Questions on obfuscation technology | |
1.1 | Is it possible to recover original file from obfuscated version?
No, it's impossible to recover it - the names of symbols and comments are
gone forever. So keep the original version of your code in a safe place!
|
1.2 | My project consists of several files, calling functions from each other.
Will Stunnix VBScript Obfuscator protect it correctly (i.e. will protected version of the
same symbol be the same in every file)?
Yes, protected version of the same symbol will be the same in every file
of your project.
|
1.3 | Suppose I protected a project with Stunnix VBScript Obfuscator that contains several files,
and one year later I added a function to my project in one of the files.
Will I have to re-obfuscate entire project? Will I have to resend
new protected version of all files to the client, or I will have to send
only 1 file (corresponding to changed file)?
If using "shortest" obfuscator (that minimizes total length of identifiers),
you will have to reobfuscate entire project and resend all files.
In all other cases (e.g. with default obfuscation engine - called "md5")
you will have to obfuscate only changed file and to resend only it.
|
1.4 | The code I plan to obfuscate is called by code that should stay non-obfuscated.
Obviously after obfuscation the "calling" code doesn't work since names of
functions it calls have changed. What I have to do?
You have to list all functions, variables, names of types from the code you
plan to obfuscate that are referenced by calling code as "exceptions".
If using Project Manager, put them to Symbols ⇒ User-specified exceptions,
if using commandline - put them to file (one per line) and add
"-x name-of-file.txt" to your commandline.
|
1.5 | My project uses some library, and names of all functions in it start with
the same string (or match some regular expression).
Is there an option exclude all these symbols from obfuscation?
No, you will have to list all symbols individually.
But you can automate the task of composing such list by the following trick
(if using Project Manager):
perform obfuscation of your code, go to Symbols ⇒ View resultant symbol
mapping, scroll to bottom and click a link "download a list of encountered
symbols", save it to some file (getting list of all symbols encountered
in your project listed alphabetically), and use your favourite text editor
to cut all symbols from that library (since symbols in the file will
be sorted alphabetically, all symbols that start from the same string
will occur as a single block); copy and paste all "interesting" symbols
into Project ⇒ User-specified exceptions.
|
1.6 | How can I obfuscate only certain names and keep all others unchanged?
If using Project Manager, do the following:
perform obfuscation of your code, go to Symbols ⇒ View resultant symbol
mapping, scroll to bottom and click a link "download a list of encountered
symbols", save it to some file (getting list of all symbols encountered
in your project listed alphabetically). Paste that list nto
Symbols ⇒ "User-specified exceptions". Then go to
Symbols ⇒ "User-specified antiexceptions" and list all symbols that
need to be obfuscated.
|
1.7 | What is compression ratio when using source compression mode?
It's impossible to answer this question since the ratio greatly depends on
the average length of identifiers, average length of comments and average
identation size.
|
1.8 | Can Microsoft Encoder be used for result of obfuscation and/or encoding?
Yes, since the result of obfuscation and/or encoding is plain
VBScript code, any tools can be used with it (e.g. Microsoft Script Encoder
so tools for packaging scripts as .dll files).
|
1.9 | Can you suggest any reviews of your product and competing products?
Unfortunately we are not aware of such reviews. Frankly speaking, most of reviews on the net
are paid reviews, so even they existed, we wouldn't recommend to trust them. And keep in mind
that most reviews a dedicated to a single product, not a comparison of several ones..
We have created some list that can be thought of a comparison "we with others" - just go to product page and scroll to the list of features - all features marked with "unique" are really unique to our product (and are absent in any other). We recommend you to test our product yourself and make a decision. We have a trial that lets you fully evaluate it and even apply to your project. Such evaluation will reveal all flexibility and power of our product; the only limitation during evaluation is that all symbols can only prefixed with a same prefix. However, this allows to fully evaluate syntax support, support for exceptions, support for javascript embedded into html. Also, projects created during evaluation can be opened by a non-trial version of our product, so you won't waste the time spent during evaluation at all - your product will already be prepared for protection, and applying production-level protection will be a single click on "Build, Rebuild all" in non-trial edition of our product. |
Questions on encoding technology | |
2.1 | Will product protected using non-trial version be faster than
protected by trial one?
Trial version supports only 1 method of symbol name transformation -
prepending "ReplacementFor_" to original symbol, while final version has
a lot of additional methods (including compression mode achieved by
use of 'shortest' obfuscator) that keep symbol length less than 10 characters.
Also the trial version of Perl obfuscator adds
special block of code to the begining of each file that makes your code expire
on a specific date. As a result, the result of obfuscation produced
by trial version is much larger than one produced by non-trial version.
If encoding is also applied (and, as you remember, it's applied to the
result of obfuscation stage), the resultant file size is multiplied even
more. And since decoding of smaller file takes less time, the output
of trial version starts up slightly slower than output of non-trial version.
|
2.2 | Does automatic decoding of encoded code increase only startup time, or it
also increases execution time?
Automatic decoding is performed only once at startup, and thus
it increases only startup time.
|
2.3 | What factors influence decoding time?
Of course number of encoding iterations applied and size of file affect
increase decoding time.
|
2.4 | What are recommended values for number of encoding iterations?
The default value is a recommended value. It's greatly recommended to keep
the number of encoding iterations above 4.
|
2.5 | Can we apply only encoding to our code?
Technically it's possible to apply only encoding to the code, without
applying obfuscation. Just add '--noparsing' commandline option if not using
Project Manager, or put a checkbox "Don't parse source '--noparsing',
just encode it" (and a checkbox to the left of it!!) in the Project ⇒
Options, "standard: treat as raw code" mode.
But it is greatly not recommended to apply just encoding since it makes protection of your code much weaker. |
General questions | |
3.1 | Can we have an evaluation version of Stunnix VBScript Obfuscator?
You can get non-expiring version of Stunnix VBScript Obfuscator
by making a
request for it. A email with a download link will be sent automatically
to you.
|
3.2 | What documentation should I really read in order to start using Stunnix VBScript Obfuscator?
You have to read
Guide on preparing project for obfuscation and
Guide on using Project
Manager.
|
3.3 | Is Stunnix VBScript Obfuscator suitable for my project?
Yes, Stunnix VBScript Obfuscator is very flexible and advanced product and it can be used
for project of any kind and size.
|
3.4 | We would like you to add some specific feature to Stunnix VBScript Obfuscator - it's critical
for our project. Is this possible?
Yes, we will consider adding custom features for additional fee - just
contain our sales manager.
|
3.5 | Is it helpful for security to obfuscate file several times (i.e. apply
obfuscation to result of obfuscation)?
No, this doesn't help at all. One pass is enough.
|
3.6 | I've installed trial version of Stunnix VBScript Obfuscator. How can I use command line interface
of it? Command lines listed in the manual give "perl: command not found" error.
You have to install Perl interpreter for Windows. Please download the
most recent version of it freely from
ActiveState's site.
Then you'll be able to execute commandlines shown in manual.
But we greatly recommend using Project Manager GUI.
|
3.7 | What interface to Stunnix VBScript Obfuscator would you recommend - commandline or GUI?
Are they equal featurewise?
These two interfaces are equal featurewise.
So we greatly recommend to use GUI interface (i.e. Project Manager) -
it will save the time needed to read manuals, compose commandline etc.
Also it allows to protect all files in project in one pass (instead of the
need to invoke Stunnix VBScript Obfuscator from commandline for each file.
Also GUI allows to create buildscripts - Perl scripts that can perform building/clearing output/rebuilding changed files in your project. So once your project options are "stabialized" you will be able to rebuild your entire project (or only changed files) from commandline too. |
3.8 | What programming language Stunnix VBScript Obfuscator is written in?
Stunnix VBScript Obfuscator is written in Perl programming language.
|
3.9 | The source code of Stunnix VBScript Obfuscator does not look like Perl code. Why?
It is Perl code, but it's protected from analysis and illegal reuse
using our perl obfuscation tool -
Stunnix Perl-Obfus.
We greatly recommend all professional Perl programmers to use it for their
projects in order to protect their intellectual property.
|
General questions on using Project Manager | |
4.1 | When I start Project Manager, firewall complains that it tries to connect
to the internet, and then it tries to start web server on port 9000.
What's wrong? Can it be used on computers not connected to the internet?
Project Manager is in fact a web interface for GUI;
when you invoke it it starts Web Server.
This allows Project Managerr GUI to work as is on Windows, Unix, MacOS X
without
any modification. We promote using locally-running webserver as a new
effective approach to writing cross-platform GUI, please see more information
about
Stunnix Perl Web
Server on our site.
You probably got an impression that it requires internet connection because your firewall warns that program tries to connect to internet; the firewall you use is incorrect and badly written, address 127.0.0.1 is local; every computer has it as address of itself, independant of the fact whether it's connected to the internet or not. This special address is for special "loopback" network interface card accessible only from the same computer; programs from other computers will even be unable to know that Project Manager and Stunnix Perl Web Server are running and will be unable to communicate with it in any way, so it's safe to run Stunnix Perl Web Server (and Project Manager ) even on computer directly connected to the Internet. But of course Internet connection is not required in order to use Project Manager. |
4.2 | You say that Project Manager runs as a site on webserver working
on a user's computer
- will anybody from other computer be able to also access Project Manager?
Will any virus or hacker be able to try to break into computer this web
server?
No, Stunnix Perl Web Server by default is configured not to listen on any network interfaces
except a special "loopback" interface accessible only from the same
computer; programs from other computers will even be unable to know that
SPWS is running and will be unable to communicate with it in any way, so
it's safe to run Project Manager (and SPWS) even on computer directly
connected to the Internet.
|
Using Project Manager -various topics | |
5.1 | How can I apply some exceptions to only one file from the project?
First, you have to put exceptions to a file in your project input directory,
one symbol per line.
Then you have to create a new mode using Project → Options (using 'BASE' as parent mode for the newly created mode, enter the name of a file with exceptions (there is no need to specify directory name!) into entry (at the bottom of that page) with title "space-separated names of files to get list of exceptions from" and check a checkbox to the left of it (this will mean that the value of this option overrides the value in parent mode), click Save and then go to Project ⇒ Files, put a checkboxes near files you wish these exceptions to be applied to, then select a name of the newly-created mode in the popuplist at the bottom and click Assign processing mode button. Then of course you will have to rebuild the project. |
5.2 | How can I delete the project?
Please do Project, Options and click "Delete project" button.
|
5.3 | How can I have several files in the project to be protected using different
settings?
Please see answer
for a related question.
|
5.4 | How can I enable recognition of XPATH functions?
Go to Project ⇒ Optins, select mode with title 'BASE', enter
www-client-side.extras/xpath
into entry (at the bottom of that page)
with title "space-separated names of files to get list of
exceptions from" and check a checkbox to the left of it
(this will mean that the value of this option overrides the value in parent
mode) and then click Save.
|
5.5 | How can I enable recognition of XBL/XUL functions?
Go to Project ⇒ Optins, select mode with title 'BASE', enter
www-client-side.extras/xbl www-client-side.extras/xul
into entry (at the bottom of that page)
with title "space-separated names of files to get list of
exceptions from" and check a checkbox to the left of it
(this will mean that the value of this option overrides the value in parent
mode) and then click Save.
|
5.6 | How can I keep my html code not mangled (i.e. idented)?
Please go to Project ⇒ Options,
select "standard: serverside VBScript in .html/.asp files"
if you are protecting serverside code or
"standard: clientside VBScript in .html/.asp files"
if you are protecting clientside code,
find "remove spaces from html text where possible", and
check the left checkbox, uncheck the right checkbox, then click Save,
and then rebuild the project.
|
5.7 | Why behind some options for Project⇒Options there are 2 checkboxes?
The left checkbox behind some form element in the Project⇒Options specifies
whether the value of the option overrides the same value of it from the
parent mode (if checked - it overrides, if unchecked - the value of this
option from the parent mode is used).
So if the option itself has boolean value, then you see two checkboxes in one line. |
5.8 | How can I add a header or footer with copyright notice to each output file ?
Create a file, e.g. named banner.txt with copyright notice inside a comment
and save it into project's input directory.
Go to Settings, Edit modes present in the project.., click on "standard: treat as raw code " item in the list, scroll to bottom, in "File-related options " section, find entry "name of file with text to be prepended to the output" put banner.txtinto it and put a checkbox to the left of it (IT'S VERY IMPORTANT - this tells that we override the same setting in the parent mode) and click Save. |
5.9 | How do I export the project so that I can make a backup of it?
To export project, open it, then do Project⇒Export as native. What you
export this way is a list of files and the options for modes.
To import it - just do Project⇒Import.
Project file is stored inside your user's directory - the name of file it's stored in can be seen by going to Project⇒Options (there is a small-printed file location there). You can just copy that file from/to somewhere (and it's OK to rename it, keeping extension). Also you will have to backup "project state directory" (specified in project⇒options) - it contains exceptions, antiexceptions and symbol mapping information. Your project (and exported form of it) contains path to the project input, project output and project state directory. If you'll want to relocate these directories to different locations (e.g. after importing project), just go Project⇒Options and edit paths there. Due to this fact it's adviceable to give directories as relative paths relative to project's input directory - this way you'll have less strings to edit when relocating your project. |
5.10 | Our project contains both client-side and server-side code. How
can we protect both of them?
You will have to create 2 projects, one for protecting client-side code,
another one - for protecting server-side code in the output directory from
the first project. You will have to use different directories for state files
in these 2 projects. Since several projects can be opened at the same time
(in different windows), this should not complicate things much.
|
5.11 | Our project contains html files with a custom (non-standard) extension.
Will your product be able to protect them?
Of course it will. If using Project Manager, just go to Project ⇒ Files,
put a checkboxes near all your files with that custom extension, select
a "standard: clientside in .html/.asp files" in the dropdown
list at the bottom of the page and click "assign processing mode" button.
Now all those files will be handled as html files.
|
5.12 | How can I apply settings from some project to new other projects?
|
Questions on checking licensing conditions | |
6.1 | How can I add an assertion that prompts the user for a password
(and checks it) to control access the protected code??
assertions are meant to be non-interactive, since they are executed for each script file
(or module) of your project.
So if your product has several script files/modules in it,
a password will be asked while loading each of the files - so it's a bad idea to add
password prompt as a way to check licensing conditions.
You can enable assertion for one of the files though. |
6.2 | How can I add an licensing condition assertions to SOME of the modules of the project?
First you have to create a new processing mode that will inherrit all settings from "main" mode,
but add assertion. To do this, go to Settings, "Edit modes present in the project..,",
"Create new mode", give it some title, e.g "files with assertion", specify as parent
mode this mode :" standard: treat as raw code",
Then scroll to the group "Ensuring licensing conditions using generic asserters", configure licensing conditions in that section, and put a checkbox near each control there, since otherwise the value of controls will be ignored. Then scroll to the bottom and click Save to complete creation of the new mode. Then go to Settings, "For files - assign modes to project's files, add/remove files.. ", put a checkbox near file you wish to enable asserters in, and select "files with assertion" from drop down list and click "Assign processing mode". |
6.3 | How to define custom licensing conditions asserter using Project Manager?
Create a file named "myasserter.txt" in the project's input directory and fill it with
asserter's code. E.g. put code like this into it:
if ScriptEngineBuildVersion = 2 then alert("Running this script VBScript engine 2 is disallowed!"); x__stunnix_com_asserters_result=1 end if Suppose you wish to enable assertion of licensing conditions for all files in your project. If you wish to enable assertion of licensing conditions only for some files in your project, see question above. Go to Settings, "Edit modes present in the project..,", click on either the 'standard: treat as raw code' (if enabling assertion for each file) or the mode you've just created as explained in previous question. Scroll to the group "Ensuring licensing conditions using generic asserters", select "Take code from file" and check a checkbox to the left of this popup list. Put a checkbox to the left of entry "Name of file (relative to project's input directory)" below, and put a name of file "myasserter.txt" in that entry. Then click Save at the bottom of the page. |