1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

Code+Name obfuscator, should I release?

Discussion in 'Programming' started by inio, Feb 11, 2002.

?

Should I release this program?

  1. Yes - Closed Source

    10 vote(s)
    30.3%
  2. Yes - Open Source (BSD license)

    8 vote(s)
    24.2%
  3. No.

    15 vote(s)
    45.5%
  1. inio

    inio many fauceted scarlet emerald

    Joined:
    Feb 8, 2002
    Messages:
    105
    Likes Received:
    0
    OK, I have written a working UScript obfuscator. It removes indicated scripts and symbols from the file. The question is now, should I release this tool to the public? The options are:

    closed source:
    pros:
    * Tool for developers looking to keep their hard work to themselves.
    * Helps guard against script kiddies attempting to hack mods.
    cons:
    * Abuse weakens the community
    * lays groundwork for making cheats more dificult to reverse engeneer and product against

    opensource (BSD license):
    pros:
    * all pros for closed source
    * provides useful code base for people looking to parse Unreal packages.
    cons:
    * all cons for closed source
    * makes reverse engeneering existing obfuscated componants (CSHP, UTPure) significanly easier with minor modifications.

    not at all:
    pros:
    * avoids all cons above
    cons:
    *avoids all pros above

    Voice your opinion. I'll be back Friday to look at the results.
     
  2. usaar33

    usaar33 Un1337

    Joined:
    Mar 25, 2000
    Messages:
    808
    Likes Received:
    0
    symbols?

    Anyway, as a member of the cshp team, I get a really powerful one, so a release does not effect me in any way :p
    What are the benefits over say... hex editing the source files?
     
  3. Mychaeel

    Mychaeel New Member

    Joined:
    Oct 3, 2001
    Messages:
    3,830
    Likes Received:
    0
    (Sigh.)

    I won't even start ranting about social responsibility towards the Unreal community whose "hard work" you're constantly taking advantage of whenever you look at somebody else's code, read an useful reply by a more experienced coder in a forum or use a free third-party tool like UClasses and VUC++.

    The problem I have with a publicly available easy-to-use UnrealScript source code obfuscation utility is that it conveys a message that is very, very wrong:
    • "Ripping off unobfuscated code is okay.
      ...because if I really shouldn't be ripping it off, it would be protected." (or: "protected better.")
    Some people indeed believe that the availability of source code makes it Open Source and implies the permission to take it, modify it, and redistribute it. It doesn't, and there's not even a need to state that somewhere; unless permission is expressly granted, other people don't have it. To get that point across, I usually put a short notice to that effect in the project's readme file and a brief copyright line at the top of every source file, and so far it was sufficient in all but a few pathological cases.

    But the balance of that is very delicate. It works as long as the availability of the source code is publicly perceived as something that is granted and beyond immediate control. If that balance ever changes, it will affect this whole community which has evolved in an open-minded environment where other people's achievements are readily available to learn and gain experience from without the contributors of this code really having to fear that their intellectual property will be abused. Of course there are some sad exceptions to that, but so far they are just that: exceptions.

    A publicly available tool like that has the potential to change this, and that would affect anybody (including you and me, usaar33).

    [edit]
    In other words, that's a clear No.
     
    Last edited: Feb 12, 2002
  4. mr.s-d

    mr.s-d CHiMERiC Moderator

    Joined:
    Aug 30, 2001
    Messages:
    65
    Likes Received:
    0
    To be honest I think if inio doesn't release his code obfuscator someone else will come along and release one. I'm just surprised there hasn't already been such a tool, how to remove the code from .U files has been fairly well known for a while.
     
  5. Mychaeel

    Mychaeel New Member

    Joined:
    Oct 3, 2001
    Messages:
    3,830
    Likes Received:
    0
    That definitely isn't because nobody ever before created such a tool or thought about releasing it to the public. (Seems I failed to get my point across.) :hmm:
     
  6. 2COOL4-U

    2COOL4-U New Member

    Joined:
    Mar 17, 2001
    Messages:
    505
    Likes Received:
    0
    I didn't get what inio meant first, but when I read Mychaeel's reply it became clear to me. I am completely against this. I mean TO/CSHP/UTPure do NOT do that for nothing, they have a reason and it's a pretty good reason! Please keep that tool for yourself. It would do more harm than good to the UT Community.
     
  7. Captain Kewl

    Captain Kewl I know kewl.

    Joined:
    Feb 13, 2001
    Messages:
    794
    Likes Received:
    0
    Wasn't originally going to comment as the as the whole idea actually angers me a bit and I really don't feel like debating (and I'm not going to), but I just wanted to mention that Mychaeel and 2COOL pretty much articulated my own feelings.

    I can think up maybe a dozen and a half reasons why a code erasing tool is a Bad Idea, but it all just boils down to this:

    If Epic intended for everyone to be able to do it (and yes, I realize that it isn't rocket science), they would have provided everyone with the resources to do so.
     
    Last edited: Feb 12, 2002
  8. usaar33

    usaar33 Un1337

    Joined:
    Mar 25, 2000
    Messages:
    808
    Likes Received:
    0
    Again, I am only concerned with how powerful it is.

    i.e. if it only replaces the text buffers with 01's, it is only the equivilent of hex editing files. In this case, I don't even see it as very useful (i.e. I can wipe source using a hex editor in less than a minute).

    However, if it is like the wiper that I have, which will actually reduce the buffer size (currently to 0 bytes), it is very useful. I used an old version of DB's source wiper on valhalla avatar. If you use UTPT on it, you can see that textbuffers have been reduced to 11 bytes each. As VA is an exclusively online mod, this wiping provides massive benefits:

    1) Prevents access to most of va's variables. Thus providing some amount of cheat protection.
    2) File size reduction. With source files, the mod was 396 kb. Being stripped, it was cut down to 130 kb or so. I would much rather download 130 kb than 396 kb when connecting to a server.

    I did NOT wipe however to protect my code. I am willing to release source to anyone who wishes. Yet, because of the two powerful advantages shown above, it was done.
     
  9. RegularX

    RegularX Master of Dagoth Lies

    Joined:
    Feb 2, 2000
    Messages:
    1,215
    Likes Received:
    0
    I think of my code like I think about my writing. I want people to read it. I want people to learn from it (if, through my 19++ bad habits, they can). That doesn't mean I want them to steal it.

    And the writing analogy is similar. See, published work (under some laws) is automatically copyrighted. It's true. Creators of work have a theoretical claim to anything they produce.

    Of course, theory doesn't work in the real world. That's why we have copyright notice. And for many authors, simply placing a copyright notice is enough.

    For others, they spend time and money detailing their copyrights to lawyers, govenment agencies and placing photocopies in safe.

    At my paying job, we recently printed out some source code, project diagrams, database schematics, etc., had them signed, sealed, notarized and placed in our lawyer's safe. And we do work that very few people would have an interest in stealing.

    While everyone has a right to their creation, they also have the responsibility to protect it. Mychaeel's approach is good - make a notice in the source detailing how you want your code to be treated.

    Everything I know from programming I've learned from either other programmers or from code examples, and I know a lot of coders who are the same way. My favorite license to date was Selena Sol's CGI notice which read something like "Steal, use, ignore, borrow, lend, I don't really care. It would be nice if we kept credit."

    Mine was always commentware. I don't really care what people do with my code, provided they leave remarks in the code detailing changes so that the next person could learn from it.

    But I digress. I think usaar brings up some excellent reasons why some people would want to use code hiding. For the most part, I think communication is key. Coders who think it's OK to steal just because there isn't a sign saying not to probably aren't worth their mettle. That doesn't mean you shouldn't leave a sign.


    Release it? I'm not sure it matters. When the other thread was posted, it took me about 3 minutes of a Google search to find out how to do it. How long did it take you to write it? How many hex editors are there?

    It's more important (imho) to talk about why code hiding should be done than worrying about someone releasing code to do it.


    rgx
     
  10. RegularX

    RegularX Master of Dagoth Lies

    Joined:
    Feb 2, 2000
    Messages:
    1,215
    Likes Received:
    0
    Curious. And I'm not trying be a troublemaker. I understand CSHP and UTPure. What's the reason for TO?


    rgx
     
  11. usaar33

    usaar33 Un1337

    Joined:
    Mar 25, 2000
    Messages:
    808
    Likes Received:
    0
    built-in cheat protection.
    (which really isn't that good :p)
     
  12. 2COOL4-U

    2COOL4-U New Member

    Joined:
    Mar 17, 2001
    Messages:
    505
    Likes Received:
    0
    Isn't it good? I thought it was a built in version of CSHP.
     
  13. Phennim

    Phennim New Member

    Joined:
    Aug 27, 2001
    Messages:
    17
    Likes Received:
    0
    "If god wanted humans to fly he would have given us wings."
    "If god didn't want us to fly he wouldn't have given us the ability to invent an airplane."

    There are six billion opinions in this world. Point is.. do what you want to do.
    Publish the source in what any form you want and let the public decide what to do with it.
    Don't publish it and let the next guy worry about it again.
     
  14. Mychaeel

    Mychaeel New Member

    Joined:
    Oct 3, 2001
    Messages:
    3,830
    Likes Received:
    0
    "If Epic didn't want aimbots to be developed, they would have made their code safer."
    "If the author of this code didn't want me to rip it off without giving him credit, he'd have protected it better."

    This argumentation doesn't make sense (and never has, in no case). If everybody who was capable to do so would, for instance, develop a CSHP-aware aimbot (or radar, or whatever), there'd be much more cheating around.

    The "next guy" might consider the things discussed in this thread by him/herself before offering to release a tool like that; just like other people have done that before. I did, anyway. inio asked for opinions, and here they are.
     
  15. 2COOL4-U

    2COOL4-U New Member

    Joined:
    Mar 17, 2001
    Messages:
    505
    Likes Received:
    0
    ok... do you know what happened with TNT. It was originally developed to be used in mines. But when people found it it was good to be used in wars too, well...

    I hope you get my point
     
  16. tarquin

    tarquin design is flawed

    Joined:
    Oct 11, 2000
    Messages:
    3,945
    Likes Received:
    0
    Software has a fairly unique position in the realm of creative endeavours. You can't read a book without also being able to rip it. You can hear a song on the radio & then play it yourself if you've got a musical ear.

    I'd rather someone built on my code & gave me credit than copy my ideas & leave me out of the loop entirely. Which beings me neatly to a point of sorts: you can't hide the idea. If a team released a new gametype mod called "PrisonerMatch", would the Jailbreak team be hacked off at their idea being hijacked or at the code having been ripped?
     
  17. RegularX

    RegularX Master of Dagoth Lies

    Joined:
    Feb 2, 2000
    Messages:
    1,215
    Likes Received:
    0
    Well if someone did *both*, that would be really bad :).

    Lots of games, however are built on other people's conventions. How many mods are either A) Clones or based of other, older mods or games, for other engines or B) Some intellectual property - i.e. movie, book, comic, etc.

    That's not to say they aren't valid. I think it's uber cool someone ported 'Combat' to the Q3A engine, and the old school mod Alien Quake would have been awesome (if it hadn't been 'foxed').

    Still, if a game or a mod gives me too much of a "been there, done this" feeling, I won't stick to it.

    In short, if someone stole my ideas, I would hope they were doing something better or different with them, same with my code. If someone downloaded the latest Freehold beta, renamed all the gametypes and pimped it as their own, they'd be getting some angry emails from me.... :)

    a good really post, btw

    rgx
     
    Last edited: Feb 14, 2002
  18. Mychaeel

    Mychaeel New Member

    Joined:
    Oct 3, 2001
    Messages:
    3,830
    Likes Received:
    0
    If somebody is really determined, overwriting text buffers doesn't help anyway. There's at least one UnrealScript bytecode decompiler around that produces compilable UnrealScript source code that even includes most symbolic information (variable names, function names, almost everything except for comments). Hiding source code text buffers really just hurts people who'd like to learn from other people's code (and the community in general as detailed above).
     
  19. inio

    inio many fauceted scarlet emerald

    Joined:
    Feb 8, 2002
    Messages:
    105
    Likes Received:
    0
    Back a day early. So I'll start responding now.

    ---

    I got a private message saying something along the lines of
    um ... well, no. Democracy is exactly what you said it isn't. Hiding your UnrealScript is not a human right. And I'm not going to release anything until I have a good reason too. I understand your desire to keep your source private, but I'll let the community decide that EVERYONE has that right before I hand it to you.

    ---

    usaar33: Indeed, my tool is very similar to that used on CSHP and UTPure. It completely rebuilds the package from scratch. Interestingly, if run over CSHP4+ with all the actions commented out (just unpack and pack), it reduces the file size by 3.5k. Anyone care to comment?

    Even more interestingly, UTPureRC5b GAINS 66 bytes...

    Oh, and yes, these packages load just fine. Still conrfuses me why they store an absolute offset in textures though...

    ---

    and now for some clarification:

    By "symbols" I meant the appropriate entries in the name table that would allow the source to be decompiled. These are difficult to eliminate with a hex editor for reasons I'm not going to elaborate on. The purpose of removing these is because this tool (and possibly others) will decompile the compiled bytecode into UnrealScript source. With the names gone, accomplishing this task is much more difficult.

    The issue with releasing this program opensource is that it would be trivial to modify it to create dummy names to insert in place of the removed names, making decompilation and reverse engineering significantly easier.

    To prove that this worked I regenerated symbols for CSHP4+ and looked at what is xxPreDecrypt in the released source with UTPT. The encryption scheme is kinda cute, though the reverse lookup table confused me for a bit. I like the way you pack the decrypted data back together with the nested function calls.

    ---

    tarquin:
    your brushes are l33t.
     
  20. usaar33

    usaar33 Un1337

    Joined:
    Mar 25, 2000
    Messages:
    808
    Likes Received:
    0
    Inio, very nice.
    I take it that you were able to get around the texture problem? (when I wrote a patcher for s3 textures using DarkBytes obfuscator as a base, I ran into huge problems with those offsets).
    DB's strips xx functions and zz variables.
    The reason for the CSHP4+ and UTPure size differences is do to changes in the stripping program. The stripper for 4+ used an EXE. The UTPure one used a commandlet, which turned out to be easier and more powerful (I have not yet seen the code).

    Speaking of which, is yours an EXE or a ucc commandlet?

    As for dummy names, I was able to write something up with very limited program base. I won't go into details, but it is rather simple just reading some parts of the UTPT doc. I'd love to post a rip of CSHP I did :p

    eh, reverse lookup table? I know we used 0 byte variable names as well as false ones, but not quite sure what you meant by reverse (oh.. you mean how import/export table order is reversed from the norm?)
     

Share This Page