Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

How can I prevent re-engineering the VBA code from an .MDE

is it possible to re-engineer the VBA code from an .MDE file? I recently saw a link with this very subject (and steps to prevent this from happening), but I can't get back to it.

If this can be done, is there a way to prevent it?

Thanks.
0
Alaska Cowboy
Asked:
Alaska Cowboy
  • 7
  • 5
  • 3
  • +3
5 Solutions
 
infolurkCommented:
From what I can gather you its either very difficult or impossible to decompile an MDE to edit VBA code.
It is possible and there are tools available to edit an MDE to view table information and create macros and new database objects. It is not possible (as far as I know) to edit existing forms, queries or VBA.

Cheers
Steve
0
 
mbizupCommented:
Hi Bill,

It is possible to reverse engineer the vba in an MDE file if you're familiar with machine code.  There are also products available to do that for you.  There are also products available that claim to make it very difficult to get useful VBA code from an MDE by removing information about the variables, function names, etc.  Surprisingly, some vendors offer both :-)
0
 
Alaska CowboyAuthor Commented:
infolurk, I thought the same thing. but I do remember seeing a web site that cautioned against the possibility of someone re-engineering your code.

Miriam,

hi, how's it going? Is an MDE good enough, or do you protect your code with one of these tools? If so, do you have a link?

btw, I am still working feverishly on my Access project, I think it's tons better than when you saw it. Well, at least it works for me . . .
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
infolurkCommented:
Cheers Bill.
Good luck with your project.
0
 
mbizupCommented:
Bill,

It's going well, thanks :-).  From the nature of this question, it sounds like your database is really moving along.  Honestly, I have never tried these products myself so I can't vouch for them.  I just know they are out there and am familiar with how they work at a very general level.  A google search will bring up plenty.

>Is an MDE good enough...?
From my perspective, yes.  Most of the db's I develop are organization-specific, and never make it to the MDE stage.  We rely largely on trusted users and network security.  It depends on the nature of your product, its users and deployment and what you stand to lose.  In my case, the source code and database design are the among least of my worries.
0
 
Alaska CowboyAuthor Commented:
Miriam,

well, it's going out to the masses and in anticipation of a killer app I am paranoid about the code. It's about as tight as one can reasonably expect. PDP and Jerryb30 helped me recently on this. One good link from PDB is  http://www.aadconsulting.com/acdbmechanic.html).

0
 
Alaska CowboyAuthor Commented:
I found it !

http://www.everythingaccess.com/mdeprotector.htm

From the site: "Worried that someone will reverse engineer your VBA code?... Make it less worthwhile for them by removing redundant "compiler junk" from MDE (or ADE) files using this easy to use utility"
0
 
mbizupCommented:
0
 
mbizupCommented:
There you go :-) I think we hit the same one from different vendors.
0
 
Alaska CowboyAuthor Commented:
Well, it still blows my mind . . .

an MDE file can be reverse engineered to great accuracy ! I thought I was good-to-go with an MDE file.

So, about the time my product hits the front page of Dr. Dobbs journal, someone will get my source code !

Using the tool above removes variable names but still the code is readable, you just can't decipher too easily what is happening with variable1, varaiable2, etc.



Have a look, http://www.everythingaccess.com/mdeprotector_example.htm
0
 
mbizupCommented:
A lot of security-related questions here seem to boil down to "How secure is my database?".  The resounding answer is "it's not".  In applying security measures, I believe the objective is to set up obstacles to make it difficult to compromise db security (that level of difficulty and effort varies depending on your needs).  But if someone with adequate brains and determination really wants to crack the code...
0
 
Leigh PurvisDatabase DeveloperCommented:
I'm not entirely sure who'd bother to be honest.

Not trying to insult your code or anything ;-)  but unless you've written something brand new and inventive in VBA terms, then all your code relates directly to making your particular application work well.
Which would only be of use to someone ripping off a direct copy of your application and going against it head to head no?
And that would be a HUGE step for any company to take.  They'd be risking their entire business over saving themselves some development time.

Yes mde decompilers are becomming common - but I'd imagine the biggest users of them should be careless users who've lost the mdb, interested/nosey learners looking to see someone else's code, curious companies with existing competitor products checking to see they've not missed anything (with the last group being the least common - I may be giving human nature too much faith over business tactics, but that wouldn't be like me to do so!)
0
 
Luke ChungPresidentCommented:
Code obfuscation is a feature included in our Total Visual CodeTools product.  It lets you rename all your constants, variables, and private procedures to a letter and number.  It strips out all the comments, blank lines, blank spaces, etc.  It doesn't prevent someone from reverse engineering an MDE, but it does make the results less useful. FWIW, .NET suffers from similar problems.

Total Visual CodeTools also offers a variety of other coding utilities in order of my favorites:

1. Line numbering so your error handler can pinpoint exactly what line of code a crash occurs

2. New procedure builder with custom error handling and commenting structures built-in

3. Long text converter which converts strings like SQL code into a variable assignment in VBA code taking into account double quotes.

4. Code Cleanup to cleanup someone else's code (standardizes indentations, applies variable naming conventions, adds error handling to procedures that lack it, etc.)

5. Keystroke recorder

Plus lots of other useful builders and coding tools.

Visit here for more information including a demo: http://www.fmsinc.com/Products/codetools/index.html

Good luck,

Luke

0
 
puppydogbuddyCommented:
Hi  Everybody,
Bill, did you ever check out the encryption link I gave you on another post?

            http://www.cypherix.co.uk/cryptainerle/index.htm?adv=enc_ing

Supposedly (I have never used it), you can set it up so that your program installs to an encrypted container (e.g. directory) and the container works on the osmosis principle (licensees can get in the container in unencrypted fashion.......but anything coming out of the container (e.g. a copy of program) is encrypted.


PDB
0
 
Alaska CowboyAuthor Commented:
sorry, I fell asleep while the discussion was in full gear ! Thanks to all for the comments.

EE is like computer games (which I don't play). New doors keep being opened and inside is a whole new world . . .

Main point I learned in the last week is that it is possible to re-engineer MDE code; I thought the whole point was that the code is stripped out so how could one get the code? Live and learn. Anyway . . .

Miriam, I have built in lots of obstacles so I think it's about as protected as possible (except for maybe the MDE protector)

LPurvis, I agree with your points. Yes, the code is not ground-breaking :-( but I just have a mindset of protecting the code (and my investment) as much as possible, so was inquiring about the MDE re-engineering situation. At the moment, $130 for the MDE protector is not worth it . . . I guess I'm a somewhat of a neophyte, it's still odd that the point of an MDE is to strip out the code (for security I assume) yet it can be re-built. I figured stripping out the code meant it was a .exe of sorts (all binary) that was not readable at all. But pretty much with computers, if someone can break it, they will, corporate or otherwise. It's pretty much like EE, in the negative way.

Luke, I like the tool, it looks awesome ! But my risk management cut-off point (budget) doesn't require getting the tool, but it looks awesome. Also, the fact that .Net suffers from the same risk is interesting . . .

PDB, yes I did look at this when you posted - that was a long time ago! (so sorry for the semi-repeat). I even tried it out and can't remember for sure but it created some pretty big size barrier that I wasn't willing to wrestle with. But I like what it says "Impossible to break" - THAT'S what I'm looking for (but still not necessary at this point).

Thanks to all !


0
 
Leigh PurvisDatabase DeveloperCommented:
Fair enough - though try not to judge mde's too harshly.
They were secure for a long time.
Virtually everything gets cracked eventually.
0
 
Alaska CowboyAuthor Commented:
LPurvis, yes, I sit outside the office of the directory of computer security at a large organization - there's a lot of money to be made in security !

so I think I'm fine where I am with an MDE and will go with that (until I make it to the big leagues . . . )
0
 
Luke ChungPresidentCommented:
Hi William,

From a computer perspective, the challenge is that at a root level, the computer needs the instructions to run it's processes, so it's always possible to reverse engineer machine code.  That's not limited to Access, .NET, or Windows.

The primary purpose of MDE's is to make it difficult for users to modify the code in it. It doesn't prevent users from modifying other parts of it like tables, queries, macros, etc.  Programs such as Excel don't even have an MDE feature, so its code is always exposed.  We know people who use Total Visual CodeTools to obfuscate their Excel VBA code.

Sorry to hear your organization doesn't have the budget to buy additional tools. Hopefully, over time you'll find professional solutions from organizations like FMS to be helpful for increasing your productivity. If you're starting, I would recommend you look at our Total Visual SourceBook product with its royalty-free source code and Total Access Analyzer which will help you diagnose your work for opportunities to apply best practices, increase performance, and fix errors before you ship.  See www.fmsinc.com for more info.

Good luck and welcome to the Access community.

Luke
0
 
Alaska CowboyAuthor Commented:
Luke,

thanks for the follow up, very helpful. As far as the budget, I'm working in the garage at night  . . . and corporate during the day :-)

About re-engineering the code, I guess my perspective was a mainframe, which I worked on a while ago, not extensively. What I remember is - if you lose the source code (on a mainframe) - you're toast. Get another job . . .

But I really like FMS tools and have bookmarked them. Thanks.
0
 
Luke ChungPresidentCommented:
Understood.  FMS started in a similar way.  Good luck.  

Luke
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 7
  • 5
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now