***Updates to this page*** 2008-4-15: - Added mention about error messageboxes in section "What this doesn't protect" - Added at bottom section "Comments here" - Added this section "Updates to this page" - Added title name to section "Introduction" 2008-4-14: - This Molebox page added by me [Lauri Ojansivu] ---- ***Introduction*** Molebox is a commercial application [http://www.molebox.com] that compresses and encrypts exe and other included files. Disclaimer: I do not work for Molebox, I do not get money from this, and I live in another country. Use demo version to decide if it meets your needs. [tbcload] also works on other OS; Molebox is [Microsoft Windows] only. I'm just one customer of Molebox. I have not contacted Molebox about writing this wikipage here, and I've figured all of this on my own (except when mentioned what info I got from #tcl irc channel). If some info here is wrong, please add comment. Thanks! ***What this protects*** You can't unwrap [Starpack] exe to get source code. ***What this doesn't protect*** If someone is knowledgeable programmer and figures this out: * If your app has errors and tcl error messagebox pops up with textline where error is. Maybe catch errors and send them to developer through Internet by with Tcl filling webpage form? * Well, this looks native (uses ttk/[tile] widgets in tcl/tk 8.5); wonder what it's made with. * Hmm, exe contents with XVI32 hex editor [http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm] doesn't say anything about tcl because we have changed version text with resource hacker and made custom icon. * Let's attach memory debugger and read what's passed to Tcl_Eval. Not all code is buffered in memory when being evalled - only procs. (This info I got from #tcl irc channel, haven't tried it). So do not place critical code in procs. * If there's [encryption] and care used with passwords or critical code is in .dll inside [starpack] and loaded into memory only for a little time and wiped after it, that would make it harder. * If Tk [send] is sometime implemented and enabled in [Microsoft Windows] Tcl/tk [http://www.tcl.tk/cgi-bin/tct/tip/150.html] you could attach to it with [Tkinspect] and see tcl source, but I didn't get it working on [Microsoft Windows] with my encrypted exe. On [Linux] (I use Ubuntu 8.04 beta) [Tkinspect] worked and showed source code, but you could disable send with command "rename send {}" [http://www.tcl.tk/man/tcl8.5/TkCmd/send.htm#M9]. (I got info about send from #tcl irc channel.) Then it's also possible to additionally protect source with [tbcload] that's available on [Microsoft Windows] and also other platforms. Molebox is [Microsoft Windows] only. ***Requirements*** '''Download these:''' * Tclkit - I used 8.5 GUI Windows version [http://www.equi4.com/tclkit/download.html] * sdx.kit [http://www.equi4.com/pub/sk/sdx.kit] * Resource Hacker [http://angusj.com/resourcehacker/] * UPX Win32 Console version [http://upx.sourceforge.net/#download] * XVI32 hex editor [http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm] '''Buy Molebox:''' * You can try for 15 days with demo version [http://www.molebox.com/download.shtml] * Or buy it, I already had Molebox Pro individual license that I bought some years ago for another purpose. I used Molebox Pro version 2.2981. ***Making custom icon*** There is already someone else's page [Custom Icons For Win32 Starpacks - The Real Story] but here's how I did it. I got .png image and made different sized icons with Gimp and made .ico with png2ico [http://www.winterdrache.de/freeware/png2ico/]. Then I placed it in app.vfs/tclkit.ico (I called my application as app). ***Making custom tclkit info*** Copy tclkit-win32.upx.exe to other name like mytclkit.exe that's for your own modified [tclkit] version. In [Microsoft Windows] Explorer file manager if you right click mytclkit.exe and select properties, you see tcl info that we'll modify here. Put mytclkit.exe and upx.exe in same directory like C:\myappdir . In command prompt: cd C:\myappdir upx.exe -d mytclkit.exe (unpacks upx packed tclkit using the same name) Then start Resource Hacker and open mytclkit.exe In tree menu, select following, numbers may be different: * Version Info/1/1035 - change texts and version numbers. If you want to change language (in Finnish it's VALUE "Translation", 0x040B 0x04B0) open notepad.exe with resource hacker and look for language number there. * 24/1/1033 has [xml] textfile that shows plaintext in encrypted exe and says something about tcl, so change content there too. Save mytclkit.exe and exit Resource Hacker. Then in command prompt: upx mytclkit.exe (makes it again upx packed executeable). Now when you look file properties you see changed info. ***Making starpack*** So you should have your application specific tcl files in directory C:\myappdir\app.vfs\ In command prompt: cd C:\myappdir tclkit-win32.upx.exe sdx.kit wrap app.exe -runtime mytclkit.exe Now you have single app.exe, but it's not encrypted yet. ***Making Molebox encrypted exe*** Start Molebox. As executable, click Browse and select app.exe. Then you need to add it second time by clicking Add file and selecting app.exe. (Yes, this all is needed, packing first with upx and twice with Molebox and everything to make it work.) If you need other files that are not inside [starpack] you can add them too. Then click Pack To Box. Now you got app.exe.exe that is encrypted with Molebox. You can test it this way: * Move it to another directory and rename to app.exe and double-click it to see if it works. * Open it with XVI32 hex editor [http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm] and search for Tcl, shouldn't find any. * In command prompt and another directory type: "tclkit-win32.upx.exe sdx.kit unwrap app.exe" - can't unwrap. * In command prompt and another directory type: "upx -d app.exe" - should say it's not packed with upx, can't unpack. ---- ***Comments here*** ---- [Protecting a TCL program against piracy] ---- %| [Category Package] | ([Source Protection]) |%