Download MetaTrader 5

Protect MT4 EA against Decompiling

To add comments, please log in or register
Publish your article. Millions of traders are looking for good ideas!
Julian Sternberg
1038
Julian Sternberg 2013.04.03 21:59 

Hi Guys,

i'm thinking about how to protect my own programmed EA against decompiling by other people and thinking about a server based solution were the EA needs to connect to my server and get their trade data over something like an api with key authentication.

So my question is, has anybody done this already and can give me some inspirating hints how to do this?


Kind Regards

Jules

Alain Verleyen
Moderator
30743
Alain Verleyen 2013.04.03 22:12  
Jules81:

Hi Guys,

i'm thinking about how to protect my own programmed EA against decompiling by other people and thinking about a server based solution were the EA needs to connect to my server and get their trade data over something like an api with key authentication.

So my question is, has anybody done this already and can give me some inspirating hints how to do this?


Kind Regards

Jules

For MT4 issue it's better to ask on MT4 forum.
MQL4: automated trading forum
  • www.mql5.com
MQL4: automated trading forum
Sergey Golubev
Moderator
93726
Sergey Golubev 2013.04.04 20:11  

Hi Jules81,

It is not possible to protect MT4 code against it. Even if you will use dll - I think - some most important functions can not be transfered to dll sorry. My suggestion - move your activity to MT5 :) 

Alain Verleyen
Moderator
30743
Alain Verleyen 2013.04.04 20:18  
newdigital:

Hi Jules81,

It is not possible to protect MT4 code against it. Even if you will use dll - I think - some most important functions can not be transfered to dll sorry. My suggestion - move your activity to MT5 :) 

If a DLL isn't secure, a EX5 isn't either. Security is always relative to the means to implement to break a code.
tmoore
161
tmoore 2013.04.04 23:58  
Jules81:

Hi Guys,

i'm thinking about how to protect my own programmed EA against decompiling by other people and thinking about a server based solution were the EA needs to connect to my server and get their trade data over something like an api with key authentication.

So my question is, has anybody done this already and can give me some inspirating hints how to do this?


Kind Regards

Jules

Hi Jules,

Your MT4 code will always be unsecure so you will have to transfer some critical functions to a DLL, I have not done this before but would advise that you dont use c# or vb.net for the DLL. These can be de-compiled easily so you should probably compile PE code using vc++ ..

There are documented methods for making DLL calls from MT4, you would have to expose some functions from the DLL that MT4 can call.. (or someone could call from there app if they de-compile your ex4 and emulate the calls)

I would reccommend that you write an external application to make your published API calls for trade data, the DLL would act as an interface between MT4 and your trade-feed app.

The security is then down to your application and MT4 becomes a zombie and takes all trade data from your trade source application.

Public Key authentication using SSL certificates is widely documented and can be used in combination with SOAP and/or WSDL or your own API for trade data feeds .. maybe even implement it via RSS?

Just thoughts,

Tim 

Julian Sternberg
1038
Julian Sternberg 2013.04.05 04:48  
tmoore:

Hi Jules,

Your MT4 code will always be unsecure so you will have to transfer some critical functions to a DLL, I have not done this before but would advise that you dont use c# or vb.net for the DLL. These can be de-compiled easily so you should probably compile PE code using vc++ ..

There are documented methods for making DLL calls from MT4, you would have to expose some functions from the DLL that MT4 can call.. (or someone could call from there app if they de-compile your ex4 and emulate the calls)

I would reccommend that you write an external application to make your published API calls for trade data, the DLL would act as an interface between MT4 and your trade-feed app.

The security is then down to your application and MT4 becomes a zombie and takes all trade data from your trade source application.

Public Key authentication using SSL certificates is widely documented and can be used in combination with SOAP and/or WSDL or your own API for trade data feeds .. maybe even implement it via RSS?

Just thoughts,

Tim 

Thanks Tim,


that was a good inspiration and facts.
yes that would always be a big problem since decompiling happens there were it parses the real code to the MT client.

i better forget about it ;-)

To add comments, please log in or register