Parse-O-Matic: Scrambling Scripts

Overview

Scripts can be protected from alteration by “scrambling” them. In this form they cannot be viewed from within any Parse-O-Matic application, though they load and compile without any noticeable difference in speed, and they execute just as quickly as before.

A scrambled script can be loaded into a text editor, but it will look like random characters. Alteration of even one of the characters will typically result in a script that either does not compile, or does not function correctly. (Of course, if the altered character is in a comment it will have no effect on the script, since comments are not compiled.)

Why Scramble a Script?

The main reason to scramble a script is to prevent an end-user from altering it. Parse-O-Matic scripts are designed to be easily modified, but sometimes you want to be the only person who can do so.
If you are preparing a script for another department in your company, you can use scrambling to prevent alteration by well-meaning end-users who think that they can improve what you have created.
If you are preparing a script for a client in another company, you can use scrambling as a means of ensuring payment. For example:

TaskDone
If $Scrambled = 'Y' Stop 'This script is not yet registered'
End

This would cause the script to always end with an error message – at least, until it is unscrambled with the scrambling code, which you would give to the client upon receipt of payment. An alternative is to “brand” output with a reminder message. Yet another alternative is to have your script check the year (via the Now command) to decide whether or not to proceed beyond the TaskInit step.

Limitations

Scrambling is not designed to protect confidential data. The scrambling algorithm is sufficiently complex that most people will not be able to decode the file. However, one person is 10,000 certainly has the skills to do this. Such wizards can usually solve this kind of puzzle in under an hour.

Scrambling cannot prevent the duplication of the essential functions of a script. By deliberately introducing errors, the end-user could gradually gain knowledge of the contents of the script. This approach is, of course, quite labour-intensive; it would probably be easier to rewrite the script from scratch.

Only scripts can be protected by scrambling. Scrambling is not implemented for files accessed via the LookupFile or SetFromFile commands.

Scrambling a Script

To scramble a script, enter its complete name (including the extension) in the Script File input box. Then, while holding down the Ctrl key, use your mouse to click on the label to the left of the Script File input box (i.e. the words “Script File”). You will be prompted for the scrambling code, which must be at least 6 characters long, and is case sensitive.

After scrambling, a copy of the original, unscrambled script can be found in a file with the same root name, but with a .bak extension. Thus, if you scramble a script named ScrMyScript.txt the backup copy will be available in the ScrMyScript.bak file. If the end-user is using your machine, it may be appropriate to delete the .bak file.

Unscrambling a Script

To unscramble a script, enter its complete name (including the extension) in the Script File input box. Then, while holding down the Ctrl key, use your mouse to click on the label to the left of the Script File input box (i.e. the words “Script File”). You will be prompted for the scrambling code.

If the scrambling code is correct, the script is unscrambled. If you type the scrambling code incorrectly, you can try again – up to 50 times. If, after 50 attempts, you still have not entered the correct code, you must close down the program and start it up again.

Security Analysis

A relatively unsophisticated keyboard-and-mouse macro routine could try out about 150 scrambling codes per minute. Thus, if your scrambling code is 6 characters long and contains only lowercase letters, then the average time to obtain the scrambling code can be calculated as follows:

26 ^ 6 / 150 / 525600 / 2 = 1.96 years

That is to say:

NumberOfPossibleCharacters ^ CharactersInCode / CodesPerMinute / MinutesInAYear / 2

This assumes that the person knows the number of characters in the code and the number of possible characters that it uses. But even with these advantages this is not a feasible technique for obtaining the scrambling code.

There are, however, more sophisticated approaches. A highly skilled computer expert could probably obtain the scrambling code within an hour or so. Of course, somebody with that kind of ability would be able to write their own script with much less effort!

(This page is part of the online user manual for Parse-O-Matic. Parse-O-Matic is a programmable parsing tool that can extract, manipulate, convert or mine existing data sources and turn them into importable data. For more information on Parse-O-Matic products and conversion services, please visit www.ParseOMatic.com)