PDA

View Full Version : obfuscated scripts?



marcuslee
20-03-2009, 15:19
I'm confused about something. Here's one of the "Did you know" items:

Did you know: you can create obfuscated thinBasic scripts with thinAir

I don't understand what an obfuscated script is. I looked up the word obfuscated. Here are the definitions according to Dictionary.com:

1. to confuse, bewilder, or stupefy.
2. to make obscure or unclear: to obfuscate a problem with extraneous information.
3. to darken.

How does all this relate to thinBasic scripts?


Mark :?

GSAC3
20-03-2009, 18:14
marcuslee:

"Obfuscating" a script is just a way of hiding, from the user's view, the original thinbasic code of the script. Programmers normally use this to keep their source code protected from being pirated by someone else while still allowing others to run the code.

Don

Michael Hartlef
20-03-2009, 18:42
No.2 to make it unclear to other people. An onfuscated script is not readable.

marcuslee
21-03-2009, 15:09
marcuslee:

"Obfuscating" a script is just a way of hiding, from the user's view, the original thinbasic code of the script. Programmers normally use this to keep their source code protected from being pirated by someone else while still allowing others to run the code.

Don



So, how does it work? When I share this kind of code with someone, how does it look to them?

Mark

Petr Schreiber
21-03-2009, 15:34
Hi,

I will try to explain it how I understand it :)

1) You have ThinBasic tBasic source code named MyScript.tBasic
2) You want to give the script to someone else who has ThinBasic installed, to be able to run it, but not to see how it works inside
3) You pick Tools/Obfuscate
4) It will generate file MyScript.tBasicx, which has the same functionality as MyScript.tBasic, but instead of:


USES "Console"

PRINTL "Hi"
WAITKEY


it looks inside like:


TBBFLMPSA!#@$%^&Q@!#$$@


... well, like a binary soup done by mad cook.

So the main purpose is security:
- hiding log in information for your internet related scripts
- anti cheating protection for ThinBasic games - gamers cannot change code to add more score for example


Petr

marcuslee
21-03-2009, 18:39
So the main purpose is security:
- hiding log in information for your internet related scripts
- anti cheating protection for ThinBasic games - gamers cannot change code to add more score for example



Is it sort of like sharing the EXE version? They can run it, but they can't modify it. Does thinBasic's bundled EXE have the same security features?

I've read that one reason to go with a compiler is the extra security it offers over an interpreter, but it sounds like to me that thinBasic programmers can have their cake and eat it too. (Sorry for the idiomatic expression) What I was trying to clarify is that thinBasic's security is on par with a compiler. Is that true? Part true? Or, not true?


Mark

Petr Schreiber
21-03-2009, 19:32
Hi Mark,

I cannot comment on security that much,as I never tried to do "things a nice boy would never do to an EXE" :D.

When bundling ThinBasic EXE file, you can "just" bundle normal script, or check "obfuscate flag" to use tBasicX.

"Just bundling" can be security risk, as bunled EXE temporarily extracts all modules + script file ( but with hidden attributes ).
When you check "obfuscate flag" during bundling, the script is encrypted in complex way, so I would say it is quite safe.
Also if people do not know your EXE was created with ThinBasic, they will not expect something will get extracted at all.


Petr

marcuslee
21-03-2009, 20:41
Hi Mark,

I cannot comment on security that much,as I never tried to do "things a nice boy would never do to an EXE" :D.


So, are you trying to say that you are a "nice boy" and never uses your skills to hack? Yeah, right! :o :escribe: (That's Petr not being such a nice boy! ;))



When bundling ThinBasic EXE file, you can "just" bundle normal script, or check "obfuscate flag" to use tBasicX.

"Just bundling" can be security risk, as bunled EXE temporarily extracts all modules + script file ( but with hidden attributes ).
When you check "obfuscate flag" during bundling, the script is encrypted in complex way, so I would say it is quite safe.
Also if people do not know your EXE was created with ThinBasic, they will not expect something will get extracted at all.


Petr


But, still possible to be hacked? (Of course, I don't know much about this sort of thing, so far as I know ... compiled programs could be hacked by a super smart criminal.)


Mark

Petr Schreiber
21-03-2009, 21:13
:lol:

From what I know, everything can get hacked. This is thing which must be said from the beginning.

But there are few obstacles ThinBasic puts in hackers path:
- bundled EXE is not classic EXE
- ThinBasic obfuscation has advantage ( from antihack point of view ) of changing the way scripts are encrypted from release to release. So script encrypted with 1.7.6.0 should be different from the one encrypted in 1.7.7.0.
- not every hacker knows ThinBasic syntax

... all this prolongs the time it takes to break the secret of your script.
Although todays PCs are pretty fast, even quad core one can be kept busy with simple task for weeks ( friends tried brute force artificial inteligence algorithm on solving simple board game situation - took 10 days ).

I think if we continue few more posts, we will list here way to hack ThinBasic program, that is not good :D


Petr

Michael Hartlef
22-03-2009, 11:18
I would say an obfuxcated script is as hackable as every other compiled program. If someone has the knowledge and wants to hack something, they will do it. There is no 100% security in the IT world.