NewsForumsCodeLogsGallerySpecsSearch

Reverse Engineering

BlitzMax Forums/BlitzMax Programming/Reverse Engineering

BLaBZ(Posted 2013) [#1]
I just discovered .NET Reflector for c# and it puts me on edge about distributing applications I've spent a long time writing.

Is it possible\easy to retrieve the source code from a compiled blitzMAX application?

Thanks!


Yasha(Posted 2013) [#2]
-- it is not possible to retrieve true source code from a machine-code binary (ignoring e.g. if it built in debug data), because a lot of data is lost (e.g. variable names, comments, distinctions between the different kinds of loop, etc. Much of the data that .NET keeps isn't present

-- that said BlitzMax does keep some names (to types, methods, and function pointers) hanging around for its own much more limited reflection system

-- it is possible to rebuild a loosely procedural (e.g. low-level C) style program, with loops, ifs, and unnamed procedures and variables, out of assembly code

-- BlitzMax's assembly code is very similar to the original source as it doesn't perform many transformations (inlining and the like). In general its assembly is quite easy to read

-- A skilled assembly coder can often see what a short segment of code does without needing to reconstruct it

So no, you can't get the source back - but you can easily disassemble the binary and look at the assembly code for it, and there are tools that can attempt to reconstruct function and loop bodies out of assembly code with varying levels of success; with very conservative, conventional assembly code they may produce something reasonably accurate. Therefore, you should assume that any algorithm explicitly written out in your code can be seen by the end user, but they won't necessarily know what it's there for.

Fundamentally there is absolutely no way to protect code that runs on the end user's machine. There is no level of obfuscation that will ever be "secure". If you really need to hide your process, run it as a web app on your own server. Once it's on the end user's machine they could be doing anything with it, up to and including running it in some kind of analytical VM that notes down everything the program does.

If you're just worried about them stealing your ideas, that's what copyright is for. The law protects you in a way that mechanical means can't - if the user isn't licensed to look at how your program works and steal its concepts, they can't do it, even if you included the source code by mistake.


(In practice the answer is "no": the average home user has neither the skill nor the time to even begin to understand a BlitzMax binary - if Google want to know, they'll find out, but lesser mortals, probably not.)


BLaBZ(Posted 2013) [#3]
Wow phenomenal answer Yasha. You continue to be a wealth of information :) Thank you.


dynaman(Posted 2013) [#4]
For .net you want to use an obfuscator (same for Java). They take your executable and make it unreadable while still being 100% functional.

No knowledge of their use myself, all my code is custom built for the customer at hand so no need to obfuscate it.