The file modMacros484.txt is a the output of a proof-of-concept model for obfuscation.
I took two macros from my Under-The-Hood suite “SaveAsParagraph†and “SaveAsSelection†with their associated procedures.
I ran them through the VBA Code Cleaner to strip comments and white space.
Then I used my parser to replace every user-defined identifier with a string generated by my password-of-the-day-time macro.
Hence the proliferation of names that follow a generic pattern (“grbddclnpjâ€).
(Bonus: Along the way I found an instance where I had needlessly used an identifier I didn’t need!)
Two macros with four procedures is hardly a complex application, but it does demonstrate what can be done if one wants to release some obfuscated VBA.
The file modMacros485.txt is the obfuscated file modMacros484.txt passed through my indenter, thereby serving as a slightly-more-readable version.
Obfuscation
-
- PlutoniumLounger
- Posts: 15645
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Obfuscation
You do not have the required permissions to view the files attached to this post.
He who plants a seed, plants life.
-
- Administrator
- Posts: 78598
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: Obfuscation
Thanks, but it's not quite clear to me what I would use this for. If I don't want users to be able to view code, I'd set a password on the VBA project. Otherwise, I prefer code to be as readable as possible.
Best wishes,
Hans
Hans
-
- PlutoniumLounger
- Posts: 15645
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Obfuscation
Password crackers exist that allow users to get into your code.HansV wrote:... I'd set a password on the VBA project. Otherwise, I prefer code to be as readable as possible.
Obfuscation greets them with an even greater hurdle.
Good Obfuscation maintains a one-to-one correspondence between the original ("commented"0 source and the obfuscated code, so tracking down a bug is made easy by noting the physical line in the obfuscated code and trapping the equivalent (congruent?) line in the source.
He who plants a seed, plants life.
-
- 4StarLounger
- Posts: 508
- Joined: 17 Dec 2010, 03:14
Re: Obfuscation
Hi Chris,
If I were faced with your obfuscated code, I'd head straight over to: http://www.vbaexpress.com/forum/index.php" onclick="window.open(this.href);return false; where I can input it into a draft post with that forum's vba tags, click advanced, and see the fully structured code in an instant. I already do that where people posting in various forums don't use code tags and the indenting gets lost as a consequence. From there I post the revealed code into whatever app I need for working on it. Once you can see the structure, a little reading and a few Find/Replace operations will soon render the obfuscated code quite un-obfuscated!
If I were faced with your obfuscated code, I'd head straight over to: http://www.vbaexpress.com/forum/index.php" onclick="window.open(this.href);return false; where I can input it into a draft post with that forum's vba tags, click advanced, and see the fully structured code in an instant. I already do that where people posting in various forums don't use code tags and the indenting gets lost as a consequence. From there I post the revealed code into whatever app I need for working on it. Once you can see the structure, a little reading and a few Find/Replace operations will soon render the obfuscated code quite un-obfuscated!
Paul Edstein
[Fmr MS MVP - Word]
[Fmr MS MVP - Word]
-
- PlutoniumLounger
- Posts: 15645
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Obfuscation
Hi macropod, and based on my reading of your FieldCodes dissertation centuries ago (grin) I agree that you'd have little problem deciphering the example given in my proof-of-concept, but I had added the caveat "Two macros with four procedures is hardly a complex application,"macropod wrote:... a little reading and a few Find/Replace operations will soon render the obfuscated code quite un-obfuscated!
Consider now one application with 800 procedures and a library with about the same number.
It is uneconomical to wade through 1,600 procedures (not "lines of code") trying to work out what does what.
I'll grant that clues abound e.g. dkjtrhgkehg.SaveAs is obvious, but that doesn't do much for the logic.
He who plants a seed, plants life.
-
- 4StarLounger
- Posts: 508
- Joined: 17 Dec 2010, 03:14
Re: Obfuscation
Hi Chris,
Ultimately, if the code was worth 'cracking', obfuscation wouldn't be a worthwhile safeguard.
Ultimately, if the code was worth 'cracking', obfuscation wouldn't be a worthwhile safeguard.
Paul Edstein
[Fmr MS MVP - Word]
[Fmr MS MVP - Word]
-
- PlutoniumLounger
- Posts: 15645
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: Obfuscation
But isn't that the point of obfuscation, economics?macropod wrote:... if the code was worth 'cracking',
There comes a point where even Microsoft with all its "cracking" expertise would decide instead to throw less money at the problem and buy or license the code.
It's the same argument we see for password-protection, paying or not-paying for 30day-trialware, or for a client who thinks they can write-it-themselves; at some point (if they are sane) they'll realise that it's cheaper to buy the source code than to spend resources cracking the object code.
In my illustrious past I've been paid huge sums to
(1) decipher 80-column card binary-coded patch decks to AutoCoder object programs
(2) untangle poorly-written STSC-APL code
(3) reverse-engineer workbooks (when the authors were in the employ of the client but "didn't have time" to meet with me)
And more.
In each case it would have been better economics to go to the source.
I think that the same principle applies to steering-wheel locks in cars. They don't stop someone who really wants that car, but they deter casual thieves who go looking for an unlocked car - economics of their (miserable) time, again.
He who plants a seed, plants life.
-
- 4StarLounger
- Posts: 508
- Joined: 17 Dec 2010, 03:14
Re: Obfuscation
Hi Chris,
You might be interested in this: http://www.crunchcode.de/en" onclick="window.open(this.href);return false;
You might be interested in this: http://www.crunchcode.de/en" onclick="window.open(this.href);return false;
Paul Edstein
[Fmr MS MVP - Word]
[Fmr MS MVP - Word]
-
- NewLounger
- Posts: 1
- Joined: 02 May 2013, 00:04
Re: Obfuscation
Obfuscation is a set of techniques that hide the intent of your Excel VBA program without changing its runtime behavior e.g. obfuscated VBA code will run in both 32/64 bit Office 2010/2013 versions, if your original code was designed to do so.
Please read a detailed description how CrunchCode.de works below:
http://www.spreadsheet1.com/s1-crunchcode.html" onclick="window.open(this.href);return false;
Please read a detailed description how CrunchCode.de works below:
http://www.spreadsheet1.com/s1-crunchcode.html" onclick="window.open(this.href);return false;