2. NSIS Discussion
  3. How to prevent people to steal data from my NSIS installers ???

Archive: How to prevent people to steal data from my NSIS installers ???


java.jago
17th July 2006 06:37 UTC

How to prevent people to steal data from my NSIS installers ???
Hi,

You may probably know that the newest version of the http://www.7-zip.org/ archiver can open NSIS-Installer.exe files and extract data.

Quoting Website:
Unpacking only: RAR, CAB, ISO, ARJ, LZH, CHM, Z, CPIO, RPM, DEB and NSIS !!!

I tried it - it works I can open my NSIS installers and get to the raw data :(

In one of my installers I want to prevent that! Can I somehow prevent people from doing this ?

Cheers,
jago

Afrow UK
17th July 2006 09:51 UTC

You'd have to write a wrapper executable which contains the installer in an encoded format. I don't think anyone has done this before though, so it's up to you to find out how to do it or what to use.

-Stu

Anders
17th July 2006 16:13 UTC

..or you could change some bits in nsis source and recompile

Afrow UK
17th July 2006 18:59 UTC

Doh that sounds much easier :)

-Stu

dandaman32
17th July 2006 22:13 UTC

Use 7-zip to compress and encrypt your program's files at compile time, then use nsExec to execute 7zip at runtime and unpack the installer data.

You may want to use a C++/VB/whatever program to generate a random 64-character or so encryption key at compile time and then have 7-zip use that key to encrypt the compressed archive. That way every copy of the installer would have a different encryption key, but compiling the installer might take a little bit longer, especially if your program is big. If you really want to go secure, make a PHP or ASP.net script that recompiles the installer each time someone orders a copy and provide them with the key, that would mean that each copy of the installer would have a different key. If you don't want users to have to enter the key themselves, you could always make your C++ program generate a simple NSH file that contains the key and then use !include to use the generated file, but this can be a bit insecure in some cases.

-dandaman32

java.jago
18th July 2006 01:59 UTC

Ufff...

I hoped that there is some compiler option to use compress format - not encrypted, but just not openable.
I think I then leave my stuff the way it is - doing this changes is too much work and adds another layer of complexity.

Cheers,
jago

Comperio
18th July 2006 02:34 UTC

For now, you can use bzip2 compression to keep 7-zip from extracting. However, no guarantees that will continue to be the case.

Edit:
I just found a funky tool called "Yoda's Protector" that has some basic EXE encryption. Unfortunately, it only seems to work from a GUI interface and can only encrypt one file at a time. But, it's free and from my quick tests with 7-zip seems to work. Might check it out:
http://sourceforge.net/projects/yodap/

Fork me on GitHub