Protecting the source code before compilation

 

Any developer knows very well how much effort and time it takes to develop an effective algorithm on one's own, and having created it, has an unconditional right to protect it.

We are sure that many users, likeus, have witnessed such common situations:

1. decompiling *.ex4 files for the purpose ofinvestigating someone else's work logic and/or further modification. With the latestbuilds of MT4 terminal this process has become more complicated, but nevertheless experienced hackers successfully analyze their content and make unauthorized changes, including disablingtrial protection and various bindings.

2. trivial renaming of compiled files, manufacturer name (#propertycopyright) in order to pass them off as other or "proprietary" products.

We develop a softwaresolution to help any code developers and their customers protect their source code from unauthorized examination, modification, renaming and resale.

This protection is realized at primary level of source code by means of its dynamic encryption according to algorithms, developed by us, withoutusing any additional libraries or external tools of protection against decompilation, i.e. the source code itself is converted into *.mq4 format.

Every experienced programmer can see for himself from the above example that recompilation of such encryptedsource code into *.ex4 formatmakes it very difficult to study and analyze it or even impossible. Also, anyone can test the securityencryption algorithm absolutely free of charge by sending any* source code in *.mq4 formatby e-mail codeprotector@ypy.cc (details below)

Current features (beta version):

1. dynamic encryption of source code using a unique proprietary algorithm

Example 1. This is what the source code looks like before encryption (file attached)

original code

Example 2. This is what the source code looks like after dynamic encryption (file attached)

code protected

2. to provide additional protection for code owner, each encrypted source code automatically integrates complex information protection of code owner with information block (it is displayed on the diagram in the right lower corner).

The graph displays:

+information containingthe source code encryptionIDnumber (by which the owner can always individualise a particular instance of his product). This can be veryuseful, for example, for the owner of the code to understand whose particular instance of the product has been unauthorizedly published or hacked.

+ originalfilename, which was used by the owner of the source code during encryption. Any subsequent tampering with the original secure filename will break the logic (only the addition of the original filename is allowed for convenience). This will make it very difficultfor an attacker to completely change the file name.

+ manufacturername(#propertycopyright). During encryption, this data is read from the source code and stored in an encrypted form.Thus, even if intruders make changes in compiled *.ex4 file, specifying a different manufacturer, the chart will continue to display the manufacturer's data, as originally specified by the owner.

Any subsequent unauthorized modification of the information displayed on the chart in the information block will result in violation of the logic.

Example 3: This is what the information block looks like

info

As soon as we achieve a high percentage of compatibility of dynamic encryption with differentcodes, we plan to create a software product with a flexible and convenient licensing system (use restrictions by time, account number, owner name, trade server, etc.), that can be used by each user locally on his computer to protect his code without passing it on to anyone.

Those developers who will actively cooperate with us by thoroughly and professionally testing our dynamicencryption algorithm will get apremium status of professional users with advanced features and limits for use.

For developers whocooperate with customers on a regular basisto develop various code, it will be more convenient and secure to share the source code in an already encrypted form.

Experiencehas shown that even if you do not provide the code to anyone and use it only for your own needs ona VPS, it is much safer to use it in encrypted form with bindings to your accounts.

How can you encrypt any* source code in *.mq4?

At present, while debugging, you cando it using the following simple steps:

1. send any e-mail to codeprotector@ypy.cc.

2. receive a reply, answer it (for the reply to save the activation code you received)

3. Then you will receive an email confirming that you can send to this address any* source codes in *.mq4 formatfor security encryption.

4. you send a file *.mq4and after a while you receive an email with already encrypted source code (the name of the source code added to theIDnumber and "_protected", which can safely remove).

Processing of all files is automatic, we do not analyse or use sent files in any way, except for security encryption, removal and technical debugging for compatibility of encryption algorithm, initiatedby user in case the source code isencrypted with errors ornot encrypted at all. If you prefer not to send any source code by email and/or do not trust anyone, you can justwait until we create a separate piece of software to secure the source code locally on your computer by yourself.

*Any source code sent to *.mq4must be previously unencrypted and compiled in *.ex4without warnings or errors. You should check this yourself beforehand.

In case the source codewas encrypted with errors or notencrypted at all, and before encryption it was fully operational (you have to check that yourself) and you're sure you didn't make any changes to it, please tell us about that informing the following:

1.the encryptionIDnumber.

2. What is not working or is not working correctly.

3. describein detail how we can reproduce the error, attachingscreenshots if possible.

P.S. Since we often receive various requests and suggestions, please note that we do not accept any orders for programming, as engaged in self-development software for their own needs and end products. There are many qualified third-partydevelopers ready to fulfill any of your orders for software development in the "Freelance" sectionof the Marketplace. Also we do not have and do not plan to have a software solution for decoding source codes back to their original form. Any requests to send us previously sent the original source code, includingpeople posing as their owners will be ignored. Please do not contact us with these questions either.

Please post in this thread all those who understand what it's for and for whom it really can be useful.

 
Pavel Izosimov:

With the latestbuilds of MT4 terminal this process has become more complicated, but nevertheless experienced hacking experts successfully analyse their content and make unauthorised edits to them, including disablingtrial protection and various bindings.

Can you prove this claim?
 
Renat Fatkhullin:
Can you prove this claim?

Renat, good day!

Yes, of course, I will send you in a private message some examples of cracked codes that we have found on the web. Moreover, I can tell you exactly the name of a specialist and his site, who regularly and publicly damages developers by removing their protection.

I would appreciate your analysis.

 
OK, thank you.
 
Pavel Izosimov:

...

I have a question: what guarantee is there that your utility is not itself a Trojan and will not leak the encryption code sent to it? Answers like "you can rely on us" and "we are very, very, very honest" are not accepted.

Secondly, what prevents the programmer from writing an obfuscator - which, as I understand it, is your software? A simple obfuscator can be written in no time at all. For example, define variable substitution list like this: #define m_list x03928473 - not so much, but enough for basic protection.

 
Vasiliy Sokolov:

A simple obfuscator can be written in no time at all. For instance, I create a define variable substitution list like this: #define m_list x03928473 - not too much, but enough for a base protection.

There is no point in obfuscating the variable names - they are not in the resulting code at all. Only publicly exported function names are saved.

Obfuscation only makes sense if you actually mutate your code or, what's even better, if you virtualize it. But virtualization is not done at source code level, it is available only at object or binary code level.

 
Pavel Izosimov:

Any subsequent unauthorised modification of the information displayed on the graph in the info box will cause the logic to break down.

This sounds a little bit creepy.
 

Use the Marketplace to sell products and the problem of possible hacking goes away completely.

Products bought through the app shop have a completely different coding/security system, and are encrypted for each customer's hardware.

 
Renat Fatkhullin:

Use the Marketplace to sell products and the problem of possible hacking goes away completely.

Products bought through the app shop have a completely different coding/security system, and are encrypted for each customer's hardware.

So ex4, ex5 file protection is already bypassed? And is it worse than the post-publication protection in the marketplace?
 
Tapochun:
So the protection of ex4, ex5 files has already been bypassed? And is it worse than the post-publication protection in the marketplace?

No, of course they haven't.

Protection in the Market is better due to binding to the hardware. Without the Market, you can build protection into your code, limiting the functionality or conditions of use. And they will work because there is serious object code protection. But in the market, you put unrestricted programs that the market itself, in addition to the basic protections, re-encrypts for the buyer's hardware.

 
Renat Fatkhullin:
Ok, thank you.
Sent some examples with a link to the original source