Preventing reverse engineering and protecting IP

This forum is for programmers who have questions about the source code.
Post Reply
User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Preventing reverse engineering and protecting IP

Post by Ardavan » Wed Nov 19, 2014 8:22 am

Good Morning,

Firstly I apologize that my question is not exclusively an Open Dental development question, however having worked with Open Dental as both a user and dare I say an aspiring developer I look up to the team and esteem you as competent and seasoned developers. Upon successfully compiling my first plugin I was very excited and eager to share, however given that I invested my nights and weekends to work on it I would like to protect my work and perhaps even profit from it.
After donning my black hat, peg-leg, eye-patch and shoulder-parrot I set my sight on my work as the booty. I was shocked to discover the fruit of my labor in plain text. I recall reading something about the EHR module having certain protections, so I aimed my ship towards it and was pleased to find little to plunder. If I'm not mistaken the expertise requisite for making sense of what the EHR gives up would be better spent writing it from scratch.

So basically my question to you (and the developer community which may peruse these forums) is this:
What are your suggestions and recommendations for protecting code?

Thank you for your attention, and looking forward to your answers.

P.S. I love the jokes in your signatures so much I've put one in mine, though do be advised I'm known as the king of corny by at least one coworker.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

User avatar
dgraffeo
Posts: 147
Joined: Wed Sep 24, 2014 3:19 pm

Re: Preventing reverse engineering and protecting IP

Post by dgraffeo » Wed Nov 19, 2014 9:08 am

Hey there,
In my experience when you compile the code and distribute it as the executable file with associated DLL's it's very hard to reverse engineer it. After compilation what the computer runs is what's known as "machine code" which is not human read-able and is used directly by the computer. There are programs out there that can "decompile" the machine code back into the source code and have it human readable again however from what I've seen it is difficult to use, not efficient, and not very accurate. Generally you don't have to worry about people getting source code from your compiled projects as long as that's what you're distributing. Protecting your executables and DLL's from being redistributed from one user to another is a different beast entirely, if that's more of what you're going for.

That all being said, I'm sure Jason can give you more insight into how OD does security of this sort. I know that there are ways to obfuscate the code to make it even more difficult to decompile or glean data from. I haven't had experience with that myself but I would imagine it would be some sort of "encryption" for the machine code itself so the decompiler software can't directly "translate" it.
"To understand what recursion is, you must first understand recursion."

David Graffeo
Open Dental Software
http://www.opendental.com

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Preventing reverse engineering and protecting IP

Post by Ardavan » Wed Nov 19, 2014 9:52 am

Thank you David,

Thank you for your prompt response, I was also under the impression that once you compile a project the source code is securely translated to machine language and cannot be easily reconstructed. I have no previous experience reverse engineering executables or dynamically linked libraries, nor have I accepted the titles of developer, cracker or pirate, in fact I've been accused of being "unqualified" to assess a self proclaimed developer's work (or lack there of ;)). However it took me the lesser half of an hour to prove to myself how wide open .NET compiled code is. I was literally shocked to see my entire source code, comments excluded, laid out clearly in plain text after having invested nothing more twenty minutes of my time. I know there is no silver bullet when it comes to protecting IP, all we can do is to make piracy and reverse engineering more tedious than development from scratch, which is what I'm aiming at, or to make it not worth the risk of prosecution, which I do not have the resources to enforce. In fact, my only resource is my time, which in and of itself becomes more scarce and valuable every day.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

User avatar
jsalmon
Posts: 1551
Joined: Tue Nov 30, 2010 12:33 pm
Contact:

Re: Preventing reverse engineering and protecting IP

Post by jsalmon » Wed Nov 19, 2014 12:15 pm

Ardavan wrote:What are your suggestions and recommendations for protecting code?
For plugins, I would hands down say obfuscating your dll is the way to go. There are many free dll obfuscators but you might want to invest some money into one because they are usually only $60 - $90 and give many varieties of obfuscation (string scrambling, etc) that you can couple together in order to make your dll complete rubbish to people trying to use reflectors or the like in order to reverse engineer your code.
The best thing about a boolean is even if you are wrong, you are only off by a bit.

Jason Salmon
Open Dental Software
http://www.opendental.com

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Preventing reverse engineering and protecting IP

Post by Ardavan » Wed Nov 19, 2014 1:49 pm

Thank you Jason, I'm fairly new to this arena and wanted to check with the masters.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

User avatar
dgraffeo
Posts: 147
Joined: Wed Sep 24, 2014 3:19 pm

Re: Preventing reverse engineering and protecting IP

Post by dgraffeo » Wed Nov 19, 2014 3:24 pm

Here's an interesting discussion on the topic that I came across. It may offer some insight into this area of programming that you may not have thought of: http://programmers.stackexchange.com/qu ... rom-piracy
TL;DR version: Preventing piracy is impossible unless you host the files doing the work on a remote server they connect to. Beyond denying the users the program itself the only way of "protecting" it is to make sure it's more annoying for them to crack the safety than it is for them to buy it outright.
"To understand what recursion is, you must first understand recursion."

David Graffeo
Open Dental Software
http://www.opendental.com

User avatar
Ardavan
Posts: 106
Joined: Sat May 15, 2010 9:10 am

Re: Preventing reverse engineering and protecting IP

Post by Ardavan » Thu Nov 20, 2014 6:16 am

Thanks again Jason for the suggestions, I was looking at tools starting at an order of magnitude more expensive and thought they would be out of my reach. And thank you David for the other side of the argument, indeed it feels as though I'm contradicting my own philosophies in many ways by not sharing my work openly, especially given that its built on top of a generously open platform. Either way (scrambled or open) I hope to release my work soon so I may move on to the next project.
There are 10 types of people in this world, those who will laugh at this joke, and those who won't. ~Annonymous Bug Writer

Post Reply