Decode compiled c++-code from Qt?

newe1 · wrote on 15 Apr 2011, 15:31

Hi!

I was a little bit curious as I read in an internet forum, that good hacker can easily decode compiled c++ code.

Is this true? And if yes, is it true for compiled c++-code with Qt?

If I send my compiled and released code:
applicationexample.exe
with:
libgcc_s_dw2-1.dll
Mingwm10.dll
Qtcore4.dll
QtGui4.dll

via e-mail to someone, can a hacker hack the file "applicationexample.exe" and get the source-code?
If yes, what can I do to prevent this?

I´m sorry, but I really don´t know if this is possible and if so, what to do in case...

leon.anavi · wrote on 15 Apr 2011, 16:40

Of course reverse engineering of C++ application and libraries is possible although I will not say that it is easy. Using Google you can find some fine examples and tutorials how to decompile such "this":http://www.codeproject.com/KB/cpp/reversedisasm.aspx :)

Cheers,
Leon

dialingo · wrote on 15 Apr 2011, 16:46

If you compile in release mode your application can be disassembeled and debugged in assembler mode. This is very cumbersome and in most cases not very helpful. Any reasonably complex program has simply too many instructions to be able to find out how all the bits and pieces work together.
In debug mode your code typically contains references to source lines but afaik not the source code itself.

newe1 · wrote on 15 Apr 2011, 16:55

Thanks Leon and dialingo.

Well, what could I do against it? Or is the probability so low, that a hacker can hack the exe-File and rebuild the whole source-code?

What do you do in your important projects? Do you have any recommendations?

Smar · wrote on 15 Apr 2011, 22:05

I must point out, that if you are really hacking onto something and not just reading about structures of thing, you want to have debugger and optionally disassembler to speed up analysis.

Decompiler basically does what it says, decompiles the binary using data in it; compilation is lossy operation, so decompiled code won’t be same, usually much more obscure, and sometimes it also fails, making the code not working. Disassembly basically is same, but with assembly instruction: it is about lowest level that is easily human readable.

With debugging, you can actually run the code, modify it and do whatever you want to actually try how it works; converted data of doesn’t really allow to actually try the code, you need different utility for it.

secretNinja · wrote on 15 Apr 2011, 22:17

@Smar I like the phrase "easily human readable" :D

Keith Cancel · wrote on 17 Apr 2011, 01:27

I would not worry any program is prone to reverse engineered even the latest and greatest applications by multi-billion dollar companies are reversed to usually pirate the software. It is a hard thing to prevent.

vinb · wrote on 17 Apr 2011, 02:18

in other words you cant prevent it :)

secretNinja · wrote on 17 Apr 2011, 05:34

But as long as your program is used by .. let's say 100 people .. I don't think that any of them will or could try reverse engineering on it.

On the other hand if the software has the luck and become a world known one ... you can be sure that some 'nice' day, somebody will successfully reverse engineered it (and if it is commercial, a crack will be released).

Keith Cancel · wrote on 17 Apr 2011, 06:21

There is really no way to stop someone from reversing software, but there are ways to make it more difficult such as compression and encryption that decompresses or decrypts on the fly when it is executed. Also no one will be able to reproduce an exact copy of you source code because a lot of the structure of the code is lost during compilation, and there is quite a bit of investment of time to take a piece of software and from the assembly reproduce working high level code. Plus, if it is not a commercial product you are making this is the least of worries.

leon.anavi · wrote on 17 Apr 2011, 07:09

[quote author="newe1" date="1302886524"]Thanks Leon and dialingo.

Well, what could I do against it? Or is the probability so low, that a hacker can hack the exe-File and rebuild the whole source-code?
[/quote]

Honestly I do not worry that much from reverse engineer. There is no such thing as unbreakable encryption or total security :)

You can distribute you application as an open source and no one will try to hack it ;)

[quote author="secretNinja" date="1303018454"]But as long as your program is used by .. let's say 100 people .. I don't think that any of them will or could try reverse engineering on it.[/quote]

Well... We are all trying to create killer apps, right? "Recently Ovi Store hit 5 million downloads a day":http://conversations.nokia.com/2011/04/12/nokias-ovi-store-hits-5-million-downloads-a-day/ so in general Qt applications are used by a lot more people than your guess! Sorry about this marketing offtopic I will focus on development issues from now on :)

Cheers,
Leon