Author Topic: fas file security  (Read 11273 times)

0 Members and 1 Guest are viewing this topic.

Amsterdammed

  • Swamp Rat
  • Posts: 507
  • Revit MEP 2016 Acad2013, OPEN DCL
fas file security
« on: September 09, 2005, 04:20:17 AM »
Hello experts,

I write some applications for our HVAC Company. And since they pay it they have the desire to keep it "in-house".

So I did build in some check out of the registry, and made it a fas file. But how save is a fas file?

Thanks in Advance,

Bernd
Bernd

MP

  • Seagull
  • Posts: 17527
Re: fas file security
« Reply #1 on: September 09, 2005, 09:13:28 AM »
It's apparently cracked; I've seen discussions and links to decompilers for the last couple years (don't ask me, I won't provide).

In short, if security is absolutely critical one way to provide a reasonable amount of privacy is to compile sensitive portions of the program to a dll, and then call the dll from lisp. Further, there are obfuscators available for dlls.
\|// Set goal. Experiment tirelessly until
|Oo| practice has become expertise.  Loop.
|- | LinkedIn | Dropbox

Amsterdammed

  • Swamp Rat
  • Posts: 507
  • Revit MEP 2016 Acad2013, OPEN DCL
Re: fas file security
« Reply #2 on: September 09, 2005, 09:31:42 AM »
Mike,

don't worry, i won't ask. I don't want to crack, i want to secure my stuff.

So how can i comiple a lisp into a dll and call it later?

Bernd

John Kaul (Se7en)

  • Administrator
  • Needs a day job
  • Posts: 9297
Re: fas file security
« Reply #3 on: September 09, 2005, 09:39:55 AM »
AutoCAD only has the xlisp intrip. included in the core. FAS-VLX is nothing more then character substitution. (Or encryption if you will.)
“Common sense is not so common.” ~Voltaire

--> Donate to TheSwamp.org <--

hudster

  • Gator
  • Posts: 2846
Re: fas file security
« Reply #4 on: September 09, 2005, 09:57:32 AM »
From what I've seen on the user groups, vlx files are meant to be perfectly safe & uncrackable, if ever I write something of value, that would be the method I'd choose.
Revit BDS 2017, 2016, 2015, 2014, AutoCAD 2017, 2016, Navisworks 2017, 2016, BIM360 Glue

Amsterdammed

  • Swamp Rat
  • Posts: 507
  • Revit MEP 2016 Acad2013, OPEN DCL
Re: fas file security
« Reply #5 on: September 09, 2005, 10:19:49 AM »
so, nothin's safe, se7en?
Bernd

MP

  • Seagull
  • Posts: 17527
Re: fas file security
« Reply #6 on: September 09, 2005, 10:24:24 AM »
Mike Michael,

don't worry, i won't ask. I don't want to crack, i want to secure my stuff.

So how can i comiple a lisp into a dll and call it later?


To compile an activex dll you need a suitable compiler, for example, Visual BASIC, Delphi etc. (and the ability to code in the appropriate language).

I've a busy weekend coming up but I'll try to provide a skeleton Visual BASIC version c/w the Visual LISP wrapper.
\|// Set goal. Experiment tirelessly until
|Oo| practice has become expertise.  Loop.
|- | LinkedIn | Dropbox

John Kaul (Se7en)

  • Administrator
  • Needs a day job
  • Posts: 9297
Re: fas file security
« Reply #7 on: September 09, 2005, 10:44:07 AM »
so, nothin's safe, se7en?
Well i wouldnt go that far. Alot of people dont even know the basics about encryption/decryption. (And some think they know and in reality dont know a darn thing.)  I dont think you will have a problem at all if you go with the VLX format. (I was just trying to say that you need to be aware that "compiling" in AutoCAD isnt really compiling. its more like encryption.)
“Common sense is not so common.” ~Voltaire

--> Donate to TheSwamp.org <--

MP

  • Seagull
  • Posts: 17527
Re: fas file security
« Reply #8 on: September 09, 2005, 10:52:28 AM »
And some think they know and in reality dont know a darn thing.

Anyone we know?
\|// Set goal. Experiment tirelessly until
|Oo| practice has become expertise.  Loop.
|- | LinkedIn | Dropbox

John Kaul (Se7en)

  • Administrator
  • Needs a day job
  • Posts: 9297
Re: fas file security
« Reply #9 on: September 09, 2005, 11:13:54 AM »
*click* Yeah! John for one.

What?! I know encryption...well okay, maybe i dont but i like to think i do.

Told ya.
“Common sense is not so common.” ~Voltaire

--> Donate to TheSwamp.org <--

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16727
  • Superior Stupidity at its best
Re: fas file security
« Reply #10 on: September 09, 2005, 11:23:24 AM »
so, nothin's safe, se7en?
Well i wouldnt go that far. Alot of people dont even know the basics about encryption/decryption. (And some think they know and in reality dont know a darn thing.) I dont think you will have a problem at all if you go with the VLX format. (I was just trying to say that you need to be aware that "compiling" in AutoCAD isnt really compiling. its more like encryption.)

You are correct in so many words ... however you are incorrect about the FAS and VLX files being encrypted. FAS and VLX files are defacto compiled binaries except DCL and Text files that are included as part of the project are merely appended to the end of the VLX file during compilation.

The problem with FAS and VLX files (as with any compiled executable) is that they ALWAYS follow a specific format ... that format can be easily discovered by doing a comparative study of the sequence of commands in the file.

For example, once you have the knowledge of what "0E 4D A1" does you can presumably follow that example and contine with decompilation. The main problem with this is that compiled code is rarely executed in sequential order, thus it becomes difficult to near impossible to reconstitute the original source code, BUT you can produce something that is really close and editable by following conditional jumps, code segments and the like. A good understanding of assembly language is also a prerequisite, but is not required.

My intent is not to debate symantics of encryption vs. compilation because they are essentially the same except during encryption the key is generally not known, while in compilation the key is ALWAYS known, in fact it is the same for every type of compiled binary file ... otherwise we wouldn't be able to read them.

Bottom line is that FAS is readily decompiled back into "pseudo assembly" code with certain code segments being able to be easily reconstituted. VLX files are a little more difficult to decompile, but only if you use a seperate namespace and optimize the code during compilation. It is also advisable to use multiple lisp files rather than have a single lisp file with all of your code in it. This way when the VLX is compiled the individual lisps are seperated and are more difficult to decompile.

VB also has it's share of problems and can also be readily decompiled into readable code segments. In VB it is advisable to NOT use the native P-Code option, as it makes it more readily decompilable.

C and C++ binaries exhibit the best protection against decompilation, but also can be readily decompiled into assembly, and thus with a working knowledge of assembly it too can be reconstituted, albeit much more difficult.

So, it would be safe to assume that "nothin' is safe" ...
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

Amsterdammed

  • Swamp Rat
  • Posts: 507
  • Revit MEP 2016 Acad2013, OPEN DCL
Re: fas file security
« Reply #11 on: September 10, 2005, 06:38:49 AM »
Keith,
Keith,
you are stunning as usual. :-D

But what i really wanted to know was not if some rocket scientist could break my code, but one of my smart as ex co workers or our it guy (biggest threat) can simply go online and find on the net a way to get into my fas files. And learned form this link that I will change it into a vlx. Should have done before, there are a lot of lisp files in this application, and only compiled them into fas files.

Till now I was save the way I did it, it looks like. Once a ex worker took the stuff with him to a competitor off us but had to see it didn't run there. Than this Einstein called a college of me to ask him why (definitely not one off the rocket scientist).

But in general, what parameter out off the registry would you use to make it run only on your system? (if the code is cracked that doesn't matter, I know, just curios
Bernd

Crank

  • Swamp Rat
  • Posts: 1443
Re: fas file security
« Reply #12 on: September 10, 2005, 09:02:56 AM »
...
But in general, what parameter out off the registry would you use to make it run only on your system? (if the code is cracked that doesn't matter, I know, just curios
In the past I've used MaxArray to protect a file from being used in a different environment.
Code: [Select]
(setenv "MaxArray" "99990"); default is 100000
Code: [Select]
(if (/= (getenv "MaxArray") "99990")
    (exit)
)
« Last Edit: September 10, 2005, 09:09:13 AM by Crank »

 Vault Professional 2018     /      Building Design Suite Ultimate 2017     /     AEC Collection 2018 + 2019 +2020

Keith™

  • Villiage Idiot
  • Seagull
  • Posts: 16727
  • Superior Stupidity at its best
Re: fas file security
« Reply #13 on: September 10, 2005, 10:57:34 AM »
In an office where everyone is simple hacks I use the environment in the same manner as Crank .. except I use a different item that is office specific ...

Of course if the code is cracked it doesn't matter
Proud provider of opinion and arrogance since November 22, 2003 at 09:35:31 am
CadJockey Militia Field Marshal

MP

  • Seagull
  • Posts: 17527
Re: fas file security
« Reply #14 on: September 10, 2005, 11:03:11 AM »
I use the user's ipaddress, if it's not in our range, punt (but ditto Keith's last statement).
\|// Set goal. Experiment tirelessly until
|Oo| practice has become expertise.  Loop.
|- | LinkedIn | Dropbox