Jump to content

VI passwords


Recommended Posts

Didn't we first find out about VI scripting through VI's that NI forgot to password-protect? When password-protected VI's are run, the computer surely accesses the block diagram at one point or another, so obviously it is possible to read the block diagram. LabVIEW just won't let us see it. Can anyone find any way to force it to show you? Perhaps by hex-editing the files or even using Cheat Engine or something?

Link to comment

QUOTE (flarn2006 @ Mar 20 2009, 06:32 PM)

Didn't we first find out about VI scripting through VI's that NI forgot to password-protect? When password-protected VI's are run, the computer surely accesses the block diagram at one point or another, so obviously it is possible to read the block diagram. LabVIEW just won't let us see it. Can anyone find any way to force it to show you? Perhaps by hex-editing the files or even using Cheat Engine or something?

Nope. When VIs are run, the assembly code that the compiler produced is executed. The block diagram never even gets loaded into memory. Heck, it isn't even saved as part of the VI when you build for the Run Time Engine.

Link to comment

LabVIEW can read the diagram of a password protected VI (e.g. it would recompile it if a typedef it calls was changed, etc.), but that doesn't mean that anyone knows how to work around that. Even if someone did, do you think they would just expose that knowledge on a public forum? I don't think that the majority of the LabVIEW community has the type of people which would take advantage of this. I think that people who stumbled onto something like this are more likely to quietly alert NI to the issue.

There were various conversations about this in the past, so you could try a search, but I wouldn't count on getting an actual answer.

Link to comment

QUOTE (flarn2006 @ Mar 20 2009, 05:32 PM)

Didn't we first find out about VI scripting through VI's that NI forgot to password-protect? When password-protected VI's are run, the computer surely accesses the block diagram at one point or another, so obviously it is possible to read the block diagram. LabVIEW just won't let us see it. Can anyone find any way to force it to show you? Perhaps by hex-editing the files or even using Cheat Engine or something?

Why exactly do you want to do this?

Link to comment

QUOTE (Val Brown @ Mar 21 2009, 03:40 PM)

Why exactly do you want to do this?

Two reasons:

  1. I am curious as to how some of the built-in password-protected VIs work (i.e. Picture to Pixmap)
  2. I may be able to find additional undocumented features.

Also, to respond to Yair's comment, maybe someone on the forum could find a method, advertise on the forum that they can do it, but not tell how for fear of NI finding it. They can't "fix" something if they don't know what it is, right?

Link to comment
QUOTE (flarn2006 @ Mar 21 2009, 02:29 PM)
Also, to respond to Yair's comment, maybe someone on the forum could find a method, advertise on the forum that they can do it, but not tell how for fear of NI finding it. They can't "fix" something if they don't know what it is, right?
Ah, but we can, and have, randomly changed things between versions, just on the off chance that something is working that shouldn't be. :-)

Link to comment

QUOTE (flarn2006 @ Mar 21 2009, 01:29 PM)

Two reasons:

  1. I am curious as to how some of the built-in password-protected VIs work (i.e. Picture to Pixmap)
  2. I may be able to find additional undocumented features.

Also, to respond to Yair's comment, maybe someone on the forum could find a method, advertise on the forum that they can do it, but not tell how for fear of NI finding it. They can't "fix" something if they don't know what it is, right?

In other words, you're wanting to hack their security and bypass it. I understand curiosity but, from where I sit, that's not just curiosity, it's tresspass.

Link to comment

QUOTE (Val Brown @ Mar 21 2009, 03:37 PM)

In other words, you're wanting to hack their security and bypass it. I understand curiosity but, from where I sit, that's not just curiosity, it's tresspass.
Ah, the ancient hacker ethos question. I have to admit ... threads like this leave me torn between

  1. cheering on clever applications of software and admiration for those who can make the trick work
  2. concern for the ethical problems that such hacks raise
  3. and dread of the bug report when someone does figure these doors out that mean those of us in R&D have to be even more clever next release.

Honestly, I think the best solution is to cleverly figure out the trick and tell no one *except* NI. Under those conditions, you can legitimately claim to be working to make LV better by exploring its weaknesses, and if you happen to learn how certain VIs work along the way -- such as picture to pixmap -- well, that's just a side-effect of your other efforts. Think of it as reward for research.

Of course, under such a model, anyone who did figure a trick out wouldn't post it to the forums. ;-)

Link to comment

QUOTE (Aristos Queue @ Mar 21 2009, 02:51 PM)

Ah, the ancient hacker ethos question. I have to admit ... threads like this leave me torn between

  1. cheering on clever applications of software and admiration for those who can make the trick work
  2. concern for the ethical problems that such hacks raise
  3. and dread of the bug report when someone does figure these doors out that mean those of us in R&D have to be even more clever next release.

Honestly, I think the best solution is to cleverly figure out the trick and tell no one *except* NI. Under those conditions, you can legitimately claim to be working to make LV better by exploring its weaknesses, and if you happen to learn how certain VIs work along the way -- such as picture to pixmap -- well, that's just a side-effect of your other efforts. Think of it as reward for research.

Of course, under such a model, anyone who did figure a trick out wouldn't post it to the forums. ;-)

I agree with everything you're saying here it's just that now, having been on both sides of that kind of fence and with MANY years under my belt, I guess I feel like I need to be a bit of an "old guy" saying be mindful of the realistic limits and reasons for those attempts at protection of the hard work and property of others. And of course it's cool to figure out... :shifty:

Link to comment

QUOTE (flarn2006 @ Mar 20 2009, 07:32 PM)

Didn't we first find out about VI scripting through VI's that NI forgot to password-protect? When password-protected VI's are run, the computer surely accesses the block diagram at one point or another, so obviously it is possible to read the block diagram. LabVIEW just won't let us see it. Can anyone find any way to force it to show you? Perhaps by hex-editing the files or even using Cheat Engine or something?

The answer is quite simple. If you would have the source code of LabVIEW you could! You could then easily build a "cheat engine" as you call it from that source code where the password check is disabled.

However the password protection itself of LabVIEW files is fairly sound. There is encryption of parts of the (undocumented) binary file structure to create a hash key. And recent versions create multiple such hash keys over various parts and that spans even the plain text readable new style XML LabVIEW files. In addition a VI knows about the password protection of the owning library and vice versa and the same with classes. While patching an older LabVIEW executable was probably an option for a good hacker I have serious doubts that this is still possible within a reasonable amount of time. And it is the worst way as every single patch release of LabVIEW is nullifing that.

Hint to NI: that would be one more reason to actually release intermediate patch fixes! :rolleyes: Makes almost every user happy and makes the life for those trying to go around the password protection a little more difficult. In the past few versions patch fix releases were never really announced properly but only in according discussion threads. I would find it useful to consider a somewhat more proactive patch fix release announcement.

Rolf Kalbermatter

Link to comment

QUOTE (Yair @ Mar 23 2009, 03:09 PM)

BTW, flarn, are you really 16 years old? What's your involvement with LabVIEW?

Totally thinking the same thing but didn't want to reply to a legitimate question with just that.

At work here we had a new hire who was born in 1990. Don't get me wrong I'm not much older than him but that still seemed weird to me.

Link to comment

QUOTE (hooovahh @ Mar 23 2009, 11:03 PM)

At work here we had a new hire who was born in 1990.

Yeah, but most 16 year olds are still in high school.

I'm just wondering about his involvement. We work with a local school where we do let some of the high schoolers use proper LabVIEW (as opposed to Mindstorms which the younger kids use), but I don't think any of them is really interested in it.

Link to comment

QUOTE (Yair @ Mar 24 2009, 01:55 PM)

Yeah, but most 16 year olds are still in high school.

I'm just wondering about his involvement. We work with a local school where we do let some of the high schoolers use proper LabVIEW (as opposed to Mindstorms which the younger kids use), but I don't think any of them is really interested in it.

I hadn't noticed at first but if you go to his blog he has linked to, you can find some info about things he did. Seems he likes to tinker with computers and some of what is written there certainly is on the border of legality. Might be using dads LabVIEW copy or whatever and taking his last few inquiries together he might be just looking for things to crack, probably more to boost about than anything else.

Rolf Kalbermatter

Link to comment
  • 2 weeks later...

QUOTE (Val Brown @ Mar 21 2009, 05:37 PM)

In other words, you're wanting to hack their security and bypass it. I understand curiosity but, from where I sit, that's not just curiosity, it's tresspass.

How would it be trespassing if it's my own computer?

Link to comment

QUOTE (normandinf @ Apr 6 2009, 12:38 PM)

Read the license. Stricly speaking, it's trespass.

Not that it would necessarily be a reason to stop trying, but...

Yes, precisely so even though some (here) might not LIKE it, that's how it is legally. And, FWIW, it's the same situation with Microsoft and Windows, etc and, if I'm not mistaken, almost every distributed, commercial OS out there. Just look at the EULA that, of course, no one seems to ever really read...

Link to comment

QUOTE (Yair @ Mar 24 2009, 12:55 PM)

Yeah, but most 16 year olds are still in high school.

I'm just wondering about his involvement. We work with a local school where we do let some of the high schoolers use proper LabVIEW (as opposed to Mindstorms which the younger kids use), but I don't think any of them is really interested in it.

By high school, I was programming around 2 to 3 hours every day on my own, and let me tell you, if I'd had a copy of LV, it probably would've been dissected like just about every other piece of software that passed through my hands in those days. And I could point to a number of my friends who would've been right there with me. I find it totally plausible that flarn is 16, which is why as much as I'm willing to answer his questions, I'm also raising questions for him about the whys and wherefores of doing it -- there's a lot more illegal aspects to reverse engineering these days than there were 15 years ago.
Link to comment

QUOTE (Aristos Queue @ Apr 7 2009, 12:48 AM)

By high school, I was programming around 2 to 3 hours every day on my own, and let me tell you, if I'd had a copy of LV, it probably would've been dissected like just about every other piece of software that passed through my hands in those days. And I could point to a number of my friends who would've been right there with me. I find it totally plausible that flarn is 16, which is why as much as I'm willing to answer his questions, I'm also raising questions for him about the whys and wherefores of doing it -- there's a lot more illegal aspects to reverse engineering these days than there were 15 years ago.

Very right here. Sometimes I wonder if starting up my PC might not already be some violation of some license agreement I somehow, sometime clicked away without really bothering to read it :P . Not that this would bother me to much as I have good hope that such a license agreement would not be enforceable in any way, but still.

While I also loved to know how software worked back then I usually only went as far as getting things apart to the point where I could see how I could go around whatever protection there was. At that point the attraction somehow went away to go further but I had some friends that for sure did it for the hack itself and wouldn't be satisfied before they could distribute a tape (C64 :rolleyes: ) with the cracked software and at least a screen hacked into the game somewhere with their alias in it.

My brother and me instead took older C64 apart and rebuild them to control the light show in a disco club. You could say the first attempts at embedded development and it was cheap too, if you didn't account for the hours :D , which at that time wasn't a fully paid job anyhow.

Rolf Kalbermatter

Link to comment

QUOTE (rolfk @ Apr 7 2009, 02:17 AM)

My brother and me instead took older C64 apart and rebuild them to control the light show in a disco club. You could say the first attempts at embedded development and it was cheap too, if you didn't account for the hours :D , which at that time wasn't a fully paid job anyhow.

I did similar, but with a C128 - an extra 64 bytes of pure power!

c128.jpg

Link to comment

Just to chime in I can understand the curiosity of someone who is learning and wanting to know how things work. However it is important to stress that if one makes a habit of this and uses it frequently it could hurt in the long run. Many businesses today are very concerned with maintaining a legal operation. It only takes one disgruntled employee to report a business which can result in an investigation of the company and possibly some very large fines. The last thing you want to do for your career is be the person who put a company into this kind of a position.

Link to comment

QUOTE (Mark Yedinak @ Apr 7 2009, 09:22 AM)

Just to chime in I can understand the curiosity of someone who is learning and wanting to know how things work. However it is important to stress that if one makes a habit of this and uses it frequently it could hurt in the long run. Many businesses today are very concerned with maintaining a legal operation. It only takes one disgruntled employee to report a business which can result in an investigation of the company and possibly some very large fines. The last thing you want to do for your career is be the person who put a company into this kind of a position.

Yes, many of us have our own hacker history. For me it involved PDP-11, IBM 360 and a lot of early TTY-networks. It's one of the many reasons that I really no longer like working directly with devices, networks and esp not serial com. I certainly applaud and support ingenuity and curiosity but respect for legal limits is also of fundamental importance.

Link to comment

QUOTE (Aristos Queue @ Mar 21 2009, 11:04 PM)

Ah, but we can, and have, randomly changed things between versions, just on the off chance that something is working that shouldn't be. :-)

I haven't checked since 8.5.1, but I hope NI is abandoning the current PW scheme, since it's fairly shot through with the newly exposed MD5 vulnerabilities.

Cheers,

Steen

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.