[Gambas-user] How easy is it to decompile

Wolfgang 123 at ...3490...
Wed Jul 1 09:37:19 CEST 2015 


Am 01.07.2015 um 09:10 schrieb Fabien Bodard:
> Le 30 juin 2015 23:13, "Wolfgang (DL7NB)" <123 at ...3490...> a écrit :
>> Thank you Adrien. So as long as there is no decompiler for gambas it may
> take some time to do so. But it can be done...
>> That just confirms my thoughts abbout it. So lets hope for fair users ;-)
>>
>> Wolfgang
>>
>> On 30. Juni 2015 22:35:43 MESZ, Adrien Prokopowicz <
> adrien.prokopowicz at ...626...> wrote:
>>> Le Tue, 30 Jun 2015 20:50:54 +0200, Wolfgang <123 at ...3490...> a écrit:
>>>
>>>> Hi all,
>>>>
>>>> I just wonder how easy it would be to decompile (get some source
>>> code)
>>>> from a *.deb file.
>>>> I programmed a software -lets call it "MyProg"- in many, many hours
>>> and
>>>> would like to install it via MyProg.deb.
>>>> That works easily and safe.
>>>>
>>>> But is it (easily) possible to take the "MyProg.deb" and get the
>>> source
>>>> code out of it?
>>>>
>>>> Is my work somehow "safe"?
>>>>
>>>> greetings from hot Bavaria
>>>>
>>>> Wolfgang
>>>>
>>> Short answer : from a security point of view, expect everything in a
>>> compiled program to be as readable as plain text, as nothing is
>>> encrypted or anything of the sort.
>>>
>>> It may take some time, depending on the size of your program and
>>> the tools available, but consider that anyone with enough will and
>>> knowledge can make it through.
>>>
>>> Long answer :
>>>
>>> First, .debs themselves (like any other package, even for
>>> Windows/MacOS)
>>> are just compressed archives. You can actually open most of them in
>>> your favorite archive manager.
>>> Needless to say, this is basically nothing to go through.
>>>
>>> The actually "hard" part is to decompile the binary files generated
>>> by the compiler. The "hardness" of this depends of the language used.
>>> I'm assuming you are talking about Gambas here, but this applies
>>> to any other compiled language (C/C++, Java, C# ...).
>>>
>>> When it comes to code, compiled code is actually just your source
>>> code "translated" into some binary form, more readable for
>>> the interpreter. So, as you can guess, it is pretty easy to do
>>> with the right tool.
>>>
>>> I have never heard of any decompiler for Gambas, but making such
>>> a tool is completely feasible (although a bit long).
>>> Unless you have Benoît sitting next to you. I'm pretty sure he's
>>> secretly able to decompile Gambas bytecode just by reading it. :)
>>>
>>> As for resources (like images and so), it is just plainly copied
>>> into the executable. Again, anyone can find and extract it.
>>>
>>> In the end, there is nothing you can do technically "protect"
>>> your code. There are methods out there that try to "hide" code
>>> (like obfuscation ...), but it is just a matter of time before
>>> someone can go through these.
>>>
>>> However, you can give juridic protection to your work by using
>>> licenses. I don't know much about proprietary licenses, but
>>> if you want to go open-source, there are quite a few, such as
>>> the GPL, MIT or Apache Licenses, or Creative Commons for anything
>>> that is non-code.
>>> This site[0] gives interesting summaries about these (and others).
>>>
>>> Hope this helps,
>>>
>>> [0] http://choosealicense.com/
>>> --
>>> Adrien Prokopowicz
>>>
> This remember me some accounting programs I've seen wrote with access. The
> code was just encrypted with a xor key. A single program in vb was enough
> to retrieve the password and then I have just to open the access file with
> access, to read the full code.
>
> It's far more hard with gambas even with a decompiler.
>
> The only part non protected is the datas. Maybe in the future gambas
> archive can be encrypted if this is mandatory for the devellopper. But this
> may make programs more slower...
>
>
Ok Fabien.

Thank you for your information! That gives me hope. As long as it takes 
manyhours to get everything decompiled and decrypted I think my program 
is proected enough.
As it is not a space-rocket-control there may be no need in doing more.

(not everything in my work was plain, but some things(data) are 
encrypted, too. And to decrypt things there is a bit "tricky".)

So I am on a good way for my purpose! Great!!

So better back to writung code ;-)

Best whishes from northern Bavaria

Wolfgang

More information about the User mailing list