Reverse-Engineer RunRev Standalone?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Reverse-Engineer RunRev Standalone?

Jay Listo
I tried to read a RunRev Standalone (.exe)...apparently the first parts
all make it look like it's a binary file, unreadable.
Towards the end, I start seeing menu and button label strings, and even
extracts of transcript code...well, comments in scripts are certainly
easy prey.  This may not be as different as using the unix command
'strings' to check out  an executable, but just may be simpler...I'm not
sure.

How easy is it to reverse-engineer a RunRev standalone?

_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution
Reply | Threaded
Open this post in threaded view
|

Re: Reverse-Engineer RunRev Standalone?

Richard Gaskin
Jay Listo wrote:
> I tried to read a RunRev Standalone (.exe)...apparently the first parts
> all make it look like it's a binary file, unreadable.
> Towards the end, I start seeing menu and button label strings, and even
> extracts of transcript code...well, comments in scripts are certainly
> easy prey.  This may not be as different as using the unix command
> 'strings' to check out  an executable, but just may be simpler...I'm not
> sure.
>
> How easy is it to reverse-engineer a RunRev standalone?

The file format is pretty complex.  What are you looking to do?

--
  Richard Gaskin
  Fourth World Media Corporation
  __________________________________________________
  Rev tools and more: http://www.fourthworld.com/rev
_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution
Reply | Threaded
Open this post in threaded view
|

Re: Reverse-Engineer RunRev Standalone?

Jay Listo
Not looking to do anything per se, just opened the .exe with 'vi' and
'more'...just wondering how well protected my code would  be from prying
eyes.

Would this be an issue to be concerned about?  Is it possible (or usual)
to try prevent or minimise reverse-engineering of standalones?

Richard Gaskin wrote:

> Jay Listo wrote:
>
>> I tried to read a RunRev Standalone (.exe)...apparently the first
>> parts all make it look like it's a binary file, unreadable.
>> Towards the end, I start seeing menu and button label strings, and
>> even extracts of transcript code...well, comments in scripts are
>> certainly easy prey.  This may not be as different as using the unix
>> command 'strings' to check out  an executable, but just may be
>> simpler...I'm not sure.
>>
>> How easy is it to reverse-engineer a RunRev standalone?
>
>
> The file format is pretty complex.  What are you looking to do?
>
> --
>  Richard Gaskin
>  Fourth World Media Corporation
>  __________________________________________________
>  Rev tools and more: http://www.fourthworld.com/rev
> _______________________________________________
> use-revolution mailing list
> [hidden email]
> http://lists.runrev.com/mailman/listinfo/use-revolution
>
_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution
Reply | Threaded
Open this post in threaded view
|

Re: Reverse-Engineer RunRev Standalone?

Klaus major-k
Hi Jay,

> Not looking to do anything per se, just opened the .exe with 'vi'  
> and 'more'...just wondering how well protected my code would  be  
> from prying eyes.
>
> Would this be an issue to be concerned about?  Is it possible (or  
> usual) to try prevent or minimise reverse-engineering of standalones?

If you password protect your stack(s) before building a standalone,  
you can still
open it in in e.g. "vi" and other editors, but the scripts etc... are  
not readable anymore :-)


Regards

Klaus Major
[hidden email]
http://www.major-k.de

_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution
Reply | Threaded
Open this post in threaded view
|

Re: Reverse-Engineer RunRev Standalone?

Jay Listo
In reply to this post by Jay Listo
Thanks Klaus and Andre...encrypting the stack before generating the
Standalone may just be enough to keep away the hobbyist hackers and
script kiddies.

Assuming the password chosen is "good" enough, what algorithm is
actually used to encrypt the stack?
This would certainly give a better idea of the degree of protection
provided.

_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution
Reply | Threaded
Open this post in threaded view
|

Re: Reverse-Engineer RunRev Standalone?

Richard Gaskin
Jay Listo wrote:
> Assuming the password chosen is "good" enough, what algorithm is
> actually used to encrypt the stack?
> This would certainly give a better idea of the degree of protection
> provided.

The current algorithm has been described as a variant of DES.

Stronger encryption methods have been invented since it was implemented,
and perhaps we'll see the encryption scheme change sometime.

But in the meantime, the level of programmer who can decrypt DES can
probably also figure out your algorithms just by using your program.
It's probably more cost-effective to do that anyway:  in most cases it
doesn't violate copyright to do that, and I find it's often easier to
write code from scratch than piece together an understanding of someone
else's unless it's well documented.

Code obfuscation can help:  make extra dummy handlers and name things
related to your product's security with misleading names, and spread
them out throughout the code base.  Nothing can stop the ardent hacker
(game companies spend billions on security and hope for little more than
60 days before they expect to see a crack posted), but sometimes you can
annoy them beyond the benefit of bothering.

This Anti Cracking FAQ is good fun:
<http://www.inner-smile.com/nocrack.phtml>

--
  Richard Gaskin
  Fourth World Media Corporation
  __________________________________________________
  Rev tools and more: http://www.fourthworld.com/rev
_______________________________________________
use-revolution mailing list
[hidden email]
http://lists.runrev.com/mailman/listinfo/use-revolution