December 4, 2010

QtK QtK
Lab Rat
1045 posts

Can QML files be obfuscated before bundling it in a sis file

Page  
1

I noticed that on opening a sis file you can get the qml files as its is. Can it be obfuscated? or is there any plans for that in future.

18 replies

December 4, 2010

xsacha xsacha
Lab Rat
502 posts

I guess it’d be the same as distributing any non binary. Use your C++ wrapper to decode the qmls. Before you load the main source.

 Signature 

- Sacha

December 4, 2010

QtK QtK
Lab Rat
1045 posts

I was wondering if this could be built in to the wrapper template provided by Qt creator.

December 4, 2010

QtK QtK
Lab Rat
1045 posts
tamhanna wrote:
xsacha wrote:
I guess it’d be the same as distributing any non binary. Use your C++ wrapper to decode the qmls. Before you load the main source.

Use a somewhat safe algorithm, though. And rename the file extensions.

Yes that option is always open. But if built in to Qt Creator everyone will benefit from it.

December 4, 2010

QtK QtK
Lab Rat
1045 posts
tamhanna wrote:
QtK wrote:
tamhanna wrote:
xsacha wrote:
I guess it’d be the same as distributing any non binary. Use your C++ wrapper to decode the qmls. Before you load the main source.

Use a somewhat safe algorithm, though. And rename the file extensions.

Yes that option is always open. But if built in to Qt Creator everyone will benefit from it.

But then it is also easier to break.

I wiull never forget the Astraware Superpatcher for Palm.- If every developer rolls his own scheme, well, not all of them will get hit. There is security in numbers here

What if you can generate a binary out of qml files instead of just obfuscating it?

December 4, 2010

Denis Kormalev Denis Kormalev
Lab Rat
1607 posts

As a quick solution just pack them as resource and apply some crypto on it. At loading simply uncrypto it and load as resource.
Or as quickest solution simply use as internal resources (inside binary).

December 4, 2010

QtK QtK
Lab Rat
1045 posts
Denis Kormalev wrote:
As a quick solution just pack them as resource and apply some crypto on it. At loading simply uncrypto it and load as resource. Or as quickest solution simply use as internal resources (inside binary).

Even I had thought of that but in that case I thought there might be a resource decompiler already present. But then this should work good as a quick solution. thank you.

December 4, 2010

QtK QtK
Lab Rat
1045 posts
tamhanna wrote:
Hi, not sure if the internal resource is so save though…

But still seems to be a quick and good workaround .

December 4, 2010

xsacha xsacha
Lab Rat
502 posts

If it doesn’t already exist, it will soon. Where there’s a will, there is a way.
Unfortunately it seems you’re stuck in a game of cat and mouse. However, if you make it too difficult, the cat may not bother to chase.

 Signature 

- Sacha

December 5, 2010

xsacha xsacha
Lab Rat
502 posts

I’m sure it’s quite easy to identify how they are aligned in your program.

 Signature 

- Sacha

December 5, 2010

xsacha xsacha
Lab Rat
502 posts

They all have their own signature I’m sure.
How do you think Symbian decodes it?

 Signature 

- Sacha

December 5, 2010

fcrochik fcrochik
Lab Rat
447 posts
tamhanna wrote:
xsacha wrote:
If it doesn’t already exist, it will soon. Where there’s a will, there is a way. Unfortunately it seems you’re stuck in a game of cat and mouse. However, if you make it too difficult, the cat may not bother to chase.

Don’t challenge me.

It would seriously be a cool project . Qt Resource Decompiler.

The only issue I see is that every compiler aligns his C arrays differently into the binary. So such a decompiler would always be limited to one or two configurations at a time.

If you need/want a real challenge I have a good one: a qml compiler! Or even better a QML to c++ generator.

 Signature 

Certified Specialist & Qt Ambassador Maemo, Meego, Symbian, Playbook, RaspberryPi, Desktop… Qt everywhere!

December 5, 2010

xsacha xsacha
Lab Rat
502 posts

That would be quite awesome! Not only do you get to keep the benefit of coding fast, you can skip the whole interpretive stuff, have the code in pure Qt C++ and you don’t have to worry about obfuscating the code :).

But I mean a lot of the code practices we use in QML are based around the fact that it is going to be interpreted. This would be hard to convert :\.

Maybe a .pyc or similar where it compiles the javascript but not in to C++.

 Signature 

- Sacha

December 5, 2010

fcrochik fcrochik
Lab Rat
447 posts

xsacha wrote:
That would be quite awesome! Not only do you get to keep the benefit of coding fast, you can skip the whole interpretive stuff, have the code in pure Qt C++ and you don’t have to worry about obfuscating the code :).

But I mean a lot of the code practices we use in QML are based around the fact that it is going to be interpreted. This would be hard to convert :\.

Maybe a .pyc or similar where it compiles the javascript but not in to C++.

It doesn’t need to be a 100% conversion or for every project.

It will convert optimize anything it can but it can still make use of the “script” run-time environment. I don’t think converting the “qml” would be a problem. Converting the javascript “portions” may prove not feasible.

The idea would be to use the qml as a replacement for the designer forms on c++ applications. For projects mostly based on qml/javascript it probably doesn’t make sense anyway.

 Signature 

Certified Specialist & Qt Ambassador Maemo, Meego, Symbian, Playbook, RaspberryPi, Desktop… Qt everywhere!

December 5, 2010

Tobias Hunger Tobias Hunger
Hobby Entomologist
3373 posts

tamhanna: What makes you think resources are in any way safe? There are tools available to introspect Qt applications that do quite a lot of neat things, including extraction of resources.

You might want to give this tool [gitorious.org] a try. In addition to resources it can help to examine the widget tree, etc. It is really amazing what you can do with Qt introspection.

December 5, 2010

fcrochik fcrochik
Lab Rat
447 posts

Tobias Hunger wrote:
tamhanna: What makes you think resources are in any way safe? There are tools available to introspect Qt applications that do quite a lot of neat things, including extraction of resources.

You might want to give this tool [gitorious.org] a try. In addition to resources it can help to examine the widget tree, etc. It is really amazing what you can do with Qt introspection.

Somehow since I started dealing with Qt I had this idea in the back of my mind that such tool would exist. Thanks for exposing it.

By the way, do you know of any good references of how to use “introspection” on your code? Introspection is widely used on java and .net projects but I haven’t seen much about how much can be done with Qt.

 Signature 

Certified Specialist & Qt Ambassador Maemo, Meego, Symbian, Playbook, RaspberryPi, Desktop… Qt everywhere!

Page  
1

  ‹‹ QML to .exe      Calling a C++ function inside a property subclass from QML ››

You must log in to post a reply. Not a member yet? Register here!