2014 m. gruodžio 19 d., penktadienis

Dynamics AX Encrypted Code Myth

After a long long time I am starting to write posts again. Hopefully, more useful ones.

Probably most of ISVs are having concerns how to protect their solution's source code. The problem with any AX code is that it's not a black-box but rather glass-box or even no-box.  Well, it meant to be like that. Once you get a solution you can easily read it's code. 

So, how to protect the source code you are investing lots of time to write? One solutions is to move part of the code out of the AX and write it in C# or any other language build it into binary library that can later be used by AX. Well, it can still be decompiled. Another is to move code to the web, if possible.  I believe there are some ways to protect it.

However, the craziest solution I have found so far is to protect the code using AXprotect solution. 
What it does, it converts the code into macros that are generated by giving some secret code.
The "encrypted" code looks something like this: 
...
#H44J(T92IZ1, #2F06U2 )#W7ZE(4YH8G1, #T92IZ1 )#4TF1(3N176H, #9K5L17 )#W7ZE(KMP2ZX, #4YH8G1 )#48FCZZ
#5KM2(V820I3, #KMP2ZX )#W7ZE(83UB84, #V820I3 )#H44J(PKXOSI, #41IZ3 )#4TF1(WBHQNP, #PKXOSI )#W7ZE(4D66G5, #83UB84 )
#4TF1(N2WB12, #4D66G5 )#H44J(044G62, #WBHQNP )#4TF1(GVS917, #044G62 )#W7ZE(CFU73F, #GVS917 )
#W7ZE(9F17GL, #N2WB12 )#5KM2(0TFV44, #CFU73F )#W7ZE(S59074, #0TFV44 )#5KM2(DJ273U, #S59074 )
#5KM2(UV23KQ, #DJ273U )#H44J(FC0WF2, #9F17GL )#H44J(JN2GR3, #UV23KQ )#3N176H#5KM2(0R4PS3, #JN2GR3 )
#5KM2(T3Z9H2, #WNKYB )#H44J(9W49S9, #0R4PS3 )#H44J(ND00JF, #T3Z9H2 )#W7ZE(32KPY4, #ND00JF )#H44J(F4L1CC, #9W49S9 )
...

It makes it terrible, impossible to customize and impossible to upgrade. That is basically why I tried to find out the solution how I can workaround this.

The creators say it cannot be reverse engineered. I say, it's a myth. 

If you have ever been using XppScanner you can use it to get the code out the "encrypted" code.
With this simple example you can get the actual X++ code. Well, it looks ugly as it is one big line of code but you can read it. One can write code beautifier for X++  like Java has to format the code.

The given example is just parsing one method. But it is quite easy to traverse any application object by using TreeNodeTraverser class.

static void parseXPPCode(Args _args)
{    
    TreeNode        treeNode = TreeNode::findNode("\\\\Classes\\AbatementCertificate_IN\\main");        
    
    XppScanner xppScanner = new XppScanner(treeNode.AOTgetSource());
    
    str             tokenStr;
    int             tokenCode;
    
    
    tokenCode = xppScanner.firstSymbol();
    while (tokenCode)
    {
        tokenStr  = tokenStr + xppScanner.string();   
        tokenCode = xppScanner.nextSymbol();
    }
    
    info(tokenStr);
}

Here you go, the myth of encryption is broken. This post is intended to make life simpler for those who have to deal with such code. Also for the creators to make something smarter.

Merry Christmas and happy New Year!


Komentarų nėra:

Rašyti komentarą