Jump to content

I have taken the first step towards unofficially opening up the Project Provider Framework.


Sparkette

Recommended Posts

Hi flarn2006,

 

nice work, I take my hat off to you :worshippy: . I don't know how you did it, but it clearly shows us two things:

I personally never heared of the PPF before and certainly will investigate what its opportunities are.

 

Regards,

 

Sebastian

 

PS: Maybe you want to share how you found the algorithm? I would think if it was by some reverse-engineering neither our friends at NI nor the guys here at LAVA would appreciate it. I have a hard-copy anyways :P

Link to comment

I would think if it was by some reverse-engineering neither our friends at NI nor the guys here at LAVA would appreciate it. I have a hard-copy anyways :P

Flarn does tend to make being a moderator / admin interesting around here.  I'm not so sure there is a need for a hard-copy, I mean the description on how to do this is in everyone's RSS feed by now.  The step by step is so simple that the posted VI isn't even required.  

 

One thing I find interesting is that the signature has nothing to do with the actual code, just the names of the items in it like the VIs used.  So before this signature weakness was found, one could simply install a valid tool, then edit the VIs in it to get the functionality you want.  Or replace the existing VIs with your own without renaming and it would work.  If I were investigating how to do this type of thing that would be the first step I would take, so I'm sure others found a weakness in the signature process before.

Link to comment

Oh, I don't know. I think we appreciate it here but condemn most of these things because NI will do something about it now they know for sure it's been compromised :D

Well there's other, similar things they haven't done anything about.

Edited by flarn2006
Link to comment

Oh, you mean like XNodes? ;)

 

I think NI's options are quite limited given the fact that they certainly do not want to break existing plug-ins. The whole thing seems to be a forced QA to control how LabVIEW is modified. After all, people pay money for LabVIEW and expect it to behave well, while the PPF gives developers many ways to screw things up, resulting in support calls on the NI hotline.

 

One alternative for NI could be to establish something like a "approved by NI" logo. Everybody can create a working PPF plugin but to have it "approved by NI" it must be signed (as in signature, not in checksum).

Link to comment

I tried it on the file: GOOP_Library.ini and it didn't work.

[Provider]
SupportedType={ABC740D6-F254-4BBC-5675-8858F35B820E}
IsPrimary=0
ItemInterfaceVI=..\Open_GDS\GOOP_Library_Item_Interface.vi
LicenseName=None
InterfaceVersion=1.0
Signature=N2JJ9X329XL9TBJR7XT9J2XRXBW7XCSN

The Value string is:

{ABC740D6-F254-4BBC-5675-8858F35B820E}0..\Open_GDS\GOOP_Library_Item_Interface.viNone1.0

 

But the Signature became: KXCB229B7CKCK9BRC5BC5SR7CC3J259R

 

Link to comment

I tried it on the file: GOOP_Library.ini and it didn't work.

[Provider]
SupportedType={ABC740D6-F254-4BBC-5675-8858F35B820E}
IsPrimary=0
ItemInterfaceVI=..\Open_GDS\GOOP_Library_Item_Interface.vi
LicenseName=None
InterfaceVersion=1.0
Signature=N2JJ9X329XL9TBJR7XT9J2XRXBW7XCSN
The Value string is:

{ABC740D6-F254-4BBC-5675-8858F35B820E}0..\Open_GDS\GOOP_Library_Item_Interface.viNone1.0

But the Signature became: KXCB229B7CKCK9BRC5BC5SR7CC3J259R

Remember, only include strings, not numbers or Booleans. You put the 0 from IsActive in there, which is why the hash is different. I checked without that 0 in the string and the signature is correct.

EDIT: Wait, you're one of the developers of OpenGDS, so don't you already know how the signature is generated? Or does NI just give you a program that signs it for you?

Edited by flarn2006
Link to comment

 

PS: Maybe you want to share how you found the algorithm? I would think if it was by some reverse-engineering neither our friends at NI nor the guys here at LAVA would appreciate it. I have a hard-copy anyways :P

 

Never having tried to look at the Project Provider Framework at all I can't really say for sure, but I would assume that in order to verify that a PPF is valid this check is done on every load, so is in the provided PPF base framework. With flarn having admitted to have broken password protection before it seems not so hard to guess how it all went.

 

And yes, PPFs have the potential to wreck a LabVIEW installation completely and even worse modify code on the fly in a way that is very hard to detect. So this "signing" business is most likely much less about NI not wanting developers to be able to add plugins, but rather safeguarding those customers who have VERY stringent requirements about approved software running on their systems. They are out there and they have rules that even forbid to install OpenG VIs since they are not from an officially approved source.

  • Like 2
Link to comment

Okay I have a feature request.  Very often I'll setup a project with an EXE and installer with what I want.  Then after changing the software the only thing that the build specifications ever changes is the EXE version, and the installer version.  Wouldn't it be nice if you could right click your EXE, and choose instead of Properties which opens the whole window and takes a while to load, just pick "Change Version" and a separate window popus up allowing the version to be changed.  Then if you right click an installer and pick "Change Version" a similar window pops up, but this window shows the version of other EXE builds, and allows you to set the installer version, to the same version of the EXE.

 

I'm pretty sure this can be done in a Pre-Build VI but have never tried it.  2014 added new controls for setting build versions programatically.  Before then you could do it by setting tags and each version was slightly different.

Link to comment

Sorry, I wouldn't know where to begin with that. Maybe someone else can once we know more about the framework.

This PowerPoint presentation is pretty much the only official documentation about the API by the way, and I noticed something kind of weird with it. On slide 25, it shows an example INI file, and it mentions how a signature is required. The signature shown in the sample INI file is "J7W9927AAAAAA5TBNTSSTTKWR29CNT9X". The six A's in a row caught my eye, and then I realized that 'A' isn't even a valid character in a signature! The correct signature would be "J7W9927KW29BR5TBNTSSTTKWR29CNT9X". Strange.

Link to comment

Why should someone post a working ini file verbatim in a power presentation? The person creating this presentation remembered that PPFs are some restricted feature and simply changed a few characters.

Wouldn't be very useful without the VI's. But I guess there's always a chance that whoever changed it didn't know that.

Also, right now I'm working on a tool that automatically generates the interface VI's using scripting. That is, the VI's that output those huge clusters full of paths. I already finished all the scripting code (those diagrams can get quite complicated!) and now I'm going to create the actual interface for it.

EDIT: Finished; check the OP.

Edited by flarn2006
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.