Code Protection: New MQL4 language(Build 600+) decompilation protection and other crack techniques.

To add comments, please log in or register
Marcos Silva
369
Marcos Silva  

Hi,

I read about the new mql4(Build 600+) and already updated my EAs, now i have a question. How secure is the new protection against crackers and other types of executable cracking and modifying the code. EX: hex editing date of expiration, memory dumps, etc.. How secure is a simple time restriction(expiration date) on a EA now? How to implement new protection techniques using the new language?

ex:

bool Expire=TimeCurrent()>StrToTime("2014.09.30 00:00");
    if( Expire ) {
                Print("Demo period has expired: 2014.09.30 00:00 -  Contact: investguy@gmail.com ");
                return(1);
        }  

Thanks

Alain Verleyen
38009
Alain Verleyen  

From what Renat (CEO of Metaquotes) said :

  • New ex4 are native code (like DLL) and no more pseudo code. So they are more difficult to decompile.
  • ex4 are compressed (or other obfuscation technique not known) so have decompiled it's hard to understand it.
  • ex4 for Market are encrypted. The exact technique used is not publicly available.

I report these information from memory, so I hope I don't make a mistake. Also I don't check these informations in practice.

Marcos Silva
369
Marcos Silva  
Thank You for the answer but it didn't add much to my knowledge. Is it possible to decompile? might be possible in near future? (any bets?)
Alain Verleyen
38009
Alain Verleyen  
investguy:
Thank You for the answer but it didn't add much to my knowledge. Is it possible to decompile? might be possible in near future? (any bets?)

AFAIK, an encrypted product can't be decompiled. You have to decrypt it first. A product can always be decompiled. But it's a matter of costs. If it cost you 10$ to decompile an old ex4, maybe the new ex4 will need 1,000,000$ (just to say something). You got the idea ?

William Roeder
18669
William Roeder  
StrToTime("2014.09.30 00:00");

A pure string is easy to hack. Try compiling it and seeing if the string is visible in the ex4. It's supposed to be encrypted now (Build 6xx). Verify.

Also why use a string at all? Use a real 8 byte datetime.

#define EXPIRATION D'2014.09.30 00:00'
Marcos Silva
369
Marcos Silva  

It is encrypted but unfortunately the property variables are still visible.

William Roeder
18669
William Roeder  
investguy: It is encrypted but unfortunately the property variables are still visible.
That's not unfortunate, that's on purpose. If you can't read the copywrite in the file, then it's not copywrited. But the date string isn't visible.
forexrunner
148
forexrunner  
investguy:

Hi,

I read about the new mql4(Build 600+) and already updated my EAs, now i have a question. How secure is the new protection against crackers and other types of executable cracking and modifying the code. EX: hex editing date of expiration, memory dumps, etc.. How secure is a simple time restriction(expiration date) on a EA now? How to implement new protection techniques using the new language?

ex:

Thanks


AFAIK, there is not the possibility, until now, of a decompiler currently working for .ex4 compiled with Build 6xx


BUT, the problem with your code, for anyone really interested in cracking it, is that it is very easy to turn your

if (condition...)

to

if (!condition

Or even easier, to NOP that return(1)

To resume, Decompiling is not possible now.


But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.

William Roeder
18669
William Roeder  
yokinfx: But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.
It not supposed to be machine code, it's supposed to be encrypted.
Alain Verleyen
38009
Alain Verleyen  
yokinfx:


AFAIK, there is not the possibility, until now, of a decompiler currently working for .ex4 compiled with Build 6xx


BUT, the problem with your code, for anyone really interested in cracking it, is that it is very easy to turn your

to

Or even easier, to NOP that return(1)

To resume, Decompiling is not possible now.


But what's still possible is dissassembling the code. And for anyone with little knowledge of assembler, reverse engeneering your code and cracking it would be fairly easy.

Really ? Can you prove it ?
Ahmed Soliman
21513
Ahmed Soliman  
Put your code in a DLL. That's the award winning answer since MQL2.
To add comments, please log in or register