Ex4 To Mq4 Decompiler Software Testing
- Page 12
- Page 12
- First Post:Edited at 5:59pmSep 25, 2010 5:24pm Editedat 5:59pm
- Joined Jul 2009Status: Member2,158 Posts
I have encoded my EA using some software.
Can someone try to decompile it and let me know if you end up with rubbish .Mq4 source.
If you do then my encoding software has worked.
Cheers
Scoobs.
Can someone try to decompile it and let me know if you end up with rubbish .Mq4 source.
If you do then my encoding software has worked.
Cheers
Scoobs.
- Sep 25, 2010 5:42pmSep 25, 2010 5:42pm
- Joined May 2006Status: Least Qualified Poster444 Posts
I have encoded my EA using some software.
Can someone try to decompile it and let me know if you end up with rubbish .Mq4 source.
If you do then my encoding software has worked.
Cheers
Scoobs.
I am not a programmer, just learned on my own. But i always thought that decompliling does not work by simply extracting the code from the compiled file. Instead the decompiler analyzes the byte code of the software, and makes educated guesses about the code that created it. There can also be some debugging information (if available) involved, which can help the decompiler create a more accurate representation of the original source code. Therefore encoding the source code would seem of little help. Your code would still (at least it should) work the same, therefore the same information can be gathered from the code's 'actions' and reconstructed by the decomplier. The resulting code for that reason will probably not be identical, but it should work the same. HTH Can someone try to decompile it and let me know if you end up with rubbish .Mq4 source.
If you do then my encoding software has worked.
Cheers
Scoobs.
- Sep 25, 2010 5:57pmSep 25, 2010 5:57pm
- Joined Jul 2009Status: Member2,158 Posts
I am not a programmer, just learned on my own. But i always thought that decompliling does not work by simply extracting the code from the compiled file. Instead the decompiler analyzes the byte code of the software, and makes educated guesses about the code that created it. There can also be some debugging information (if available) involved, which can help the decompiler..
Good point.But I personally wouldnt run something on my trading account unless I was able to understand the code easily as I wouldnt know if it was just going to empty my account placing ridiculus trades.
Thanks
Scoobs.
- Sep 25, 2010 6:12pmSep 25, 2010 6:12pm
- Joined May 2006Status: Least Qualified Poster444 Posts
Good point.
But I personally wouldnt run something on my trading account unless I was able to understand the code easily as I wouldnt know if it was just going to empty my account placing ridiculus trades.
Thanks
Scoobs.
There is back(forward)testing for that.. But I personally wouldnt run something on my trading account unless I was able to understand the code easily as I wouldnt know if it was just going to empty my account placing ridiculus trades.
Thanks
Scoobs.
- Sep 25, 2010 7:07pmSep 25, 2010 7:07pm
You can get any EA decompiled for $50 (or free) and remove the security part of the code which is all most pirates want to do. The current decompilers actually do a pretty good job of writing readable code for the programming curious. Bottom line - If you want to keep your code safe, keep it to yourself. Sell the results, not the software unless you understand and are OK with the fact that copies of the EA will be on Ebay and pirate sites the same day you release it. If you have something protected with custom code you should upload one of the encoded MT4 default EA's and let us see if we can crack it.
- Sep 25, 2010 7:34pmSep 25, 2010 7:34pm
- Joined Jan 2007Status: Every new idea looks crazy at first1,619 Posts
I agree with Aja, if you want to keep your EA protected, don't give it to anyone to decompile it. I had posted an .ex4 file of one of my EAs on in one of my threads last year and there was a decompiled copy on the web in a matter of weeks (and I paid a couple of hundred bucks to have it coded!).
Best thing to do is either use one of the signal services like Zulu Trade, Rent-A-Signal, or Zip Signals to sell the signals or even use a trade copier and not give away the source, trust me.
Best thing to do is either use one of the signal services like Zulu Trade, Rent-A-Signal, or Zip Signals to sell the signals or even use a trade copier and not give away the source, trust me.
- Sep 26, 2010 7:15amSep 26, 2010 7:15am
- Joined Oct 2005Status: Pip Slappa Extrordinaire1,012 Posts
There's only one way to make a truly secure EA and that's to code the proprietary part of the logic *outside* the EA in a DLL. The DLL can be coded in the language of your choice (e.g. C/C++) but if you're an amateur MT4 coder this is probably over your head.
If I ever get into the biz of selling EAs or indicators this is how I'd distribute it since it absolutely can't be 'decompiled'. The additional benefit you get with this approach is that you can build in license key support as well. Again, something I'd incorporate from the start. Keep in mind I'm a software professional as my day job so this sort of thing is relatively straightforward.
If I ever get into the biz of selling EAs or indicators this is how I'd distribute it since it absolutely can't be 'decompiled'. The additional benefit you get with this approach is that you can build in license key support as well. Again, something I'd incorporate from the start. Keep in mind I'm a software professional as my day job so this sort of thing is relatively straightforward.
You are in a maze of twisty little passages, all alike.
- Sep 27, 2010 7:52amSep 27, 2010 7:52am
since it absolutely can't be 'decompiled'.
are you sure?free:
http://www.itee.uq.edu.au/~cristina/dcc.html
http://boomerang.sourceforge.net/cando.php?hidemenu
commercial:
http://www.hex-rays.com/decompiler.shtml
etc.
- Sep 27, 2010 8:19amSep 27, 2010 8:19am
are you sure?
free:
http://www.itee.uq.edu.au/~cristina/dcc.html
http://boomerang.sourceforge.net/cando.php?hidemenu
commercial:
http://www.hex-rays.com/decompiler.shtml
etc.
dang 7bit... just who are you trying to help here... seems a little bit like it might be helping the wrong guys...free:
http://www.itee.uq.edu.au/~cristina/dcc.html
http://boomerang.sourceforge.net/cando.php?hidemenu
commercial:
http://www.hex-rays.com/decompiler.shtml
etc.
of course, do as you will...h
to trade and code, keep both simple.. no call to impress..h
- Edited at 9:23amSep 27, 2010 8:57am Editedat 9:23am
dang 7bit... just who are you trying to help here... seems a little bit like it might be helping the wrong guys...
This is all common knowledge and knowing about these things belongs to the education of every informatics student. There is nothing wrong with mentioning common knowledge on a public forum. You can find the same information by doing a simple google search (and in fact I just did a simple search for 'c decompiler' to come up with these 3 links).These wrong guys don't need any help from me, they know their job already! I am trying to help stevegee58 and others to get rid of some wrong beliefs by confronting them with reality about what these wrong guys already can do and will do.
Here is a little educational demo video showing how a reverse engineer works with some very popular and well known commercial state of the art tools to decompile and analyze a trojan virus: http://www.ccso.com/files/hexraysdemo.swf again this is common knowledge and common practice amongst experts who work in this field.
Just because you haven't seen something yet does not mean it is top secret stuff.
- Sep 27, 2010 9:27amSep 27, 2010 9:27am
- Joined Oct 2005Status: Pip Slappa Extrordinaire1,012 Posts
Yes. If I write a DLL in C++, it cannot be reliably decompiled back to the original C++ source code (or even close). I agree that it might be possible to reconstruct source code from binaries but there are *many* techniques for preventing this. I don't mean obfuscation either. That's just a shell game.
I cannot speak for DLLs built from managed code like from VB or C#.
One thing for sure, EX4 files can be decompiled back to the original MT4 source code. Even then, the process is lossy: All comments are lost as well as the original names of all local variables. Comments and readable variable names are important to understanding an involved algorithm.
I cannot speak for DLLs built from managed code like from VB or C#.
One thing for sure, EX4 files can be decompiled back to the original MT4 source code. Even then, the process is lossy: All comments are lost as well as the original names of all local variables. Comments and readable variable names are important to understanding an involved algorithm.
You are in a maze of twisty little passages, all alike.
- Sep 27, 2010 9:29amSep 27, 2010 9:29am
Can it be disassembled? Sure, but assembly code is almost useless.
Please watch the video I posted above to see how 'useless' it can be in the hands of somebody who knows about this stuff. - Sep 27, 2010 9:30amSep 27, 2010 9:30am
- Joined Jul 2010Status: Member558 Posts
dang 7bit... just who are you trying to help here... seems a little bit like it might be helping the wrong guys...
of course, do as you will...h
lol, i remember doing it on a file earlier this year, and applying it to my fxopen mt4 platform. worked a treat.of course, do as you will...h
sshhhh
- Sep 27, 2010 9:33amSep 27, 2010 9:33am
- Joined Oct 2005Status: Pip Slappa Extrordinaire1,012 Posts
Please watch the video I posted above to see how 'useless' it can be in the hands of somebody who knows about this stuff.
Now we're entering the realm of how hard someone is going try to crack your stuff. Yes, determined, well-trained individuals can crack your code. So could the NSA if you used crypto. But why would they? You are in a maze of twisty little passages, all alike.
- Sep 27, 2010 9:45amSep 27, 2010 9:45am
So could the NSA if you used crypto.
This comparison is ridiculous because it refers to some fantasy reality from some cheap TV series where the NSA usually has some godlike abilities beyond the constraints of space and time and mathematics.Analyzing some assembly code and decompiling it function by function with a tool you can officially buy for some money is a little bit easier than using some not yet existing quantum computer or other hypothetical space alien technology to crack commonly used strong crypto algorithms.
- Sep 27, 2010 9:55amSep 27, 2010 9:55am
- Joined Oct 2005Status: Pip Slappa Extrordinaire1,012 Posts
Come on 7bit, I was exaggerating to make a point. Every time you add a layer of protection, it becomes more difficult for an attacker to compromise it. Decompiling EX4 files is absurdly cheap and easy. Decompiling a C++ DLL is harder and costs money. Once you add the layer that costs money you eliminate 90% of your attackers. The attackers that remain will only pursue trying to crack your code if it's worth the time.
If you write an indicator for the MT4 environment and offer it for sale, is it worth decompiling the EX4 file? Sure, because it's free and easy especially if it's pure MQL. If you take additional steps to eliminate this, you've eliminated 90% of the problem. Is that good enough? Depends on how much you charge for your indicator. If you're charging $1000 per copy it might be worth it for an attacker.
If you write an indicator for the MT4 environment and offer it for sale, is it worth decompiling the EX4 file? Sure, because it's free and easy especially if it's pure MQL. If you take additional steps to eliminate this, you've eliminated 90% of the problem. Is that good enough? Depends on how much you charge for your indicator. If you're charging $1000 per copy it might be worth it for an attacker.
You are in a maze of twisty little passages, all alike.
- Edited at 10:50amSep 27, 2010 10:07am Editedat 10:50am
Every time you add a layer of protection, it becomes more difficult
I can agree with this statement.But in your original post you used a wording that suggested some absoluteness that simply does not exist and I wanted to show that with the correct tools (a copy (maybe even pirated!) of IDA Pro and the decompiler plugin for example) it might be even easier to accomplish than one might think.
After all the attacker does not even have to decompile the entire DLL, it is enough to analyze and understand the protection mechanism just enough to be able to patch some bytes of NOP into the DLL at the correct place.
I did these kind of things (patching some branch instructions or similar with nothing more than a disassembler) for fun 25+ years ago with C64 games to get more lifes just to be able to at least see the final level of the game. I did it because I wanted to know it, to prove to myself that I am able to find out how it works and that I am able patch it. Satisfaction of the own ego can be a strong motivation, for some people much stronger than money!
- Sep 27, 2010 10:13amSep 27, 2010 10:13am
.
This is all common knowledge and knowing about these things belongs to the education of every informatics student. There is nothing wrong with mentioning common knowledge on a public forum. You can find the same information by doing a simple google search (and in fact I just did a simple search for 'c decompiler' to come up with these 3 links).
Just because you haven't seen something yet does not mean it is top secret stuff.
//----This is all common knowledge and knowing about these things belongs to the education of every informatics student. There is nothing wrong with mentioning common knowledge on a public forum. You can find the same information by doing a simple google search (and in fact I just did a simple search for 'c decompiler' to come up with these 3 links).
Just because you haven't seen something yet does not mean it is top secret stuff.
absolutely agree... wasn't aware i came across as being that naive... will work on that...
i'm all for and widely known for being a proponent of free help... it was the extra step of providing the specific links that seemed a stretch... we could just as easily provide links to free mq4 decompilers... or provide the proper proportions of diesl and ammonium nitrate .... all of which are on the net...
again, help as you will....
//----
and of course i'm all for those guys that do charge for help whatever their price/hour... many provide a valuable service... truth be know, the good ones are under paid...h
to trade and code, keep both simple.. no call to impress..h
- Sep 27, 2010 10:23amSep 27, 2010 10:23am
- Joined Oct 2005Status: Pip Slappa Extrordinaire1,012 Posts
I did project an air of absolutism but that's just reflective of the arrogance of engineers.
I used to hack too (remember SoftICE by Numega?), so I'm very much aware of the attacks one can bring to bear. I see folks selling EAs and indicators with no protection whatsoever and they're pirated almost immediately. It wouldn't happen to me, at least not for a while.
I used to hack too (remember SoftICE by Numega?), so I'm very much aware of the attacks one can bring to bear. I see folks selling EAs and indicators with no protection whatsoever and they're pirated almost immediately. It wouldn't happen to me, at least not for a while.
You are in a maze of twisty little passages, all alike.
- Edited at 10:48amSep 27, 2010 10:37am Editedat 10:48am
or provide the proper proportions of diesl and ammonium nitrate .... all of which are on the net...
I think my intentions were obvious from the beginning on.I'm not sure whether I still read some sort of sarcasm out of your posting or what else is the reason your formulation still sounds strange and reproachful to me, maybe we both have different views about how free information has to be handled in a free society and how one can only be held guilty for his intentions when doing something and never for gaining, possessing or teaching of knowledge (which is always neutral by definition!).