Download MetaTrader 5
To add comments, please log in or register
Any questions regarding MQL5 Cloud Network? FAQ will help you!
Marcos Silva
359
Marcos Silva 2014.02.18 12:00 

Hi,

I read about the new mql4(Build 600+) and already updated my EAs, now i have a question. How secure is the new protection against crackers and other types of executable cracking and modifying the code. EX: hex editing date of expiration, memory dumps, etc.. How secure is a simple time restriction(expiration date) on a EA now? How to implement new protection techniques using the new language?

ex:

bool Expire=TimeCurrent()>StrToTime("2014.09.30 00:00");
    if( Expire ) {
                Print("Demo period has expired: 2014.09.30 00:00 -  Contact: investguy@gmail.com ");
                return(1);
        }  

Thanks

Alain Verleyen
Moderator
30635
Alain Verleyen 2014.02.18 12:09  

From what Renat (CEO of Metaquotes) said :

  • New ex4 are native code (like DLL) and no more pseudo code. So they are more difficult to decompile.
  • ex4 are compressed (or other obfuscation technique not known) so have decompiled it's hard to understand it.
  • ex4 for Market are encrypted. The exact technique used is not publicly available.

I report these information from memory, so I hope I don't make a mistake. Also I don't check these informations in practice.

Marcos Silva
359
Marcos Silva 2014.02.18 13:30  
Thank You for the answer but it didn't add much to my knowledge. Is it possible to decompile? might be possible in near future? (any bets?)
Alain Verleyen
Moderator
30635
Alain Verleyen 2014.02.18 13:35  
investguy:
Thank You for the answer but it didn't add much to my knowledge. Is it possible to decompile? might be possible in near future? (any bets?)

AFAIK, an encrypted product can't be decompiled. You have to decrypt it first. A product can always be decompiled. But it's a matter of costs. If it cost you 10$ to decompile an old ex4, maybe the new ex4 will need 1,000,000$ (just to say something). You got the idea ?

whroeder1
14457
whroeder1 2014.02.18 13:45  
StrToTime("2014.09.30 00:00");

A pure string is easy to hack. Try compiling it and seeing if the string is visible in the ex4. It's supposed to be encrypted now (Build 6xx). Verify.

Also why use a string at all? Use a real 8 byte datetime.

#define EXPIRATION D'2014.09.30 00:00'
Marcos Silva
359
Marcos Silva 2014.02.18 14:15  

It is encrypted but unfortunately the property variables are still visible.

whroeder1
14457
whroeder1 2014.02.18 15:17  
investguy: It is encrypted but unfortunately the property variables are still visible.
That's not unfortunate, that's on purpose. If you can't read the copywrite in the file, then it's not copywrited. But the date string isn't visible.
forexrunner
148
forexrunner 2014.02.18 16:19  
investguy:

Hi,

I read about the new mql4(Build 600+) and already updated my EAs, now i have a question. How secure is the new protection against crackers and other types of executable cracking and modifying the code. EX: hex editing date of expiration, memory dumps, etc.. How secure is a simple time restriction(expiration date) on a EA now? How to implement new protection techniques using the new language?

ex:

Thanks


AFAIK, there is not the possibility, until now, of a decompiler currently working for .ex4 compiled with Build 6xx


BUT, the problem with your code, for anyone really interested in cracking it, is that it is very easy to turn your

if (condition...)

to

if (!condition

Or even easier, to NOP that return(1)

To resume, Decompiling is not possible now.


But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.

whroeder1
14457
whroeder1 2014.02.18 17:04  
yokinfx: But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.
It not supposed to be machine code, it's supposed to be encrypted.
Alain Verleyen
Moderator
30635
Alain Verleyen 2014.02.18 17:12  
yokinfx:


AFAIK, there is not the possibility, until now, of a decompiler currently working for .ex4 compiled with Build 6xx


BUT, the problem with your code, for anyone really interested in cracking it, is that it is very easy to turn your

to

Or even easier, to NOP that return(1)

To resume, Decompiling is not possible now.


But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.

Really ? Can you prove it ?
Ahmed Soliman
15683
Ahmed Soliman 2014.02.18 20:10  
Put your code in a DLL. That's the award winning answer since MQL2.
/ /123
To add comments, please log in or register