Wishes for MQL5 - page 13

New comment
 

Gentlemen, I just wish I had this. I am not saying that it is easy to implement, but somehow it seems possible to me. Let them decompile and get the binary code (the main thing is that it is not the source code). If they find a specialist that understands why I use two-dimensional Fourier transform in Expert Advisor and have date operations in it and not a wavelet, flagship in their hands. If they can get them out of there competently and it will trade correctly

2. When you open a real account with any brokerage company, obtain a key (electronic or otherwise). You know they steal passwords. I don't want to have my login and password sent to the market up to their necks. I've seen somewhere that the demo password is simple (5-8 letters and digits), and the password to enter the real market is much more complicated.

 
I am not a developer. But I was just wondering what you mean by protection in this case.
1. This is the current situation. The program is compiled to bytecode, which is executed on the virtual machine and saved in ex4. This bytecode roughly corresponds to the machine code of the real machines. If an attacker gains access to bytecode, it is a matter of technique and skill to restore the algorithm. But it is important to understand that in principle this byte-code cannot be hidden from an intruder by leaving it open for a terminal.
2. The connection to the terminal is encrypted as it is now. For me, it would be better to use standard SSL, but there is hardly any self-written encryption. More likely, the only proprietary scheme is the shared secret between the DC and the terminal, and the encryption itself is AES or something like that.
 

I specifically looked it up, on the 2nd point it is possible and already implemented by the Finns, even the regulations state how to handle the electronic keys and what it leads to.

http://www.finam.ru/services/AccountWizard00002/default.asp

On the first point. We make the algorithm of ex4 formation open and fully transparent. We open a contest with a good money prize for its modification with the aim to protect it from decompilation and to get the source code. If as a result of the contest we get ideas for protection, we implement them and get a certificate of protection class from some well-known organization.

The question is whether the creators want this (whether it is profitable for them to make solid software and bite everyone in this market niche), or it is easier for them to hold a competition and ... get on with it, because they know the compilation algorithm.

amirul "... then the restoration of the algorithm - a matter of technology and level of training ..." time is the main thing, if the restoration of the original algorithm should spend 1 year (a specialist of the highest qualification) IHMO this is enough

 
Prival:

I specifically looked it up, on the 2nd point it is possible and already implemented by the Finns, even the regulations state how to handle the electronic keys and what it leads to.


http://www.finam.ru/services/AccountWizard00002/default.asp



On the first point. We make the algorithm of ex4 formation open and fully transparent. We open a contest with a good money prize for its modification with the aim to protect it from decompilation and to get the source code. If as a result of the contest we will get ideas on protection, we will implement them and get a certificate on protection class in some famous organization.



The question is whether the software creators want this (whether it is profitable for them to make solid software and bite everyone in this niche of the market), or it is easier for them to hold a competition and ... get on with it, because they know the compilation algorithm.



amirul "... then the restoration of the algorithm - a matter of technology and level of training ..." time is the main thing, if the restoration of the original algorithm should spend 1 year (a specialist of the highest qualification) IHMO this is enough


On the 2nd point: of course it is possible. There is even a standard for this: SSL/TLS is called (in particular secure http - https uses it). I don't know how exactly encryption is implemented in MT (and I certainly don't know why they had to re-invent the wheel), but I don't think that method is fundamentally different from SSL. Ciphers are most likely the same, key exchange protocols are their own.

As for protection before ex4. Once again, it is PRINCIPALLY impossible. The only thing that can make life difficult for a potential cracker is obscurity. And to ensure obscurity, open contests are not the best idea. And here we should remember that obscurity is a one-time resource. Once one (or preferably a group of) people hack, everyone else can enjoy the results of their work without bothering to hack
 

Maybe there was such a wish already :)

That mql4 files - open (work) in MT5 as well, i.e. that they don't all have to be rewritten :)

 
amirul

I see that you have a lot of knowledge in this field. Please give your estimation of the time needed for MQL-developer who knows exactly how an executable file ex4 is generated. Having this ex4 file in hand to restore the source code of mq4, the interest is purely theoretical, how much time is needed for this. sec, min, hour, day ?

 
Prival:
amirul

I see that you have a lot of knowledge in this field. Please give your estimation of the time needed for MQL-developer who knows exactly how an executable file ex4 is generated. Having this ex4 file in hand to restore the source code of mq4, the interest is purely theoretical, how much time is needed for this. sec, min, hour, day ?


Are you ready to trade with your hands or do you need to be told for the 100th time that absolute security does not and cannot exist in principle?
 
notused:
Trade hands and don't sweat it - or do you still need to be told 100 times that absolute protection does not and cannot exist in principle?
Thank you at least for this answer. I've tried it by hand, it's worse and much worse. Automatic is better. Just now I'm thinking about sending an expert to the championship. It's a pity only users participate in this discussion.
 

Two key system.

A wants to sell/transfer an advisor to B. B generates two keys on his machine: a private (secret) key and a public key. The private key is kept by B under 100 locks. B gives the shared key to A who uses this key to create an encrypted EX4 file and gives the file to B and only B uses his secret key to decrypt EX4 file. With a shared key, a secret key cannot be made. An intruder would have B's shared key, but could do nothing with it.

According to Philip R. Zimmermann's theory, PGP

Files:
pgpdoc.zip  4 kb
 
Parabellum:

Two key system.


A wants to sell/transfer an advisor to B. B generates two keys on his machine: a private (secret) key and a public key. The private key is kept by B under 100 locks. B gives the shared key to A who uses this key to create an encrypted EX4 file and gives the file to B and only B uses his secret key to decrypt EX4 file. With a shared key, it is not possible to make a secret key. An intruder will have B's shared key, but will not be able to do anything with it.

According to Philip R. Zimmermann's theory, PGP software.
Uh-huh, and if intruder B? That's usually the problem. And PGP itself isn't infallible.
1...67891011121314151617181920...131
New comment
Reason: