Best (Any?) Practices to keep GH secret/hidden?

Indeed it would be interesting to know how its kept protected. But just to make something clear, I mean, if I would have developed such a great functionality , I would have written it as a c# or c++ dll.

But if we talk about this, then we are talking about something very different. There is a fundamental difference between protecting arrangements of nodes on a canvas or invoking external functionality from a protected library.
Writing plain code almost always leads to much better edge case handling , because conditionals are much easier to write, and its also much easier to protect against „average“ user.

If we talk about plain C++ in particular a reversing strategy is almost always limited to disassembling, and my knowledge with this is very limited, although I achieved cracking/patching my own software, I would never ever risk to do this with commercial software. Especially because of the laws in my country, I‘m not planning to ever try. I do have a different opinion on decompiling, which is far more gray. I think its always up to the purpose…

Anyway, I think whatever you do for protecting, the most efficient thing to do is to keep code away or break/inform silently, but in the end you always have a false sense of security, so you have to make sure that you only work in a trusted environment.

I know this is difficult in many offices, because they are simply too small to take legal actions against copyright violations, and also have a high frequency of replacing employees.

But to sum it up, if you are not able to protect efficiently then stop caring at all. It may also indicate that your script is not so great as you think.

To end this with a wisdom from a chinese fortune cookie:

„The more you know, the less you feel to know. (and vice versa) “

I may create some misunderstandings by saying “kept protected”. The situation is like the script cannot accessed by most employees, and it needs to be invoked as a remote procedure.

It won’t be very difficult for me if I can retrieve and reverse-engineer the native library, if they did so. Though it’s probably not worth it.

Sorry to tell you, but in GH, the definition/method/algorithm is everything.

Best procedure in your case that you never host/recall that definition from the destination PC, but you can send data to process to the PC that holds the definition, then send resend process data to the caller PC.

Hey there, thanks a ton everybody, really appreciate the input and expertise. I am getting a common theme of ‘separate the logic from the input’ from several of you, so I will look into whether there is a clean way to do that. (@gankeyu I am curious about that Chinese studio though…) If all fails @TomTom I will attempt to just breathe it out… Cheers!

15th time i look at this subject… Still a newby in GH but… you could…
take some phyton, encrypt it into a file, feed it into a GH script, decrypt with a temporary key (RSA+), execute… Then your encryption would be as secure as needed.

Really complicated way: encript your code, transcript it into a bitmap or a blob (accessible via local, net or cloud (add authentification if you want more protection + tracking)… provide a script that decrypts the input image (doesn’t have to be encrypted now) and it only works with a key (length/complexity factor added if you want) that only works during the day you want depending how secure you want it. I can add more level if you want but that’s rock solid.

sorry to retake this topic:

Hey @TomTom ,

first of all, you are one hell of a nice hacker! (not a cracker)

I just got stolen my usb device with a lot of nice gh programming that took me months to adapt to jewelry needs (yeah, the existing jewelry plug-ins are made by programmers, not jewelers → nicely programmed, functions not as they should be)
It’s been stolen from inside my backpack, they cut it open in the train station, they also seem quite experienced in their ‘job’, haha! what a bag of #@&!

expecting those thieves not to know what exactly they have in their hands and how expensive they could sell it to my concurrence or clients, I’m not in panic.

However, your ‘You don’t seem to be forest gump’ element looks extremely interesting for protecting files a bit better. Did you override the appearance in a c# script? I’ll try and do something similar without the style change, but would be very interested in how you did this.

though,it forces rhino to crash, but by deactivating the solver and restarting the same file, it seems to be readable anyway…this might be only a useless comment, as I haven’t programmed it yet and for obvious reasons can’t play with yours. (except I guess your windows username tomj, tomtom, tom etc and change mine, but thats stupid and for sure a loss of time)

Thank you in advance

Ben

EDIT:

ok, that was easy. but still: how did you make it look like a panel?

I don‘t remember what I did there…My initial comment was about the pointlessness of protecting code. Once its out in the world its gone. And that was the real answer, the rest was more about having a bit of fun.

I think once you get a basic understanding on how low level and desktop programming works, then there is no magic to it.

Modern languages and the strong emphasis on Web development might not give someone the obvious ways and tools, but most of the protection mechanisms are weak because the data and the information to access data is unencrypted inside the files or apps and so within the memory.

And since you so cannot prevent someone getting access to your protected data, I believe its much more efficient and fun to make people believe your code is garbage and faulty. Actually very often my code is garbage and faulty by nature… and definitely not of any monetary value! So living with that mindset is much more relaxing

Thank you for your reply!

Oh I know, I asked this for having a little fun myself, not to really protect my files. It’s been coded in like 15min finally and indeed it’s been great fun doing so. I even added some pseudo hash function to avoid string injection when pw is asked, haha.

from my point of view, the best protection is to stay offline if REALLY I want to protect my programs. There’s no alternative. And that’s how I do it myself since internet exists.

I honestly don’t consider clusters as real programming and I share your view that grasshopper definitions usually are not that much of a deal (except for Dani’s Peacock that used clusters to hide his vb codes, but again imo they are not great in practical use, but I honestly like that he did something at least and I think it’s useful for many people).
I am convinced that if these codes would have been officially open in the first place, some kind of collab between a good programmer and a goldsmith would have been much better and would have leaded to more importance to this plugin than pseudo protect the codes. It’s that spirit that makes most programs useless because you need the competence to program and the competence in what you are programming.
My codes are partly worth money no matter if they are garbage and faulty, because compared to the techniques been used up to now (e.g. circlepacking been made by hand), the programmed process takes a few seconds compared to tens of hours of work. I work like 5min and can send a bill of 5’000.- for having spent many hours of work and even much less expensive than the concurrence. finally that’s not because I’m a super duper programmer, but the branch is veeery slow and artist usually refuse to be replaced by computers, lol. Emotional decisions. (And I hate to spent 20 hours of making a circlepacking myself when in this time I can program it and never again do brainless repetitive work)

I think that’s worth protecting a minimum, but as you said, not by setting a password or being afraid these could be stolen. As someone said before on this post, in any case we need to move forward constantly, so noone can concurrence with old stolen copies…