Protecting SmileBASIC programs
Root / Site Discussion / [.]
MasterR3C0RDCreated:
I've seen this same situation pop up enough times that I've been getting a bit annoyed, to be honest, to the point where I ended up posting a comment on andritolion's 3DS OS. Basically, someone copies someone's program and reuploads it as their own, or just modifies it slightly, and gets the original creator upset and trying to force the reuploader to add attribution, take down their program, etc. A similar situation is trying to license SmileBASIC programs with something like Creative Commons (which is not even close to correct, I'll elaborate on this). I'd like to explain a few things in this forum thread so people can properly understand what it means to release a program on SBS.
First of all, I want to point out some important things so that people can understand licensing a little. So what is a license anyways? Basically, a license is a way to copyright a work (photos, data, source code, etc) while allowing other people to modify under certain conditions. However, there are different licenses for different things. Creative Commons licenses are meant for photos and other kinds of data, and do not cover things like patent rights, don't contain important parts required for distribution of source code, etc (read up at https://creativecommons.org/faq/#can-i-apply-a-creative-commons-license-to-software). What you should use is a license meant for source code. Most people would want something like the MIT License (https://choosealicense.com/licenses/mit/), which forces people modifying source code to keep copyright notices in code and to redistribute the license with their source code.
So this must be the solution to protect your SmileBASIC programs, right? Well, no. As stated in the SmileBASIC manual (http://smilebasic.com/en/e-manual/manual13/),
Please also note that programs and resources (images and sounds) included in published projects are deemed to have been provided by their creators with permission for secondary use by third parties. Please be careful to avoid problems such as infringement of copyright. If a published project is the subject of a takedown notice, SmileBoom Co., Ltd. may delete the relevant project without prior notice.As this should make obvious, the moment you release your project, you're giving anyone permission to use your code for whatever they want. I doubt that anyone reading this would be able to contact a lawyer and have them submit a DMCA takedown for something you don't (and can't) have registered copyright for, so you're officially screwed. If they can read your code, they can do whatever they want with the code. So you can't do anything. Even obfuscation won't protect your software, as it isn't very difficult for someone with the intelligence to do so to completely reverse your obfuscation to something that makes sense. In short, you can't do anything about people stealing your code. You can try as much as you want, but you sign away your ability to protect your software the moment you tapped "Publish my 'secondary-use-free' Project", so tough luck. The best you can do is try to ask an administrator to take down the program (check http://smilebasicsource.com/staff to find someone with Page Moderator or Admin and send them a site PM from http://smilebasicsource.com/messagebox), but even then, you might not have any luck. Not everyone is nice enough on the internet to attribute those they copied from, and you need to learn to accept that.
It's definitely impossible. In order for SB to run a program, it has to be in one of the program slots. To get code into a slot, you can either load a text file directly, or use PRGSET/PRGINS to insert the code from a string. A text file is easily accessible, and it's very simple to just modify the loader program to replace PRGSET with SAVE or something.You can try as much as you wantIs this a challenge?
Exactly. There's nothing you can do to make modification impossible. It sucks but we're stuck with it.It's definitely impossible. In order for SB to run a program, it has to be in one of the program slots. To get code into a slot, you can either load a text file directly, or use PRGSET/PRGINS to insert the code from a string. A text file is easily accessible, and it's very simple to just modify the loader program to replace PRGSET with SAVE or something.You can try as much as you wantIs this a challenge?
I don't think either of you quite understand what an obfuscater is. It has nothing to do with encryption or compression, being able to replace "PRGSET" with "SAVE" is irrelevant. An obfuscater aims to make code unreadable by changing its structure to be incredibly difficult for a human to follow along with. For example, on the Wikipedia page for obfuscation, they have an example of some code that prints out song lyrics in C.Exactly. There's nothing you can do to make modification impossible. It sucks but we're stuck with it.It's definitely impossible. In order for SB to run a program, it has to be in one of the program slots. To get code into a slot, you can either load a text file directly, or use PRGSET/PRGINS to insert the code from a string. A text file is easily accessible, and it's very simple to just modify the loader program to replace PRGSET with SAVE or something.You can try as much as you wantIs this a challenge?
Spoiler
#include <stdio.h> main(t,_,a) char * a; { return! 0<t? t<3? main(-79,-13,a+ main(-87,1-_, main(-86, 0, a+1 ) +a)): 1, t<_? main(t+1, _, a ) :3, main ( -94, -27+t, a ) &&t == 2 ?_ <13 ? main ( 2, _+1, "%s %d %d\n" ) :9:16: t<0? t<-72? main( _, t, "@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;\ #q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l q#'+d'K#!/+k#;\ q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; \ r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#\ \ n'wk nw' iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;\ {nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;\ #'rdq#w! nr'/ ') }+}{rl#'{n' ')# }'+}##(!!/") : t<-50? _==*a ? putchar(31[a]): main(-65,_,a+1) : main((*a == '/') + t, _, a + 1 ) : 0<t? main ( 2, 2 , "%s") :*a=='/'|| main(0, main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry") ,a+1);}
Well, you were quoting this: "In short, you can't do anything about people stealing your code. You can try as much as you want..." Obfuscated code can still be stolen, it's just a lot harder to modify.I don't think either of you quite understand what an obfuscater is. It has nothing to do with encryption or compression, being able to replace "PRGSET" with "SAVE" is irrelevant. An obfuscater aims to make code unreadable by changing its structure to be incredibly difficult for a human to follow along with. For example, on the Wikipedia page for obfuscation, they have an example of some code that prints out song lyrics in C.Exactly. There's nothing you can do to make modification impossible. It sucks but we're stuck with it.It's definitely impossible. In order for SB to run a program, it has to be in one of the program slots. To get code into a slot, you can either load a text file directly, or use PRGSET/PRGINS to insert the code from a string. A text file is easily accessible, and it's very simple to just modify the loader program to replace PRGSET with SAVE or something.You can try as much as you wantIs this a challenge?The code can be compiled and ran like any C code, yet is completely unreadable to the user. Making the code unreadable also gives you a built-in anti--modification (by that I mean, the inability to modify the program). Even something simple like changing "Hello, World!" code to say "Yello, World!", it's not obvious in the slightest how to make that simple change with a good obfuscater. But anti-modification can be incorporated in its own. You can do this by cleverly weaving the structure of the program into the program itself, thus making any modification of the program destructive to the program itself.Spoiler
#include <stdio.h> main(t,_,a) char * a; { return! 0<t? t<3? main(-79,-13,a+ main(-87,1-_, main(-86, 0, a+1 ) +a)): 1, t<_? main(t+1, _, a ) :3, main ( -94, -27+t, a ) &&t == 2 ?_ <13 ? main ( 2, _+1, "%s %d %d\n" ) :9:16: t<0? t<-72? main( _, t, "@n'+,#'/*{}w+/w#cdnr/+,{}r/*de}+,/*{*+,/w{%+,/w#q#n+,/#{l,+,/n{n+,/+#n+,/#;\ #q#n+,/+k#;*+,/'r :'d*'3,}{w+K w'K:'+}e#';dq#'l q#'+d'K#!/+k#;\ q#'r}eKK#}w'r}eKK{nl]'/#;#q#n'){)#}w'){){nl]'/+#n';d}rw' i;# ){nl]!/n{n#'; \ r{#w'r nc{nl]'/#{l,+'K {rw' iK{;[{nl]'/w#q#\ \ n'wk nw' iwk{KK{nl]!/w{%'l##w#' i; :{nl]'/*{q#'ld;r'}{nlwb!/*de}'c ;;\ {nl'-{}rw]'/+,}##'*}#nc,',#nw]'/+kd'+e}+;\ #'rdq#w! nr'/ ') }+}{rl#'{n' ')# }'+}##(!!/") : t<-50? _==*a ? putchar(31[a]): main(-65,_,a+1) : main((*a == '/') + t, _, a + 1 ) : 0<t? main ( 2, 2 , "%s") :*a=='/'|| main(0, main(-61,*a, "!ek;dc i@bK'(q)-[w]*%n+r3#l,{}:\nuwloca-O;m .vpbks,fxntdCeghiry") ,a+1);}
Well, you were quoting this: "In short, you can't do anything about people stealing your code. You can try as much as you want..." Obfuscated code can still be stolen, it's just a lot harder to modify.If you can't modify it how can you steal it? It can't be incorporated into any of your projects because that would require modification, and you can't even copy its structure because you can't read it. The only thing you could do is repost exact copies, which doesn't accomplish anything for the user given all SmileBASIC software is free anyways.
It's not impossible to reverse obfuscation. As I said before,Well, you were quoting this: "In short, you can't do anything about people stealing your code. You can try as much as you want..." Obfuscated code can still be stolen, it's just a lot harder to modify.If you can't modify it how can you steal it? It can't be incorporated into any of your projects because that would require modification, and you can't even copy its structure because you can't read it. The only thing you could do is repost exact copies, which doesn't accomplish anything for the user given all SmileBASIC software is free anyways.
Even obfuscation won't protect your software, as it isn't very difficult for someone with the intelligence to do so to completely reverse your obfuscation to something that makes sense.
It's not impossible to reverse obfuscation. As I said before, It's not impossible to take any modern program, like Horizon Zero Dawn, and run the compiled code through a disassembler. But what's that going to accomplish for you? Good luck trying to steal the code from that. Even obfuscation won't protect your software, as it isn't very difficult for someone with the intelligence to do so to completely reverse your obfuscation to something that makes sense.Did you even bother to look at the code I posted? Please tell me how that "isn't very difficult" to de-obfuscate. The power of obfuscation is limited to the programmer who made it. Sure, if you have bad obfuscation, it'll be easy to reverse-engineer, but to my knowledge this discussion had nothing to do with specific implementations of obfuscations but was in response to you people stating it is literally impossible. It would take an entire team of well-paid employees many many years to reverse engineer a modern video game simply from its compiled source code. I bring up compilation as it is a form of obfuscation in itself, since releasing a compiled version of your program is practically impossible for anyone to reverse-engineer, so it's a great example of the power of obfuscation. Obviously you can't compile SmileBASIC so algorithms would have to be a bit more clever (and would also likely introduce some overhead).
I interpreted "steal" to mean "get access to the code and be able to distribute it on your own", rather than actually being able to modify it or use parts in your own program. If your goal is to stop people from doing that, then obfuscation will work, as long as it's done well enough and no one wants to spend too much time.
But manually obfuscating a program is more work than it's worth (unless you're just doing it for fun, I guess), so people just use automatic obfuscation which is a lot easier to reverse engineer (I've done it before, with this: https://dan-ball.jp/javagame/dust/9.5/dust.js)
And whether you're dealing with "simple" obfuscation or compiled code, if you're looking to do something simple, often you can just search for a certain string or function call (like window.location.hostname for validating the site in JS) and replace it.
You could argue this though... (Straight from the upload warning.)
When submitting, you must warrant that your project is your own original work and does not contain any unauthorized 3rd party content, personally identifiable information or inappropriate content such as offensive words, images, or audio. For more details, refer to the official website.
You could argue this though... (Straight from the upload warning.) When submitting, you must warrant that your project is your own original work and does not contain any unauthorized 3rd party content, personally identifiable information or inappropriate content such as offensive words, images, or audio. For more details, refer to the official website.Uploading something automatically gives permission for other people to use it: "... programs and resources ... included in published projects are deemed to have been provided by their creators with permission for secondary use by third parties." The "your own original work" part is interesting though... It could be interpreted in different ways.
You could argue this though... (Straight from the upload warning.) When submitting, you must warrant that your project is your own original work and does not contain any unauthorized 3rd party content, personally identifiable information or inappropriate content such as offensive words, images, or audio. For more details, refer to the official website.This refers to copyrighted content and not user generated content for SmileBASIC as far as I can tell, so...
You could argue this though... (Straight from the upload warning.) When submitting, you must warrant that your project is your own original work and does not contain any unauthorized 3rd party content, personally identifiable information or inappropriate content such as offensive words, images, or audio. For more details, refer to the official website.SmileBoom has clarified this point. From another thread about this subject:
Here's SmileBoom's policy on this.In short, anyone can use your work in their own SmileBASIC projects even if you say otherwise, because you agree to grant a license for people to use it as a condition of uploading your project to SmileBoom's servers.çŹèȘă«ăŒă«ăèšăăć ŹéăăŒăźé ćžă«ă€ă㊠æšä»ăçŹèȘăźć©çšă«ăŒă«ăèšăăŠć ŹéăăŒăé ćžăăă±ăŒăčăć ±ćăăăŠăăăăăźćŻŸćżă«ă€ăăŠæ··äč±ăçăăŠăăă±ăŒăčăæŁèŠăăăŸăă æŁăăć ŹéăăŒăćăæ±ăŁăŠăăă ăăăăăæčăăŠăć ŹéăăŒă«ăăŁăŠć Źéăăăăăă°ă©ă ăȘă©ăźćăæ±ăă«ă€ăăŠèȘŹæăăăăŸăă èȘäœăźăăă°ă©ă ăȘă©ăä»ăźăŠăŒă¶ăŒă«ćŻŸăăŠć Źéăăć Žćăć Źéăăăăăă°ă©ă ăäșæŹĄçă«ć©çšăăăăăšă蚱諟ăăăăšă§ć ŹéăăŒăçșèĄăăăŸăă ăăŁăŠă仟ă«ăć ŹéăăŒăźææè ăăăăȘăă«ăŒă«ăèšăăăšăăŠăăçșèĄăăăć ŹéăăŒăŻçŹŹäžè ă«ăăäșæŹĄć©çšă蚱諟ăăăŠăăç¶æ ă«ć€ăăăŻăȘăăăăźć ŹéăăŒăć©çšăăăć©çšè ïŒçŹŹäžè ïŒăŻăäșæŹĄć©çšă蚱諟ăăăŠăăćæă§ć©çšăăăăăšă«ćéĄăŻăăăŸăăăRegarding Public Keys Distributed with Unique Rules Recently, cases have been reported of public keys being distributed with unique rules for use, and cases have also been seen of confusion resulting from that correspondence. In order to handle public keys correctly, once again, we will explain regarding the handling of programs, etc. published by public key. When publishing your own programs, etc. for other users, a public key is issued when you grant permission for secondary use of your published program. Consequently, for the time being, regardless of any kind of rule the public key's owner sets, it does not change the fact that permission has been granted for secondary use by third parties of the issued public key, and for a user (third party) who uses that public key, there is no problem in using it under the assumption that secondary use is permitted.
I have no interest in protecting SmileBASIC programs, but you people claiming this is impossible has sparked my technical interest.
Out of pure technical interest I've been playing around with this problem. I made a password protected program that cannot easily be read or modified but it executes just fine (it's not just obfuscation the program's logic gets reworked such that any modification usually causes it to crash). Not claiming I've solved this problem in the slightest this is my first attempt, but it's an interesting demonstration of the concept. I'm sure if some of you put your minds to it you could crack it.
I interpreted "steal" to mean "get access to the code and be able to distribute it on your own", rather than actually being able to modify it or use parts in your own program.Actually this could be theoretically prevented as well. Imagine if you have a table of hashed "product keys" inside of a program such that there are 42 keys per user. The unhashed product keys are only held by program owner. A product "license" only has a period of 1 year, and every week a key expires. In order to continue to use the product, you have to login to your account on some website and it provides you with your new license key for the upcoming week. Essentially what this means is that if a person shares a product key, you can revoke the key and it would stop working after a week, even if you copy/paste the program around. Assuming that you have a secure anti-modification program, a person can't simply change the source code to get passed the product key screen, and given you have a secure hashing algorithm, you can't simply read the source code to figure out the product keys. This means that, unless you crack the anti-modification algorithm, you have to use the product key, and you have to go through the external website every week to keep up with it. Again this is just talking what's possible, not that I actually advocate putting product keys on SmileBASIC software.
I have no interest in protecting SmileBASIC programs, but you people claiming this is impossible has sparked my technical interest. Out of pure technical interest I've been playing around with this problem. I made a password protected program that cannot easily be read or modified but it executes just fine (it's not just obfuscation the program's logic gets reworked such that any modification usually causes it to crash). Not claiming I've solved this problem in the slightest this is my first attempt, but it's an interesting demonstration of the concept. I'm sure if some of you put your minds to it you could crack it.I'd be incredibly interested to see a tamper-proof, product key-protected demo in SmileBASIC. It seems incredibly interesting to me honestly.I interpreted "steal" to mean "get access to the code and be able to distribute it on your own", rather than actually being able to modify it or use parts in your own program.Actually this could be theoretically prevented as well. Imagine if you have a table of hashed "product keys" inside of a program such that there are 42 keys per user. The unhashed product keys are only held by program owner. A product "license" only has a period of 1 year, and every week a key expires. In order to continue to use the product, you have to login to your account on some website and it provides you with your new license key for the upcoming week. Essentially what this means is that if a person shares a product key, you can revoke the key and it would stop working after a week, even if you copy/paste the program around. Assuming that you have a secure anti-modification program, a person can't simply change the source code to get passed the product key screen, and given you have a secure hashing algorithm, you can't simply read the source code to figure out the product keys. This means that, unless you crack the anti-modification algorithm, you have to use the product key, and you have to go through the external website every week to keep up with it. Again this is just talking what's possible, not that I actually advocate putting product keys on SmileBASIC software.