in un fas my code which I am selling for $200 good luck your never going to get rich.

Unless your marketing the cracked code you will never make any money anyway.

A man who never made a mistake never made anything

ChrisCarlson

  • Guest
Re: VLX file security
« Reply #6 on: September 30, 2019, 10:15:30 AM »
I'm confused, do you want to know the security of a VLX for your use or distribution? Personally I do not load any VLX files, just too many bad apples out there.

MickD

  • King Gator
  • Posts: 3619
  • (x-in)->[process]->(y-out) ... simples!
Re: VLX file security
« Reply #7 on: September 30, 2019, 06:40:53 PM »
I once had a job where I had to work with just an obfuscated legacy lisp file to create some .net routines to replace it (it was all above board, the person who wrote the code had left the company years before). It wasn't fun and took considerable time so if I could buy your code for $10-$300 or more I'd probably pay for it.

Your situation may be different in that it is more the IP of the data/algorithm that a competitor would find very valuable, if that's the case then I would suggest re-writing the application or module in C++ (ObjectARX).
Again, it's not guaranteed but to get the data/algorithm you basically need to reverse engineer the machine code.
That's about the best you could do really, cracking a licensing system is relatively quite easy compared to extracting an algorithm but if they want it bad enough, they can get it.
"Short cuts make long delays,' argued Pippin.”
J.R.R. Tolkien

JohnK

  • Administrator
  • Seagull
  • Posts: 10604
Re: VLX file security
« Reply #8 on: October 01, 2019, 08:50:33 AM »
Keep it open source; if the program has IP that the competitor would find valuable why would you want to "give" it to them in the first place (compiled or not)? But if you do want others to use the program, keeping it open source will promote improvement to that algorithm.

You are not going to get rich selling interpreted language code.

If you want to protect your name use a license (BSD, GPL, MIT, etc).



> I say `give' because, paying a few hundred--or thousand--dollars for a program a company can use--to save time and effort--is nothing to them in the grand scheme of things. A company has more complicated/different tax laws then you or I.
TheSwamp.org (serving the CAD community since 2003)
Member location map - Add yourself

Donate to TheSwamp.org