Re: [Lazarus] Make unreadable names into bunary
2012/4/4 Kjow antispamm...@gmail.com: Hi all, I would make unreadable functions/components/classes/etc names into the binary built. I noticed that with an hex editor I can see things like TButton, width, heigh etc. Avoiding this, could make also more difficul a reverse engeneering with the binary. Is there an option to enable this in compiling? Thank you, Kjow Thank you all for replies :) Kjow -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
[Lazarus] Make unreadable names into bunary
Hi all, I would make unreadable functions/components/classes/etc names into the binary built. I noticed that with an hex editor I can see things like TButton, width, heigh etc. Avoiding this, could make also more difficul a reverse engeneering with the binary. Is there an option to enable this in compiling? Thank you, Kjow -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] Make unreadable names into bunary
On 4-4-2012 16:10, Kjow wrote: Hi all, I would make unreadable functions/components/classes/etc names into the binary built. I noticed that with an hex editor I can see things like TButton, width, heigh etc. Avoiding this, could make also more difficul a reverse engeneering with the binary. Is there an option to enable this in compiling? That's called obfuscating the code. See tools/options/jcf format settings/obfuscate to see what that does. Haven't tried it, probably requires codetools/jedi code format packages... Regards, Reinier -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] Make unreadable names into bunary
On Wed, Apr 04, 2012 at 04:10:46PM +0200, Kjow wrote: I would make unreadable functions/components/classes/etc names into the binary built. I noticed that with an hex editor I can see things like TButton, width, heigh etc. Yes. These are needed to stream forms. Avoiding this, could make also more difficul a reverse engeneering with the binary. On Windows, use tools that encrypt the whole binary. They usually allow resources to keep working. (at least they do with delphi) Is there an option to enable this in compiling? No, the form based streaming is a corner stone of the designer. -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
Re: [Lazarus] Make unreadable names into bunary
Kjow schrieb: Hi all, I would make unreadable functions/components/classes/etc names into the binary built. I noticed that with an hex editor I can see things like TButton, width, heigh etc. These names must match the declarations of the components and properties in LCL source code, so that the resource loader can find the registered classes and their published properties. This means that you have to use an obfuscated LCL, with obfuscated class and property names. The component names instead can be choosen freely, but I don't see an improvement when e.g. a TButton is renamed from Button1 to something else - its class name still will be readable. Skilled hackers still may get many (type) names from a running executable, depending on the platform and widgetset. A decompiler (like IDA) also will reveal much of the source code, in all OO languages. This is why I never wrote an decompiler for Pascal (Delphi/FPC) binaries, to discourage sniffing in other peoples' apps. In practice it's much easier to use a tool that compresses an executable into a self-expanding archive. Then the names can no more be found in the files on disk, and the size of the distributed files can become much smaller. And use the FPC and LCL *trunk* versions, to build your distributed apps, so that no decompiler will succeed in matching parts of the code with a *release* version of the libraries. Graeme may praise fpGUI now again, which AFAIK does not use resources for the creation of the components on a form. Newer Delphi versions, in contrast, are much more verbose about application details, in the extended RTTI that is enabled by default and becomes part of every binary; turing it off is very complicated, must be done in every single unit, and for many types (classes, records...). DoDi -- ___ Lazarus mailing list Lazarus@lists.lazarus.freepascal.org http://lists.lazarus.freepascal.org/mailman/listinfo/lazarus
