very often some beginning max script developers ask how to protect their own code from undesired watching.
i want to explain once more why mse encryption is not secured at all.
there are three crypt related methods in mxs:
# encryptScript
# encryptFile
# openEncryptedFile
(you can check the mxs help to get what they do and how it works)
what is the difference between encryptScript and encryptFile? Nothing! the only difference that in first case max gives you some ‘hidden’ key for the encryption. This is only reason why max can decrypt this script itself later.
so what a hacker has to do to open your ‘encrypted script’? it’s only know this key and use openEncryptedFile method kindly provided my max.
After saying everything above I want to show you some funny and easy ‘homemade’ encryption process…
we imagine that everything below is written with c++ and max sdk.
I will show mxs version of it. Well… let’s do something very simple – XOR for example:
fn cryptScriptString str key =
(
for k=1 to str.count do
(
str[k] = bit.intaschar (bit.xor (bit.charasint str[k]) key)
)
str
)
try this function:
a = cryptScriptString "hello world!" 1234
"ҺҷҾҾҽӲҥҽҠҾҶӳ" -- on my machine
cryptScriptString a 1234
"hello world!"
you can see how successfully we “encrypted and decrypted” a script.
try anything more complicated with execution:
ss = ""
ss += "rollout rol \"Hi!\"
"
ss += "(
"
ss += " button bt \"Button\"
"
ss += " on bt pressed do print \"hello world!\"
"
ss += ")
"
ss += "createdialog rol
"
a = cryptScriptString ss 1234
execute (cryptScriptString a 1234)
nice?
but our algorithm is too simple… we can guess that it’s xor and get its key:
(
a = cryptScriptString "A" 1234
bit.xor (bit.charasint "A") (bit.charasint a)
)
1234
but we can make our algorithm a little more complicated
fn cryptScriptString str key =
(
key += 79217
for k=1 to str.count do
(
str[k] = bit.intaschar (bit.xor (bit.charasint str[k]) key)
)
str
)
you can try all samples above. they still work. but finding a key is not so trivial now.
do you want to make this encryption unique for a machine or a user? ok:
fn cryptScriptString str key =
(
key = gethashvalue sysInfo.username (key + 79217)
for k=1 to str.count do
(
str[k] = bit.intaschar (bit.xor (bit.charasint str[k]) key)
)
str
)
and… believe me hacking of this little algorithm made with c++ function is much more complicated and dreary process than just putting an “unknown” key in openEncryptedFile method.
have a nice day!
If I understand you correctly, my whole script have to be converted to a string. Then that string have to be encrypted with your function and the result must be assigned to a variable and saved as a new file(mse or ms). At the end of this file must be execute command.
How easy is to hack this when it is written in maxscript?
I found that key variable can be very long random number.
no… the pipeline is different.
you can have a ms file… using ‘homemade ‘encrypter’ you convert this file to encrypted one using a specific key and algorithm.
on user’s machine you setup a c++ plugin that compiled with this key and this plugin can decrypt only files encrypted with a specific key. this key is hard-coded. to find a key is not enough to decrypt the file. hacker has to know an algorithm as well. technically he has to disassemble whole code of this plugin.
plugin can read encrypted file, decrypt it, and execute in memory. do almost the same things as max does do with mse files.
to do this pipeline with mxs doesn’t make sense. because the key and algorithm is visible.
Thank you, Denis for these great examples! Can you show an example of C++ code, let’s say with xor as well and a simple key inside c++ file, and how you encrypt an mse script with this c++ little plugin.
Let’s say we have a script
(
print “this is my own script!”
)
show please a simple example how you encrypt with c++, then decrypt to memory and execute for max!
Thanks in advance!