You cannot effectively write an Avenue script to implement script encryption and decryption.
It's a bootstrapping problem: how is the script going to be encrypted? Not using itself,
because the first time ArcView tries to read it it will need the decryption capabilities.
Since it cannot be encrypted (we are discounting ArcView's built in method because it is readily
cracked), whatever algorithm it uses will be easy for anyone to borrow, just by copying code.
Thus, the decryption portion could be pressed into use to decrypt anything encrypted using the
home-grown technique (even if the home-grown technique is very good and tightly packaged, such
as in a DLL).
So how, as an Avenue developer, do you protect your source code? One way is to make the decrypted stuff horrible to look at. Before encrypting your source, remove all comments, get rid of helpful line indentation, change all descriptive local variable names to non-descriptive names. I call this "level 0" uglification. (Uglification is the opposite of prettification, which is what can be done to certain programs in C, for example, to format them for easy reading.) At level 0, uglification does not change how a script works in any way. It just changes its readability.
Here is an example of level 0 uglification. The uglified code is first. As a tiny challenge, try to decide what this (extremely simple) script does, then link to the original commented source.
a001159667=seLf.Get(0)A790588378=SElf.GeT(1)A372680664=sELf.gEt(2)a755981445=a001159667.geT(a790588378)A001159667.seT(a790588378,a001159667.GeT(a372680664))a001159667.SEt(a372680664,A755981445)
Note that doing level 0 uglification is not entirely trivial. For example, public variable names should not be changed, class names should not be changed, and requests cannot be changed. If you asked a friend not otherwise conversant in Avenue to uglify an Avenue script, they would probably screw it up.
Uglification at level 1 starts making changes to how the script works. It is syntax-driven, meaning that these changes can be made by a parser that has essentially no knowledge of what the code means. For example, at level 1, the uglifier can maintain all local variables and constants in a list. It will replace references to those variables by List.Get requests and assigments to those variables by List.Set requests. This is a tiny, probably inconsequential change for most source code, but it makes life even more difficult for someone trying to deciper the code. Other tiny syntactic changes can be made in several ways.
Here is an example of level 1 uglification. Rather than tease you, I will display the original Avenue script first..
if (SELF.Get(0).Not) then
MsgBox.Error(SELF.Get(1), "")
exit
end
Here is a hand-coded level 1 uglification of this script.
l={}l.Add(1).Add(0).Add(MsgBox).Add(SELF).Add("")if(l.Get(3).Get(l.Get(1)).Not)then
l.Get(2).Error(l.Get(3).Get(l.Get(0)),l.Get(4))exit end
This process, unfortunately, is reversible using similar syntactic techniques. Therefore for level 1 really to work, at various places within the script the symbol list must be permuted dynamically. Then, deciphering it correctly will depend on following its execution step by step. You can imagine how painful that could be.
Uglification at level 2, which I have not implemented, would make substantial changes to the way a script executes. It would require techniques from the domain of compiler writing and code optimization, which means it would be a significant piece of work.
If you have ideas about uglifying Avenue, please write me.
To use uglification, all you need is an uglifier. This is a little program that turns a text file containing syntactically valid Avenue code into a text file containing its uglified equivalent. Just before encypting a script, write it out as a text file, run the uglifier, read the uglified text back, and encrypt that instead. Here is a little
DOS-based level 0 uglifier (it produced the level 0 uglification example above). It is made available with no warranty or guarantee of any kind, and I disclaim any responsibility or liability in case of damage incurred during its use. If you use it, please report anomalous behavior directly to this address. If you want level 1 uglification, I will sell you a license to an executable upon request. You can buy the source code, too, if you like. It's in AWK and probably would work on Unix systems.
It is a DOS program. Download it into a directory named in your PATH
environment variable so it will be accessible by name alone. Name it uglify.exe.
To uglify a script, first save it to a text file. Suppose your text
file is named myscript.ave and it is in the /usr/guest/ folder on
your D: drive. Launch a DOS prompt from Windows and at the
prompt,type
D:
to make D: the active drive. Then type
cd /usr/guest
to change to the correct folder. Finally, type
uglify myscript.ave myscript.txt
You will see some information on the screen while the program runs.
Typically it will finish in less than a second. (If it does not, either
you have one s l o w machine or one h u g e script!) Here is an example of
the output:
Uglify.awk v 0.04 (c) 1999-2000 Quantitative Decisions
Contact support@quantdec.com with suggestions or bug reports.
Awaiting Avenue input on stdin; output will go to stdout.
Done.
Your uglified script is in the file you named myscript.txt. Go
back to ArcView and load that into a new Script Editor document. It should
compile and run just fine, despite its awful looks.
If you encounter a problem in compiling or running this script, go back to
the DOS prompt and insert an exclamation point (surrounded by spaces) after the
command name, like this:
uglify ! myscript.ave myscript.txt
The output will be much more readable. It includes comments (look at
the end of the script) identifying the original names of the uglified
variables. Diagnose your problem using this prettier script and then
contact us if you believe this is due to a bug in our program. We will fix
it.
Click on the image to download uglify.exe
