Solved

How can I prevent re-engineering the VBA code from an .MDE

Posted on 2006-11-16
20
710 Views
Last Modified: 2013-12-05
is it possible to re-engineer the VBA code from an .MDE file? I recently saw a link with this very subject (and steps to prevent this from happening), but I can't get back to it.

If this can be done, is there a way to prevent it?

Thanks.
0
Comment
Question by:Alaska Cowboy
  • 7
  • 5
  • 3
  • +3
20 Comments
 
LVL 8

Expert Comment

by:infolurk
Comment Utility
From what I can gather you its either very difficult or impossible to decompile an MDE to edit VBA code.
It is possible and there are tools available to edit an MDE to view table information and create macros and new database objects. It is not possible (as far as I know) to edit existing forms, queries or VBA.

Cheers
Steve
0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
Hi Bill,

It is possible to reverse engineer the vba in an MDE file if you're familiar with machine code.  There are also products available to do that for you.  There are also products available that claim to make it very difficult to get useful VBA code from an MDE by removing information about the variables, function names, etc.  Surprisingly, some vendors offer both :-)
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
infolurk, I thought the same thing. but I do remember seeing a web site that cautioned against the possibility of someone re-engineering your code.

Miriam,

hi, how's it going? Is an MDE good enough, or do you protect your code with one of these tools? If so, do you have a link?

btw, I am still working feverishly on my Access project, I think it's tons better than when you saw it. Well, at least it works for me . . .
0
 
LVL 8

Expert Comment

by:infolurk
Comment Utility
Cheers Bill.
Good luck with your project.
0
 
LVL 61

Accepted Solution

by:
mbizup earned 70 total points
Comment Utility
Bill,

It's going well, thanks :-).  From the nature of this question, it sounds like your database is really moving along.  Honestly, I have never tried these products myself so I can't vouch for them.  I just know they are out there and am familiar with how they work at a very general level.  A google search will bring up plenty.

>Is an MDE good enough...?
From my perspective, yes.  Most of the db's I develop are organization-specific, and never make it to the MDE stage.  We rely largely on trusted users and network security.  It depends on the nature of your product, its users and deployment and what you stand to lose.  In my case, the source code and database design are the among least of my worries.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
Miriam,

well, it's going out to the masses and in anticipation of a killer app I am paranoid about the code. It's about as tight as one can reasonably expect. PDP and Jerryb30 helped me recently on this. One good link from PDB is  http://www.aadconsulting.com/acdbmechanic.html).

0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
I found it !

http://www.everythingaccess.com/mdeprotector.htm

From the site: "Worried that someone will reverse engineer your VBA code?... Make it less worthwhile for them by removing redundant "compiler junk" from MDE (or ADE) files using this easy to use utility"
0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
0
 
LVL 61

Expert Comment

by:mbizup
Comment Utility
There you go :-) I think we hit the same one from different vendors.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
Well, it still blows my mind . . .

an MDE file can be reverse engineered to great accuracy ! I thought I was good-to-go with an MDE file.

So, about the time my product hits the front page of Dr. Dobbs journal, someone will get my source code !

Using the tool above removes variable names but still the code is readable, you just can't decipher too easily what is happening with variable1, varaiable2, etc.



Have a look, http://www.everythingaccess.com/mdeprotector_example.htm
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 61

Assisted Solution

by:mbizup
mbizup earned 70 total points
Comment Utility
A lot of security-related questions here seem to boil down to "How secure is my database?".  The resounding answer is "it's not".  In applying security measures, I believe the objective is to set up obstacles to make it difficult to compromise db security (that level of difficulty and effort varies depending on your needs).  But if someone with adequate brains and determination really wants to crack the code...
0
 
LVL 44

Assisted Solution

by:Leigh Purvis
Leigh Purvis earned 60 total points
Comment Utility
I'm not entirely sure who'd bother to be honest.

Not trying to insult your code or anything ;-)  but unless you've written something brand new and inventive in VBA terms, then all your code relates directly to making your particular application work well.
Which would only be of use to someone ripping off a direct copy of your application and going against it head to head no?
And that would be a HUGE step for any company to take.  They'd be risking their entire business over saving themselves some development time.

Yes mde decompilers are becomming common - but I'd imagine the biggest users of them should be careless users who've lost the mdb, interested/nosey learners looking to see someone else's code, curious companies with existing competitor products checking to see they've not missed anything (with the last group being the least common - I may be giving human nature too much faith over business tactics, but that wouldn't be like me to do so!)
0
 
LVL 10

Assisted Solution

by:LukeChung-FMS
LukeChung-FMS earned 60 total points
Comment Utility
Code obfuscation is a feature included in our Total Visual CodeTools product.  It lets you rename all your constants, variables, and private procedures to a letter and number.  It strips out all the comments, blank lines, blank spaces, etc.  It doesn't prevent someone from reverse engineering an MDE, but it does make the results less useful. FWIW, .NET suffers from similar problems.

Total Visual CodeTools also offers a variety of other coding utilities in order of my favorites:

1. Line numbering so your error handler can pinpoint exactly what line of code a crash occurs

2. New procedure builder with custom error handling and commenting structures built-in

3. Long text converter which converts strings like SQL code into a variable assignment in VBA code taking into account double quotes.

4. Code Cleanup to cleanup someone else's code (standardizes indentations, applies variable naming conventions, adds error handling to procedures that lack it, etc.)

5. Keystroke recorder

Plus lots of other useful builders and coding tools.

Visit here for more information including a demo: http://www.fmsinc.com/Products/codetools/index.html

Good luck,

Luke

0
 
LVL 38

Assisted Solution

by:puppydogbuddy
puppydogbuddy earned 60 total points
Comment Utility
Hi  Everybody,
Bill, did you ever check out the encryption link I gave you on another post?

            http://www.cypherix.co.uk/cryptainerle/index.htm?adv=enc_ing

Supposedly (I have never used it), you can set it up so that your program installs to an encrypted container (e.g. directory) and the container works on the osmosis principle (licensees can get in the container in unencrypted fashion.......but anything coming out of the container (e.g. a copy of program) is encrypted.


PDB
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
sorry, I fell asleep while the discussion was in full gear ! Thanks to all for the comments.

EE is like computer games (which I don't play). New doors keep being opened and inside is a whole new world . . .

Main point I learned in the last week is that it is possible to re-engineer MDE code; I thought the whole point was that the code is stripped out so how could one get the code? Live and learn. Anyway . . .

Miriam, I have built in lots of obstacles so I think it's about as protected as possible (except for maybe the MDE protector)

LPurvis, I agree with your points. Yes, the code is not ground-breaking :-( but I just have a mindset of protecting the code (and my investment) as much as possible, so was inquiring about the MDE re-engineering situation. At the moment, $130 for the MDE protector is not worth it . . . I guess I'm a somewhat of a neophyte, it's still odd that the point of an MDE is to strip out the code (for security I assume) yet it can be re-built. I figured stripping out the code meant it was a .exe of sorts (all binary) that was not readable at all. But pretty much with computers, if someone can break it, they will, corporate or otherwise. It's pretty much like EE, in the negative way.

Luke, I like the tool, it looks awesome ! But my risk management cut-off point (budget) doesn't require getting the tool, but it looks awesome. Also, the fact that .Net suffers from the same risk is interesting . . .

PDB, yes I did look at this when you posted - that was a long time ago! (so sorry for the semi-repeat). I even tried it out and can't remember for sure but it created some pretty big size barrier that I wasn't willing to wrestle with. But I like what it says "Impossible to break" - THAT'S what I'm looking for (but still not necessary at this point).

Thanks to all !


0
 
LVL 44

Expert Comment

by:Leigh Purvis
Comment Utility
Fair enough - though try not to judge mde's too harshly.
They were secure for a long time.
Virtually everything gets cracked eventually.
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
LPurvis, yes, I sit outside the office of the directory of computer security at a large organization - there's a lot of money to be made in security !

so I think I'm fine where I am with an MDE and will go with that (until I make it to the big leagues . . . )
0
 
LVL 10

Expert Comment

by:LukeChung-FMS
Comment Utility
Hi William,

From a computer perspective, the challenge is that at a root level, the computer needs the instructions to run it's processes, so it's always possible to reverse engineer machine code.  That's not limited to Access, .NET, or Windows.

The primary purpose of MDE's is to make it difficult for users to modify the code in it. It doesn't prevent users from modifying other parts of it like tables, queries, macros, etc.  Programs such as Excel don't even have an MDE feature, so its code is always exposed.  We know people who use Total Visual CodeTools to obfuscate their Excel VBA code.

Sorry to hear your organization doesn't have the budget to buy additional tools. Hopefully, over time you'll find professional solutions from organizations like FMS to be helpful for increasing your productivity. If you're starting, I would recommend you look at our Total Visual SourceBook product with its royalty-free source code and Total Access Analyzer which will help you diagnose your work for opportunities to apply best practices, increase performance, and fix errors before you ship.  See www.fmsinc.com for more info.

Good luck and welcome to the Access community.

Luke
0
 
LVL 1

Author Comment

by:Alaska Cowboy
Comment Utility
Luke,

thanks for the follow up, very helpful. As far as the budget, I'm working in the garage at night  . . . and corporate during the day :-)

About re-engineering the code, I guess my perspective was a mainframe, which I worked on a while ago, not extensively. What I remember is - if you lose the source code (on a mainframe) - you're toast. Get another job . . .

But I really like FMS tools and have bookmarked them. Thanks.
0
 
LVL 10

Expert Comment

by:LukeChung-FMS
Comment Utility
Understood.  FMS started in a similar way.  Good luck.  

Luke
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

In the article entitled Working with Objects – Part 1 (http://www.experts-exchange.com/Microsoft/Development/MS_Access/A_4942-Working-with-Objects-Part-1.html), you learned the basics of working with objects, properties, methods, and events. In Work…
Describes a method of obtaining an object variable to an already running instance of Microsoft Access so that it can be controlled via automation.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In Microsoft Access, learn how to “cascade” or have the displayed data of one combo control depend upon what’s entered in another. Base the dependent combo on a query for its row source: Add a reference to the first combo on the form as criteria i…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now