My office sell grasshopper definitions to clients. At the moment we deliver a file and that’s it.
This means that the client pay a large amount to get the definition developed and then they do what ever they want with it. Now clients asks for subscriptions instead, meaning a smaller amount for the development and then a monthly payment for support and so on.
Is there a way to “protect” your definitions for a business model like this?
The consensus on this seem to land on selecting and issuing an appropriate license.
There are a few discussions here on Discourse regarding measures to protect Grasshopper code/defintitions, but there’s really very little one can do that a “hacker” won’t be able to get around. I my experience, the “best” approach to obfuscate code is to compile IronPython (i.e. GHPython), as this will decompile to complete gibberish. But again, I’m sure there are ways of making sense of this too.
Thanks for the answer! We’re going to take a look at IronPython.
I think after a certain point where it become as hard to “hack” as to write the definition it doesn’t make sense to make it more secure anyhow.
This thread covers some of the thoughts/options regarding code encryption:
I believe the new GHPython compile options implement the same .NET functionality that I linked to back then. So that might be a place to start.
Edit: And in turn, this thread:
The only way you can take control of something like this is by making a plug-in which (a) performs some crucial role in your file and (b) checks for valid licenses.
But even then an experienced programmer with dubious ethics can find ways to get around that.
I suspect the best return on investment \left(\frac{\text{income}}{\text{effort}}\right) is just having your customers sign a license agreement.
Thanks David!
I think I will go for IronPython or even just a password protected cluster + some kind of signed agreement.
So far, I think the best protection has been making a great job and clients life easier. Then most of them are happy to pay.
Hi Jesper,
We’re working on a system/prototype that might be able to address this. It’s in pretty early stage, but shoot me an email at EPoulsen at ThorntonTomasetti dot com and we can tell you more about it.
Cheers
Hi, I know I’m super late for this convo, even though I saw this article a year ago i just got an idea that might work. My idea is using a python component at the beggining of the script that basically all the input parameters and one more for “active”, either True or False. If True, the python component passes all the input parameters to the regular gh components and the script works, if False the python component doesnt allow the parameters to pass through so the script doesnt work. Heres the big part; the “active” parameter has to be controlled remotly, I belive this could be done through creating an api, basically you on your computer toggle a button True or False for a specific client, and that client on their computer based on that either can or cannot run the script. Finally wrap it all up in a cluster and put a password on the cluster so they cant change the python code and done. I’m not a master coder, quite new to python, and btw looked up a video on api i didnt knew that existed and still idk if the idea works or not anyone smart in that area please tell us if it does or doesnt, if its secure or not and maybe guide us through and how we can make it work.
a password protected cluster is like a closed but unlocked door with a sign on it reading “don’t open this door”: it works as long as the User agrees to obey the sign
you can use password protected clusters to disallow your colleagues to do unintended changes to your code, but that’s all
if you give your code out, at a certain point -and with enough knowledge and efforts- someone will be able to read it
you could use Hops to make a given definition work remotely on your Server, and have Clients connect to it, so the Client gives some inputs and gets some output without knowing what’s happening in the middle
I believe stuff like that is the real only way to protect your code entirely
The whole point of bypassing security checks is to either prevent the check or by inverting the jump instructions. If you have access to the file its a matter of effort.
However there is quite a range on how you can make reversing or cracking definitions to be harder.
The problem with password-protected clusters is that you get the hashing algorithm with its “salt&pepper” modification quite “easily”. This allows you to brute-force hashes and to recover passwords. If you have users who reuse passwords for their entire tooling, then this is the greater danger.
I don’t think that exposing definitions over a web-api is worth the effort. I mean it depends on the use-case, but given that a person is capable in reversing obfuscated definitions, then this person is also very likely capable in reversing the definition itself. So there is no point to prevent that.
The code is still executed locally.
I’m not sure, I can be wrong, but I suspect even hops actually “load” the target .gh file somewhere locally and then run it.
The usual “someone with enough knowledge” might get a copy of the whole .gh , if you are using hops.
Building a custom server, sending actual inputs to the remote server and then getting back the result. This is definitively the only way to get an initial safety on your code: code executed remotely.
With Hops you can run a computation server more easily, because each solution will be executed with a dedicated Rhino.Compute instance. At least this is my understanding. You’ll still need a dedicated api (REST, GraphQL or (Web)Sockets etc) to input and output from that definition.
But this is also the problem with this approach. Unless you have no experience in making a Web-Api secure, you technically open Pandora’s box.
I do respect all that you said, however logically speaking if someone is smart enough to hack it, hes probably smarter than me so he could just create the script himself. Other than that I wonder whats the method of hacking used to crack ghclusters, is it bruteforce? if yes; then cant we just use a super long password that will require a computer so much time to crack that it wouldnt be worth cracking anymore?
100% agree. This is also what I’m saying in my previous post. Therefore you can make it harder, but you should not fight against windmills
No you can simply bypass the password check and always open the definition. But the hash is inside the file, and this is the problem with passwords in files. If you bypass a check, then you don’t know the password. Of course the stronger a password is, the harder it is to brute-force. But once you get one, the user might use it somewhere else. Even in 2024, too many people still use 1 or 2 passwords only. Fortunately nowadays you have 2FA or other mechanism like expiring Tokens.