encrypting indicator source code

Questions about MultiCharts and user contributed studies.
damageboy
Posts: 70
Joined: 15 Sep 2006
Been thanked: 14 times

encrypting indicator source code

Postby damageboy » 20 Nov 2006

Hi,
I want to encrypt my custom indicators with a third party tool which I trust more that MC (no offense :)).

I was thinking to encrpyt specific files/directories either with Windows Encruption or some other (better) tool like truecrypt.

Can the MC team please help by describing all of the directories where indicator source code is stored?
For example:
* Which database files contain source code (*.gdb files?)
* Which directories contain temporary source code during compilation stages (like "PLEditor\SrcEL" & "PLEditor\SrcCPP")

I would like to have a complete list, so that I could encrypt these directories/files.

Naturally my concern is that I only encrypt the CORRECT and MINIMAL set of files, so that general (runtime) MC performance is not downgraded.

For example, if a .gdb file that contains the source code also contains other settings/data which are accessed constantly at runtime, that would hurt MC performance.

User avatar
Alex Kramer
Posts: 834
Joined: 23 Feb 2006

Postby Alex Kramer » 21 Nov 2006

Dear damageboy ,

your implementation won't work; I recommend using a binary-only .sef file without source code. They are as a matter of fact compiled .dlls that have no encrypted sources code inside, they can't be cracked - only reverse engineered at a tremendous time cost. All other methods are vulnerable to hooking and not as reliable.

damageboy
Posts: 70
Joined: 15 Sep 2006
Been thanked: 14 times

Postby damageboy » 22 Nov 2006

I think the question was misunderstood, therefore the answer is not relevant.

I *might* find myself in the future needing to install custom proprietary indicators in a 3rd party location (hedge fund).

Since I don't want the compromise my IP (Intellectual Property) I would like to find a way that ensure that the code (or the binary .dll for that matter) cannot be accessed while I'm not physically present in the location.
This is made possible by the fact that the computer I'll be using will remain turned off completely when I'm not there physically.

For this purpose, I want to make sure I'm using some sort on encryption software on the source + binary of my relevant indicator. Relying on someone's determination to reverse engineer my .DLLs is not a chance I'm willing to take.

A possible solution is to use HW encrypted disk drives (such as the Seagate 2.5" FDE drives).

Another, more flexible solution is to create a custom encrypted software drive, by using tools such as www.truecrypt.org, and moving the relevant files to that drive.

Both of these solutions are optimal as far as I'm concerned, since even if the physical hard-drive is physically removed (stolen) from the machine, the proprietary data will never be compromised, unless the pass-phrase is compromised (or someone can brute force a 4096 bit RSA key ;))

I'm not asking the MC team to actively support this solution, but I would like to receive a list of locations where my source code + binary files may reside during normal operation.
This includes temporary directories which PL Editor uses while compiling as well as database files where the .DLLs may be stored etc.
I would like this list to be kept as minimal as possible (i.e. no redundant files) so that' MC's performance is not impeded by my security needs.

I *could* reverse engineer this information by using 3rd party tools (like those from sysinternals), but I would rather it came straight from the horses mouth... :)

So, in summary, while I CAN MANAGE without official support or information, I think that posting this this information publicly, as well as a future guide written by me on how to accomplish this from an end user perspective could prove useful the MC community as a whole.

User avatar
Alex Kramer
Posts: 834
Joined: 23 Feb 2006

Postby Alex Kramer » 23 Nov 2006

Dear damageboy
We've considered various options and our suggestion is to encrypt the entire PLEditor folder using PGP or any other data security utility.

damageboy
Posts: 70
Joined: 15 Sep 2006
Been thanked: 14 times

Postby damageboy » 25 Nov 2006

OK Great,
Last question(s) about this subject though:

Are all of the temporary files located there?
i.e., unless I am not mistaken, g++ would use the %TEMP% of %TMP% Directory as well, would it not?

Are the output DLL files only stored in that directory?
no hidden copy in a database (*.gdb) file or something like that?

User avatar
Alex Kramer
Posts: 834
Joined: 23 Feb 2006

Postby Alex Kramer » 27 Nov 2006

The .dll is placed to make at once, the compilation proceeds without generating any symbol information


Return to “MultiCharts”