Jump to content

Security of VI passwords

Ton Plomp

By Ton Plomp
in LabVIEW General

Recommended Posts

lordexod Newbie

lordexod

Posted
Posted

you would inform the manufacturer of the software and hope they fix it - In this forum, in the NI group, is 287 people, and none of this group is not interested this topic. So they are not interested in security NI software.

  • Replies 74
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Aristos Queue
Aristos Queue

Yep. The password can't encrypt the diagram. The whole point is that the diagram is still readable so that it can be recompiled. If you want security, you have to save your VIs without diagrams and gi

Roy F
Roy F

We've posted a Knowledge Base (KB) article on this subject; Security of LabVIEW VI Password Protection vs. Removing VI Block Diagrams, which explains, in some detail, why the VI password protection fe

ShaunR
ShaunR

The byte sequence will change every re-compile-so it is unlikely to persist exactly as in that post across versions or even the same versions with different bitness. But at some point you have to say

Posted Images

Rolf Kalbermatter Experienced

Rolf Kalbermatter

Posted
Posted

you would inform the manufacturer of the software and hope they fix it - In this forum, in the NI group, is 287 people, and none of this group is not interested this topic. So they are not interested in security NI software.

It has been well known in this group as well as on the NI groups, that the VI password is not meant to protect your multibillion dollar IP from preying eyes. For several years already. It's been like that for quite a while and there is fundamentally no way to make it really significantly more secure. Security in this sense is anyhow not the right term. It's not about security at all but at most about hiding. So don't bring up the topic of security in this respect as it is only misleading noobs into believing that there has to be a way to secure their code from viewing by others. There simply isn't! It's at most a complication but can never be security.

And reality is that looking at password protected VIs can give you a great feeling about your satisfied curiosity but it can not give you real advantage in knowledge, because anything of what you learn can and often gets changed between LabVIEW versions. So building your skills through that is a very short lived success, with potentially huge liabilities later on. Especially if you boast about it, as that might be the extra drop in the water that causes someone at NI too look at it and find that this is a feature that has lived for too long already in the dark and is not worthwhile to spend more time on, so it gets axed completely. So your boasting only makes the potential benefit from being in the know even less beneficial for the long term. :P

Just wondering where you want to get those 1000 VIs. - Very easy to guess.

There are hardly 10000ds of password protected VIs in the whole world, so it is quite meaningless if one tool can remove the password from 100 VIs per minute and some other one can do 1000. Finding those 10000 VIs will cost you a multiple of that time in the first place already.

ShaunR Experienced

ShaunR

Posted
Posted

Thanks a lot :thumbup1:. And if anyone wonders, yes I fixed it as I prefer to fix grammatical errors whenever I can.

I'm a native English speaker and I couldn't give a monkey's about grammar on a forum ...lol

Your Dutch must be ultra juiste :D

Rolf Kalbermatter Experienced

Rolf Kalbermatter

Posted
Posted

I'm a native English speaker and I couldn't give a monkey's about grammar on a forum ...lol

Your Dutch must be ultra juiste :D

Well my Dutch is worse :rolleyes:. I'm from origin Swiss, with Swiss German, then had to learn French, of which I remember very little, then ventured into English and finally Dutch. So while I'm still fairly good in German, a bit less in English and Dutch, the mix of all these three hasn't helped the grammatical correctness of any of them. ;)

ShaunR Experienced

ShaunR

Posted
Posted

Well my Dutch is worse :rolleyes:. I'm from origin Swiss, with Swiss German, then had to learn French, of which I remember very little, then ventured into English and finally Dutch. So while I'm still fairly good in German, a bit less in English and Dutch, the mix of all these three hasn't helped the grammatical correctness of any of them. ;)

Well. I can only speak two and write one so I try and convince people that I can write several by including programming languages to make me feel better :)

And all toolkits and modules.

Which you paid the licenses for, right?

Darin Newbie

Darin

Posted
Posted

Maybe because I'm looking for work. A current skills are important.

I would suggest that your posts here demonstrate more about your character than your LV skills. I am sure a lot of employers would love to hire someone who not only explicitly violates their EULA, but is sure to broadcast that fact to others as well. Figuring it out yourself may have had some redeeming quality, but you simply borrowed someone else's tool to do the work. As to learning anything useful digging through locked vi.lib VIs, my sense is that NI has a lot more to learn from us than we do from them.

By all means poke around under the hood, we all enjoy it. Just don't think that boasting about it around here is going to impress anyone and enhance your job opportunities.

Sparkette Contributor

Sparkette

Posted
Posted (edited)

Maybe he's talking about employment by companies other than NI. While NI most likely wouldn't hire someone who breaks their EULA, other companies (especially competitors) would likely have no reason to care.

EDIT: My 69th post. :P

Edited by flarn2006
lordexod Newbie

lordexod

Posted
Posted

my sense is that NI has a lot more to learn from us than we do from them. - You right.

Maximum 5% of the code created by real professional developers.

I wonder how many people designed the LV FPGA, because such a "junk" a long time not seen.

Rolf Kalbermatter Experienced

Rolf Kalbermatter

Posted
Posted

Maybe he's talking about employment by companies other than NI. While NI most likely wouldn't hire someone who breaks their EULA, other companies (especially competitors) would likely have no reason to care.

EDIT: My 69th post. :P

A competitor doesn't need someone like this on board either. Such a person is just as likely to hack their tools, leave after some time in disgruntlement because of one or the other disagreement and put everything up on internet to show them who is the real king.

Besides, this poking under the hood is not something their already hired developers couldn't do, especially when all the info is posted so nicely. It's also not something you need a particular CS degree for. Any inclined hack kiddie can do it, if he has access to LabVIEW.

Last but not least, no competitor is really interested about the rusty nails in LabVIEW's attic, they rather would want the construction plans of the whole thing. Even if they had, they would need to be very careful, or they are faster out of business because of legal action than they can create a product from it to start cashing in.

And if you can't cash in on something it is worthless for every economical thinking entity, which everyone wanting to stay in business has to be.

Personally I would be impressed by someone showing that he can pull off an Open Source project. It doesn't have to be a LabVIEW clone :lol:

Rolf Kalbermatter Experienced

Rolf Kalbermatter

Posted
Posted

Maybe something like that: https://decibel.ni.c.../docs/DOC-15582

Not exactly like that. Web UI Builder is a project NI already has put up, and your posting is either more or less copying that or building on top of the NI Framework. I'm not sure.

One of the biggest drawbacks of Web UI Builder is that it is based on Silverlight. While this is ok if you don't mind locking out more than 50% of potential computer and tablet users, it's a to big limitation in my eyes. I think that initiatives like WebSocket are more interesting in that respect, eventhough they have their problems too.

Also I said Open Source, not crippleware.

lordexod Newbie

lordexod

Posted
Posted

Also I said Open Source, not crippleware.

But seriously, I do not know.

My interest are FPGA chips. Maybe I'll do something in this direction.

ShaunR Experienced

ShaunR

Posted
Posted

I think that initiatives like WebSocket are more interesting in that respect, eventhough they have their problems too.

Care to expand?

ShaunR Experienced

ShaunR

Posted
Posted

Version difference, varying support by various browsers?

Quite minor now. The versions can be automatically detected (there are only two base variants) and only IE is the difficult one since it must use Silverlight (although the main difficulty is with Javascript detection of the sockets rather than LabVIEW).

crelf Apprentice

crelf

Posted
Posted

Take is easy people - turn down the flaming please. If you have an issue with another user's tone, it's against forum rules to comment about it in threads: report it to a moderator instead.

Aristos Queue Contributor

Aristos Queue

Posted
Posted

I think the WebSockets is going to be the thing to use in a couple years. As for Web UI Builder using SilverLight, you gotta remember, when we started creating that, HTML5 not only wasn't a standard, it looked like it would never *be* a standard. SilverLight was the only game in town for cross-browser multimedia of any scale (Flash just didn't scale up enough when we tested it). We got caught on the cusp of a change of tech... and will now have to spend some effort retooling.

ShaunR Experienced

ShaunR

Posted
Posted

I think the WebSockets is going to be the thing to use in a couple years. As for Web UI Builder using SilverLight, you gotta remember, when we started creating that, HTML5 not only wasn't a standard, it looked like it would never *be* a standard. SilverLight was the only game in town for cross-browser multimedia of any scale (Flash just didn't scale up enough when we tested it). We got caught on the cusp of a change of tech... and will now have to spend some effort retooling.

More like a couple of months. IE10 has support in-built and that was the only outstanding problem (as it is always with IE).

  • 10 months later...
  • 1 month later...
infinitenothing Enthusiast

infinitenothing

Posted
Posted
Unless you enable debugging!

 

Ton

Of course at that point, there's no need to maintain the feature where newer versions can recompile older versions. It's all compiled for good now so there's no need to leave any part decrypted. Surely the RTEs don't have this security hole right ;).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept