How code obfuscation helps protect application data

How code obfuscation helps protect application data

Postby Otto » Thu May 05, 2022 1:13 pm

Hello friends,
Best regards,
Otto

https://mybergland.com/fwforum/obfuscation.mp4
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 6364
Joined: Fri Oct 07, 2005 7:07 pm

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Thu May 05, 2022 1:58 pm

Otto

I presume you are talking about database encryption ... I watched you movie clip about cows ??? in any case, For all my State Government contracts I suggest encrypting all my tables .. specifically any fields that many have any personal information, Names, Addresses, credit card info ... etc ..

Rick Lipkin

Image
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: How code obfuscation helps protect application data

Postby Otto » Thu May 05, 2022 4:22 pm

Rick,

Can you take me a screenshot of what this data looks like when you open the file with a text editor?

How do you do that with the key, that if someone has access to the program, he does not find the key.


Image

Best regards,
Otto

PS: Did you see that the cable that the shepherds used to bring the cows home from the mountain pasture was not connected?
But the cows thought it was the same as it was all summer in the pasture. I think that's funny.

Until the first farmer developed this method, many shepherds were needed to guide the cows safely through the place.
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 6364
Joined: Fri Oct 07, 2005 7:07 pm

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Thu May 05, 2022 5:45 pm

Otto

Here is a snapshot of MsAccess ... Customer table which I only encrypt personal information :

Image

Here is what the Hex looks like ( I presume ) for the same Customer Table ..

Image

The actual .EXE only has text used for my forms ...

PS ...
This is open source Clipper code that I use for the data Encryption and de-encryption .. each field that is to be encrypted has to have one extra space added to the length

Code: Select all  Expand view  RUN

Func ENCRYPT( TO_DO )

LOCAL PADBACK := LEN(TO_DO), DONE := " ", QAZ
TO_DO := ALLTRIM(TO_DO)

FOR QAZ = LEN(TO_DO) TO 1 STEP -1
    DONE := DONE + CHR(ASC(SUBSTR(TO_DO, QAZ, 1)) + 104)
NEXT

RETURN(FILL_OUT(DONE, PADBACK))

//--------------------

Func DENCRYPT( TO_DO )

LOCAL PADBACK := LEN(TO_DO), DONE := " ", QAZ

TO_DO := ALLTRIM(TO_DO)
FOR QAZ = LEN(TO_DO) TO 1 STEP -1
    DONE := DONE + CHR(ASC(SUBSTR(TO_DO, QAZ, 1)) - 104)
NEXT

RETURN(FILL_OUT(DONE, PADBACK))

//----------------------

Func FILL_OUT( FILL_A, FILL_B )

IF PCOUNT() = 1
   FILL_B := 80
ELSE
   IF TYPE("FILL_B") = "C"
      FILL_B := val(Fill_B) //VAL(B)
   ENDIF
   FILL_B := IIF(FILL_B <= 1, 80, FILL_B)
ENDIF
IF FILL_B <= LEN(FILL_A)
   RETURN(FILL_A)
ENDIF

RETURN(FILL_A + SPACE(FILL_B - LEN(FILL_A)))

 


Rick Lipkin
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: How code obfuscation helps protect application data

Postby Otto » Fri May 06, 2022 6:33 am

Thank you, Rick.

This is a good example of obfuscation.

This is not real encryption but a kind and I think valid.

I have some questions left.

What about speed? Have you done speed tests with encryption vs. no?


How about fulltext search and indexing?

What kind of "dBase" editor or myPHPAdmin do you use to look inside your database.
I mean, if you do not want to use the program for a quick lookup.

I do not see what happens if you enter a character which is the ASCII biggest number value, and you add another 104?

https://stackoverflow.com/questions/198 ... mber-value

Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 6364
Joined: Fri Oct 07, 2005 7:07 pm

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Fri May 06, 2022 12:37 pm

Otto

No noticeable different in speed .. specifically population forms .. when it comes to finding values that are encrypted like names .. I de-encrypt names into an array or temp database and use them as usual .. the only drawback to that is it takes a minute or so to decrypt and fill an xbrowse with values.

Rick Lipkin
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: How code obfuscation helps protect application data

Postby Otto » Fri May 06, 2022 3:17 pm

Rick, thank you. I like this encryption.
In an emergency, you can still decrypt the data manually.
If you use other systems, then this is almost no longer possible.
And from my point of view it offers enough protection.

Best regards,
Otto
********************************************************************
mod harbour - Vamos a la conquista de la Web
modharbour.org
https://www.facebook.com/groups/modharbour.club
********************************************************************
User avatar
Otto
 
Posts: 6364
Joined: Fri Oct 07, 2005 7:07 pm

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Fri May 06, 2022 6:26 pm

Otto

After the Colonial Gas data hack ... many of my State Accounts were eager to allow me to upgrade\encrypt their Sql Server or Access applications .. here is an example of the Owner information data entry


Code: Select all  Expand view  RUN

/ ownview.prg
//
//

#INCLUDE "FIVEWIN.CH"

//-------------------------------
FUNC _OwnView( cMODE, oWndMDI )

LOCAL SAYING, oWndChild,oGrps

Local cCompanyName,cCompanyDivision,cCompanyAddress1,cCompanyAddress2
Local cCompanyCity,cCompanyState,cCompanyZip
Local cCompanyPhone,cCompanyFax
Local nLastInvoiceNumber

Local oCompanyName,oCompanyDivision,oCompanyAddress1,oCompanyAddress2
Local oCompanyCity,oCompanyState,oCompanyZip
Local oCompanyPhone,oCompanyFax
Local oLastInvoiceNumber
Local cBillingComment1,cBillingComment2,nPercent
Local oBillingComment1,oBillingComment2,oPercent

Local lOK,lOk1
Local cTITLE

Local oRsUtil,cSql,oErr
Local oBtn1,oBtn2,oIco,oBmp,oFontB

Local oGrp1
Local oSay1,oSay2,oSay3,oSay4,oSay5,oSay6,oSay7,oSay8,oSay9,oSay10

lOK     := .F.    // for busrules
lOk1    := .f.

IF xSUPER = 'Y' .or. xADMIN = 'Y'
ELSE
   SAYING := "SORRY ... Supervisor Rights Only"
   MsgInfo( SAYING )
   RETURN(.F.)
ENDIF

cMODE := "E"

oRsUtil := TOleAuto():New( "ADODB.Recordset" )
oRsUtil:CursorType     := 1        // opendkeyset
oRsUtil:CursorLocation := 3        // local cache
oRsUtil:LockType       := 3        // lockoportunistic

cSQL := "SELECT * From [DataSettings]"

TRY
   oRsUtil:Open( cSQL,xCONNECT )
CATCH oErr
   MsgInfo( "Error in Opening DATASETTINGS table" )
   RETURN(.F.)
END TRY

IF oRsUtil:EOF
   SAYING := "SORRY ... No Systems Parameters Exist.. Would you like to Add "
   Saying += "a Record Now ?"

   If MsgYesNo( SAYING )
   Else
      oRsUtil:CLose()
      oRsUtil := nil
      Return(.f.)
   Endif

   cMode := "A"

ENDIF

LightGreyGrad()

oFontB  := TFont():New("Ms Sans Serif",,-6,.F.,.T. ,,,,.F. )

IF cMODE = "A"

   cCompanyName        := space(51)
   cCompanyDivision    := space(51)
   cCompanyAddress1    := space(36)
   cCompanyAddress2    := space(36)
   cCompanyCity        := space(21)
   cCompanyState       := space(3)
   cCompanyZip         := space(11)
   cCompanyPhone       := space(16)
   cCompanyFax         := space(16)

   If xDatabase = "A"
      nLastInvoiceNumber  := 1000
   Else
      nLastInvoiceNumber  := substr("1000"+space(10),1,10)
   Endif

   cBillingComment1    := space(126)
   cBillingComment2    := space(126)
   nPercent            := 0.000

ELSE

   cCompanyName     := If( empty(oRsUtil:Fields("CompanyName"):Value),space(51),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyName"):Value))+space(51),1,51))
   cCompanyDivision := If( empty(oRsUtil:Fields("CompanyDivision"):Value),space(51),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyDivision"):Value))+space(51),1,51))
   cCompanyAddress1 := If( empty(oRsUtil:Fields("CompanyAddress1"):Value),space(36),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyAddress1"):Value))+space(36),1,36))
   cCompanyAddress2 := If( empty(oRsUtil:Fields("CompanyAddress2"):Value),space(36),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyAddress2"):Value))+space(36),1,36))
   cCompanyCity     := If( empty(oRsUtil:Fields("CompanyCity"):Value),space(16),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyCity"):Value))+space(16),1,16))
   cCompanyState    := If( empty(oRsUtil:Fields("CompanyState"):Value),space(2),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyState"):Value))+space(3),1,3))
   cCompanyZip      := If( empty(oRsUtil:Fields("CompanyZip"):Value),space(11),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyZip"):Value))+space(11),1,11))
   cCompanyPhone    := If( empty(oRsUtil:Fields("CompanyPhone"):Value),space(16),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyPhone"):Value))+space(16),1,16))
   cCompanyFax      := If( empty(oRsUtil:Fields("CompanyFax"):Value),space(16),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("CompanyFax"):Value))+space(16),1,16))

   cBillingComment1 := If( empty(oRsUtil:Fields("BillingComment1"):Value),space(126),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("BillingComment1"):Value))+space(126),1,126))
   cBillingComment2 := If( empty(oRsUtil:Fields("BillingComment2"):Value),space(126),;
                      substr(alltrim(dencrypt(oRsUtil:Fields("BillingComment2"):Value))+space(126),1,126))

   If xDatabase = "A"
      nLastInvoiceNumber  := If( empty(oRsUtil:Fields("LastInvoiceNumber"):Value),1000,;
                                    oRsUtil:Fields("LastInvoiceNumber"):Value)
   Else
      nLastInvoiceNumber  :=  substr(alltrim(oRsUtil:Fields("LastInvoiceNumber"):Value)+space(10),1,10)

     * If( empty(oRsUtil:Fields("LastInvoiceNumber"):Value) ,substr("1000"+space(20),1,20) ,;           //,substr("1000"+space(20),1,20)//,;
     *                               substr(alltrim(oRsUtil:Fields("LastInvoiceNumber"):Value)+space(20),1,20))
   Endif

      nPercent         := If(empty(oRsUtil:Fields("InterestOnAcctRecv"):Value),0.00,;
                        oRsUtil:Fields("InterestOnAcctRecv"):Value)
ENDIF

cTITLE := "System Params "

DO CASE
CASE cMODE = "E"
     cTITLE = "System Params        EDIT"
CASE cMODE = "A"
     cTITLE = "System Params         ADD"
CASE cMODE = "V"
     cTITLE = "System Params        VIEW"
ENDCASE

DEFINE ICON   oIco RESOURCE "CONFIG"
DEFINE BITMAP oBmp RESOURCE "CONFIG"

DEFINE WINDOW oWndChild              ;
       MDICHILD                      ;
       FROM 1,3 to 39,68             ;
       NOMINIMIZE                    ;
       NOZOOM                        ;
       ICON oIco                     ;
       OF oWndMDI                    ;
       TITLE cTITLE


   DEFINE DIALOG oGRPS NAME "OWNVIEW" of oWndChild

          REDEFINE GROUP oGrp1 ID 200 of oGrps
             oGrp1:SetFont( oFontB )
             oGrp1:nClrText := nRgb( 7,7,224 ) // blue

          REDEFINE SAY oSay1 ID 110  of oGrps UPDATE     // companyname
                 oSay1:SetFont( oFontB )
          REDEFINE SAY oSay2 ID 111  of oGrps UPDATE     // companydivision
                 oSay2:SetFont( oFontB )
          REDEFINE SAY oSay3 ID 112  of oGrps UPDATE     // companyaddress1
                 oSay3:SetFont( oFontB )
          REDEFINE SAY oSay4 ID 113  of oGrps UPDATE     // city\state
                 oSay4:SetFont( oFontB )
          REDEFINE SAY oSay5 ID 114  of oGrps UPDATE     // zip
                 oSay5:SetFont( oFontB )
          REDEFINE SAY oSay6 ID 115  of oGrps UPDATE     // phone
                 oSay6:SetFont( oFontB )
          REDEFINE SAY oSay7 ID 116  of oGrps UPDATE     // fax
                 oSay7:SetFont( oFontB )
          REDEFINE SAY oSay8 ID 149  of oGrps UPDATE     // last invoice
                 oSay8:SetFont( oFontB )
          REDEFINE SAY oSay9 ID 174 of oGrps UPDATE     // interest
                 oSay9:SetFont( oFontB )
          REDEFINE SAY oSay10 ID 120 of oGrps UPDATE    // invoice comments
                 oSay10:SetFont( oFontB )


IF cMODE = "A" .or. cMODE = "E"

   REDEFINE GET oCompanyName     VAR cCompanyName     ID 140 of oGRPS UPDATE
   REDEFINE GET oCompanyDivision VAR cCompanyDivision ID 141 of oGRPS UPDATE
   REDEFINE GET oCompanyaddress1 VAR cCompanyAddress1 ID 142 of oGRPS UPDATE
   REDEFINE GET oCompanyAddress2 VAR cCompanyAddress2 ID 143 of oGRPS UPDATE
   REDEFINE GET oCompanyCity     VAR cCompanyCity     ID 144 of oGRPS UPDATE
   REDEFINE GET oCompanyState    VAR cCompanyState    ID 145 of oGRPS PICTURE "@!" UPDATE
   REDEFINE GET oCompanyZip      VAR cCompanyZip      ID 146 of oGRPS UPDATE

   REDEFINE GET oCompanyPhone    VAR cCompanyPhone    ID 147 of oGRPS ;
                valid _PFormat( @cCompanyPhone, oCompanyPhone ) UPDATE
   REDEFINE GET oCompanyFax      VAR cCompanyFax      ID 148 of oGRPS ;
                valid _PFormat( @cCompanyFax, oCompanyFax ) UPDATE

   REDEFINE GET oPercent         var nPercent         ID 173 of oGrps PICTURE "9.999" UPDATE
   REDEFINE GET oBillingComment1 VAR cBillingComment1 ID 117 of oGrps UPDATE
   REDEFINE GET oBillingComment2 VAR cBillingComment2 ID 151 of oGrps UPDATE

   REDEFINE GET oLastInvoiceNumber VAR nLastInvoiceNumber ID 150 of oGrps PICTURE "9999999999" UPDATE

ELSE     // view

   REDEFINE GET oCompanyName     VAR cCompanyName     ID 140 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyDivision VAR cCompanyDivision ID 141 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyaddress1 VAR cCompanyAddress1 ID 142 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyAddress2 VAR cCompanyAddress2 ID 123 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyCity     VAR cCompanyCity     ID 144 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyState    VAR cCompanyState    ID 145 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyZip      VAR cCompanyZip      ID 146 of oGRPS COLOR CLR_BLACK, 15987697 READONLY

   REDEFINE GET oCompanyPhone    VAR cCompanyPhone    ID 147 of oGRPS COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oCompanyFax      VAR cCompanyFax      ID 148 of oGRPS COLOR CLR_BLACK, 15987697 READONLY

   REDEFINE GET oPercent         var nPercent         ID 173 of oGrps PICTURE "9.999" COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oBillingComment1 VAR cBillingComment1 ID 117 of oGrps COLOR CLR_BLACK, 15987697 READONLY
   REDEFINE GET oBillingComment2 VAR cBillingComment2 ID 151 of oGrps COLOR CLR_BLACK, 15987697 READONLY

   REDEFINE GET oLastInvoiceNumber VAR nLastInvoiceNumber ID 150 of oGrps PICTURE "9999999999" COLOR CLR_BLACK, 15987697 READONLY

ENDIF


  REDEFINE BTNBMP oBtn1 ID 160 OF oGrps  ;
         RESOURCE "OK", "DOK", "DOK" ;
         PROMPT "&Ok" LEFT 2007;
         ACTION ( IF(cMODE = "V",lOK := .T. , lOK := _busrules(cCompanyName,oCompanyName) ), ;
                  IF(cMODE = "V",lOK := .T. , If(lOK = .T., _doit( cMODE,cCompanyName,cCompanyDivision,;
                                                                   cCompanyAddress1,cCompanyAddress2,;
                                                                   cCompanyCity,cCompanyState,cCompanyZip,;
                                                                   cCompanyPhone,cCompanyFax,;
                                                                   nLastInvoiceNumber,oRsUtil,;
                                                                   cBillingComment1,cBillingComment2,nPercent),)),;
                                               If(lOK = .T., oWndChild:END(),  ))

   REDEFINE BTNBMP oBtn2 ID 170 OF oGrps  ;
         RESOURCE "CANCEL", "DCANCEL", "DCANCEL" ;
         PROMPT "&Cancel" LEFT 2007;
         ACTION ( oWndChild:END() )
   oBtn2:lCancel := .t.

  ACTIVATE DIALOG oGrps NOWAIT ;  // It has to be NonModal --> NOWAIT clause
           ON INIT oGrps:Move(0,0);
           ON PAINT (PalBmpDraw( hDC, 0, 0, oBmp:hBitmap ));
           VALID (!GETKEYSTATE( 27 ))  // do not allow esc key here

ACTIVATE WINDOW oWndChild ;
   ON INIT (  ;
           oWndChild:bResized := {|| oGrps:SetSize( oWndChild:nWidth, oWndChild:nHeight, .t. ) }, ;
           oGrps:ReFresh());
           VALID ( IIF( !lOk1, ExitPgm( .T.,@lOk1,oRsUtil,oBmp,oFontB ) , .F. ))


RETURN( NIL )

//---------------------------------
Static Func _BusRules(cCOmpanyName,oCompanyName)

LOCAL SAYING

IF cCompanyName  = "  "
   SAYING := "SORRY ... Company Name is a REQUIRED field"
   MsgInfo( SAYING )
   oCompanyName:SetFocus()
   RETURN(.F.)
ENDIF

RETURN(.T.)

//---------------------------------
Static Func _DoIt( cMODE,cCompanyName,cCompanyDivision,;
                         cCompanyAddress1,cCompanyAddress2,;
                         cCompanyCity,cCompanyState,cCompanyZip,;
                         cCompanyPhone,cCompanyFax,;
                         nLastInvoiceNumber,oRsUtil,;
                         cBillingComment1,cBillingComment2,nPercent )

Local nEid,Saying

If cMode = "A"
   nEid := _GenEid()
   If nEid = -1
      Saying := "Error in Creating Unique Row Id"
      MsgInfo( Saying )
      Return(.f.)
   Endif

   oRsUtil:AddNew()
   oRsUtil:Fields("DataSettingEid"):Value := nEid

Endif

oRsUtil:Fields("CompanyName"):Value      := encrypt(cCompanyName)
oRsUtil:Fields("CompanyDivision"):Value  := encrypt(cCompanyDivision)
oRsUtil:Fields("CompanyAddress1"):Value  := encrypt(cCompanyAddress1)
oRsUtil:Fields("CompanyAddress2"):Value  := encrypt(cCompanyAddress2)
oRsUtil:Fields("CompanyCity"):Value      := encrypt(cCompanyCity)
oRsUtil:Fields("CompanyState"):Value     := encrypt(cCompanyState)
oRsUtil:Fields("CompanyZip"):Value       := encrypt(cCompanyZip)
oRsUtil:Fields("CompanyPhone"):Value     := encrypt(cCompanyPhone)
oRsUtil:Fields("CompanyFax"):Value       := encrypt(cCompanyFax)

oRsUtil:Fields("LastInvoiceNumber"):Value   := nLastInvoiceNumber
oRsUtil:Fields("BillingComment1"):Value  := encrypt(cBillingComment1)
oRsUtil:Fields("BillingComment2"):Value  := encrypt(cBillingComment2)
oRsUtil:Fields("InterestOnAcctRecv"):Value  := nPercent

oRsUtil:Update()

RETURN(NIL)

//-------------------
Static Func _GenEid()

LOCAL nRAND
LOCAL oRs, cSQL, oERR

oRs:= TOleAuto():New( "ADODB.Recordset" )
oRs:CursorType     := 1        // opendkeyset
oRs:CursorLocation := 3        // local cache
oRs:LockType       := 3        // lockoportunistic

cSQL := "SELECT DataSettingEid From [DataSettings]"

TRY
   oRs:Open( cSQL,xCONNECT )
CATCH oErr
   MsgInfo( "Error in Opening DATASETTING table to Create Unique EID" )
   RETURN(-1)
END TRY

DO WHILE .T.

   nRAND := nRANDOM(10000000000000000)

   // 1 is reserved and 0 is a null key //

   IF nRAND = 1 .or. nRAND = 0 .or. nRAND = NIL
      LOOP
   ENDIF

   IF oRs:eof
   ELSE
      oRs:MoveFirst()
      oRs:Find("DataSettingEid = "+ltrim(str(nRand)) )
   ENDIF

   IF oRs:eof
      EXIT
   ELSE
      LOOP
   ENDIF

   EXIT

ENDDO

oRs:Close()
oRs := nil

RETURN( nRAND )


//-----------------------
Static FUNCTION ExitPgm( lClean,lOk1,oRsUtil,oBmp,oFontB )

IF lCLEAN = .T.
   lOk1 := .T.

   oRsUtil:CLose()
   oBmp:End()
   RELEASE oFontB

*   msginfo( "Closing" )

ENDIF

RETURN( lClean )


//-- END
 


And here is the .rc
Code: Select all  Expand view  RUN


#include <windows.h>
#include <commctrl.h>
//#include "resource.h"

#ifndef WC_STATIC
#define WC_STATIC L"Static"
#endif

#ifndef MONTHCAL_CLASS
#define MONTHCAL_CLASS "SysMonthCal32"
#endif

#ifndef DATETIMEPICK_CLASS
#define DATETIMEPICK_CLASS "SysDateTimePick32"
#endif





//
// Dialog resources
//
LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
OWNVIEW DIALOG 6, 6, 353, 343
STYLE DS_SETFONT | WS_CHILDWINDOW
FONT 6, "MS Sans Serif"
{
    EDITTEXT        140, 70, 51, 137, 12, 0, WS_EX_LEFT
    EDITTEXT        141, 70, 65, 137, 12, 0, WS_EX_LEFT
    EDITTEXT        142, 70, 79, 137, 12, 0, WS_EX_LEFT
    EDITTEXT        143, 70, 93, 137, 12, 0, WS_EX_LEFT
    EDITTEXT        144, 70, 107, 110, 12, 0, WS_EX_LEFT
    EDITTEXT        145, 186, 107, 21, 12, 0, WS_EX_LEFT
    EDITTEXT        146, 70, 121, 70, 12, 0, WS_EX_LEFT
    EDITTEXT        147, 70, 141, 70, 12, 0, WS_EX_LEFT
    EDITTEXT        148, 70, 155, 70, 12, 0, WS_EX_LEFT
    EDITTEXT        150, 82, 195, 70, 12, 0, WS_EX_LEFT
    CONTROL         "&Ok", 160, "TBtnBmp", 0x50010020, 235, 297, 45, 25, 0x00000000
    CONTROL         "&Cancel", 170, "TBtnBmp", 0x50010020, 285, 297, 45, 25, 0x00000000
    GROUPBOX        "  Owner Information ", 200, 8, 30, 274, 153, 0, WS_EX_LEFT
    LTEXT           "Company", 110, 13, 51, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Address", 112, 13, 79, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "City\\State", 113, 13, 107, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Zip Code", 114, 13, 121, 54, 12, NOT WS_GROUP | SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Phone", 115, 13, 141, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Fax", 116, 13, 155, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Last Invoice", 149, 11, 195, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    LTEXT           "Division", 111, 13, 65, 54, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    EDITTEXT        173, 110, 210, 42, 12, ES_RIGHT, WS_EX_LEFT
    LTEXT           "Interest on Over-Due Accounts                     ( Example 0.05 = 5% )", 174, 11, 210, 94, 27, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
    EDITTEXT        117, 11, 256, 330, 12, ES_AUTOHSCROLL, WS_EX_LEFT
    EDITTEXT        151, 11, 270, 330, 12, ES_AUTOHSCROLL, WS_EX_LEFT
    LTEXT           "Invoice Billing Comments", 120, 11, 243, 117, 12, SS_LEFT | SS_NOPREFIX, WS_EX_LEFT
}
 
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: How code obfuscation helps protect application data

Postby toninhofwi » Mon May 16, 2022 12:24 pm

Otto, try asProtect:

http://www.aspack.com/asprotect32.html

Regards,

Toninho.
toninhofwi
 
Posts: 172
Joined: Tue Oct 18, 2005 10:01 am

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Mon May 16, 2022 3:45 pm

To All

I Too use Aspack ... the only problem with that is the data is still vulnerable .. Aspack only compresses the .EXE and does nothing for the data .. If I were a "for ransom" crook .. I would care les about the executable .. I would want to steal the data and if not encrypted .. you better get prepared to pay a ransom .. .. I am not cheap, but reasonable :D

Rick Lipkin
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA

Re: How code obfuscation helps protect application data

Postby MarcoBoschi » Tue May 17, 2022 10:24 am

Rick and Otto,
in your opinion a dbfcdx table encrypted with and populated

LOCAL cPassword := "12345678"

SELECT 0
USE customers
DBINFO( DBI_PASSWORD, cPassord )

can a skilled hacker to decode the content of customers.dbf ?

perhaps even knowing the clipper world (dbfcdx = clipper) by downloading the source he can understand how encryption works
User avatar
MarcoBoschi
 
Posts: 1066
Joined: Thu Nov 17, 2005 11:08 am
Location: Padova - Italy

Re: How code obfuscation helps protect application data

Postby Rick Lipkin » Tue May 17, 2022 4:16 pm

Marco

Here is a screen shot of a Customer table in Sql .. not that much different than .DBf .. I am not saying one could probably de-encrypt the encryption algorithm given enough time, but most ransom crooks don't want to spend the time to de-encrypt the data .. to them, they just want the EASY and quick un-encrypted robbery .. and hold that compony for ransom .. To a crook .. it is not worth the time to crack an encryption algorithm .. just move on to the next guy for the easy money.

Rick Lipkin

Image
User avatar
Rick Lipkin
 
Posts: 2666
Joined: Fri Oct 07, 2005 1:50 pm
Location: Columbia, South Carolina USA


Return to FiveWin for Harbour/xHarbour

Who is online

Users browsing this forum: No registered users and 99 guests