Best (Any?) Practices to keep GH secret/hidden?

It’s easy to read a GH file offline. So it needs to be encrypted and decrypted in a controlled environment (e.g. by a plugin). But I think that goes too far.

@gankeyu
Yeah, no software is safe and can be bypassed somehow, often easily. Its about protecting against the average joes… If you have a certain skill, you don’t need these “amateur” gh scripts anyway :slight_smile:

@matthias3
Here is another way, rename the c# component with your windows username and you have a basic protection. I would also comment out the MessageBox:

exampleX.gh (1.7 KB)

As said, this has also flaws and i would rather stop caring about it…

1 Like

You crazy man!
Luckily i had just saved my work!

This insta-close your rhino+grasshopper!
You should have warned us!
XD

…scary.

Indeed, one of them is Picasso graphics:
2020-04-18 21_47_40-Window

I would argue even the Average Joes could crack that cluster password :smiley:

It could have restarted your computer, deleted the file batched or untervolted your intel processor… You basically can do a lot of crappy stuff. If you hide this functionality or make it to seem more to be a hardware issue, then nobody expects a protection mechanism underneath, and so the average joe don‘t even notice whats causing this… If you feed in no warnings, trigger it to happen randomly or strongly delayed then even more. (@Michael_Pryor) But if you name it password protection, then everyone likes to bypass this. The average joe couldn‘t even bypass cluster passwords, if nobody would tell how to bypass, downloading scripts or reading blog posts is easy…

1 Like

Yes, i know… Software security matters related to Grasshopper
I just trusted you! Shouldn’t have? :sweat_smile:

Another idea: use a "hidden"code like yours only to notify the owner of the script when/where it is used, so if a copy is pulled “outside the office” you can pin-point the culprit… but it would be late… and the algorithm could still be copied into another gh file without the c# script…

1 Like

I had this also in mind, but posting such solution is not legal anymore, I guess?!

I don’t know…
I am free to make a decompressor bomb / cryptolocker and never run it; then when and if you copy it and run it, it’s your fault… or not?

Another idea: hide it in plain sight!
2020-04-18 23_26_52-Window
Only one of the two is a c# script.

2 Likes

Yeah thats a great idea. and it of course also adds two values. The icon should also be changed…

… or you just make it to calclulate wrong…

  
    if (Environment.UserName.Contains("bundy"))
    {
      R = A - B;
    }
    else
    {
      R = A - (B * 0.5);
    }
4 Likes

These reminds me sth:

#define true false
#define false true

Anyway, I would recommend to use dynamic dataflow, hosting core computation on another computer. It won’t be that bad if only a little geometry is involved. Rhino’s geometry serialization is not very fast but quite usable.

1 Like

Still, there’re few thinking-heavy scripts which also draws attention from professionals.

I know a studio in China who has developed a very complicated GH script for generating smooth stairs from arbitrary side curves and it can deal with a huge number of edge cases. I’d like to learn how it works but that script is kept protected.

Indeed it would be interesting to know how its kept protected. But just to make something clear, I mean, if I would have developed such a great functionality , I would have written it as a c# or c++ dll.

But if we talk about this, then we are talking about something very different. There is a fundamental difference between protecting arrangements of nodes on a canvas or invoking external functionality from a protected library.
Writing plain code almost always leads to much better edge case handling , because conditionals are much easier to write, and its also much easier to protect against „average“ user.

If we talk about plain C++ in particular a reversing strategy is almost always limited to disassembling, and my knowledge with this is very limited, although I achieved cracking/patching my own software, I would never ever risk to do this with commercial software. Especially because of the laws in my country, I‘m not planning to ever try. I do have a different opinion on decompiling, which is far more gray. I think its always up to the purpose…

Anyway, I think whatever you do for protecting, the most efficient thing to do is to keep code away or break/inform silently, but in the end you always have a false sense of security, so you have to make sure that you only work in a trusted environment.

I know this is difficult in many offices, because they are simply too small to take legal actions against copyright violations, and also have a high frequency of replacing employees.

But to sum it up, if you are not able to protect efficiently then stop caring at all. It may also indicate that your script is not so great as you think.

To end this with a wisdom from a chinese fortune cookie:

„The more you know, the less you feel to know. (and vice versa) “

1 Like

I may create some misunderstandings by saying “kept protected”. The situation is like the script cannot accessed by most employees, and it needs to be invoked as a remote procedure.

It won’t be very difficult for me if I can retrieve and reverse-engineer the native library, if they did so. Though it’s probably not worth it.

1 Like

Sorry to tell you, but in GH, the definition/method/algorithm is everything.

Best procedure in your case that you never host/recall that definition from the destination PC, but you can send data to process to the PC that holds the definition, then send resend process data to the caller PC.

Hey there, thanks a ton everybody, really appreciate the input and expertise. I am getting a common theme of ‘separate the logic from the input’ from several of you, so I will look into whether there is a clean way to do that. (@gankeyu I am curious about that Chinese studio though…) If all fails @TomTom I will attempt to just breathe it out… :smiley: Cheers!

15th time i look at this subject… Still a newby in GH but… you could…
take some phyton, encrypt it into a file, feed it into a GH script, decrypt with a temporary key (RSA+), execute… Then your encryption would be as secure as needed.

Really complicated way: encript your code, transcript it into a bitmap or a blob (accessible via local, net or cloud (add authentification if you want more protection + tracking)… provide a script that decrypts the input image (doesn’t have to be encrypted now) and it only works with a key (length/complexity factor added if you want) that only works during the day you want depending how secure you want it. I can add more level if you want but that’s rock solid.

sorry to retake this topic:

Hey @TomTom ,

first of all, you are one hell of a nice hacker! (not a cracker)

I just got stolen my usb device with a lot of nice gh programming that took me months to adapt to jewelry needs (yeah, the existing jewelry plug-ins are made by programmers, not jewelers → nicely programmed, functions not as they should be)
It’s been stolen from inside my backpack, they cut it open in the train station, they also seem quite experienced in their ‘job’, haha! what a bag of #@&!

expecting those thieves not to know what exactly they have in their hands and how expensive they could sell it to my concurrence or clients, I’m not in panic.

However, your ‘You don’t seem to be forest gump’ element looks extremely interesting for protecting files a bit better. Did you override the appearance in a c# script? I’ll try and do something similar without the style change, but would be very interested in how you did this.

though,it forces rhino to crash, but by deactivating the solver and restarting the same file, it seems to be readable anyway…this might be only a useless comment, as I haven’t programmed it yet and for obvious reasons can’t play with yours. (except I guess your windows username tomj, tomtom, tom etc and change mine, but thats stupid and for sure a loss of time)

Thank you in advance

Ben


EDIT:

ok, that was easy. but still: how did you make it look like a panel?

I don‘t remember what I did there…My initial comment was about the pointlessness of protecting code. Once its out in the world its gone. And that was the real answer, the rest was more about having a bit of fun.

I think once you get a basic understanding on how low level and desktop programming works, then there is no magic to it.

Modern languages and the strong emphasis on Web development might not give someone the obvious ways and tools, but most of the protection mechanisms are weak because the data and the information to access data is unencrypted inside the files or apps and so within the memory.

And since you so cannot prevent someone getting access to your protected data, I believe its much more efficient and fun to make people believe your code is garbage and faulty. Actually very often my code is garbage and faulty by nature… and definitely not of any monetary value! :wink: So living with that mindset is much more relaxing :sailboat:

1 Like