Discussion of article "Securing MQL5 code: Password Protection, Key Generators, Time-limits, Remote Licenses and Advanced EA License Key Encryption Techniques" - page 2

 
Peter Maxwell:

Sorry to be scathing but what was presented in the article is not security, it is obscurity.  Copy-protection is an exceedingly difficult problem, hence the efforts of the music/film industry with DRM and their repeated failures.

At best, the information here will waste some peoples' time; at worst you may have given the reader a false sense of security.  If they then decide to "protect" a product using your advice, they may be somewhat surprised when their consumer strips out the protection within a matter of hours and resells it for a fraction of the price.

An seriously - base64 encoding is not related to encryption.  Base64 encoding was designed to allow 8-bit data to be transmitted safely using protocols that consider data encoding to be 7-bit.  You can trivially reverse base64 encoding - and it is designed for that purpose!

The only solution I can see of securely distributing MQL5 software is either via the broker's limited power of attorney provisions, or installing an instance of MQL5 with the .ex5 files on a server somewhere and allowing the customer access using a thin client (so they cannot download the .ex5).  And yes, I've worked in information security for over 15 years, so have a fair idea of what I'm talking about. 

To be honest, I'm rather surprised that Metaquotes published the article.

Correct. Exactly this way.
 

I have an idea. Suppose there is a web monitor that allways look through the web flow.

1. EA client call the web server for a sha.pub key which is generated by the server randomly.

2. EA send some data asking for authorization to the server with the pub key so the monitor can't know what the data is. And in the  data can contain some random key generated by the client. The monitor can't decrypt the data because of the sha key.

3. The server received the data and send authorization allowed infomation encrypted by the key client sent to it. The monitor maybe decrypt this information because it may know the pub sha key, but it doesn't know the client's key, so it is still useless.

In this way, the server can control the EA client's behavior.

 

Hi, should it be possible to update this article taking into account the new Python release ?

I can't make it working. PS: Python is still new for me.


Thx,

Danny

 
mt4 version please
 

Based on what is discussed here, more so by Peter Maxwell and if i understand clearly. Does it mean we should have less confidence in Mql5 Cloud Protector ?

Thought files compiled this way were unbreakable.

Distributed Computing in the MQL5 Cloud Network
Distributed Computing in the MQL5 Cloud Network
  • cloud.mql5.com
Today's computers spend most of their time idle and do not use all the features of their CPU. Now you can benefit from the spare power of your PC. You can sell your computer's CPU time to other members of our network community for a variety of tasks like optimizing Expert Advisors optimization or developing mathematical models. Join the MQL5...
 

Hi

I was reading the great article, when I saw the encryption section (section 6), I thought it would be nice if someone provide a php version instead of python, many webhosting services don't support php and python side by side. Please if anyone has the knowledge, would be nice to have the server side as php instead of python (with connection and query to the database)

 
The code has the following problem (see copied error messages) :


2022.11.08 16:45:10.288    RemoteProtectedEABase64 (GER40,D1)    Access violation at 0x00007FFEF4FAEC04 read to 0x0000022400000000 in 'wininet.dll'
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)       crash -->  00007FFEF4FAEC04 4C3929            cmp        [rcx], r13
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC07 0F85C7020000      jnz        dword 0x7ffef4faeed4
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)    
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC0D 488B0DDC983D00    mov        rcx, [rip+0x3d98dc]
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC14 8D4301            lea        eax, [rbx+0x1]
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC17 440FB7E0          movzx      r12d, ax
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC1B 33D2              xor        edx, edx
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)                  00007FFEF4FAEC1D 458BC4            mov        r8d, r12d
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)    
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)    00: 0x00007FFEF4FAEC04
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)    01: 0x000002248EA72CFC
2022.11.08 16:45:10.289    RemoteProtectedEABase64 (GER40,D1)    02: 0x0000000000CC0030

How can I solve the problem?

Thanks