Hi, all.
I work with ISWI 2.03 on W2K
I created my Release as Uncompressed Network Image.
So user receives installation as ‘Disk1’ folder. There is myInstallation.msi file in this folder.
So user can open this file in the text editor like notepad.exe and see texts of all my VBScript based Custom Actions.
User can also open this msi in the MSI editor like Orca and edit it.
I think that such a way user can do reverse engineering of our product.
The question is – how can I perform msi file encryption or password protection?
How can I hide my VBScript texts?
Thank you in advance,
Regards,
This is a ready-only archive of the InstallSite Forum. You cannot post any new content here. / Dies ist ein Archiv des InstallSite Forums. Hier können keine neuen Beiträge veröffentlicht werden.
Protection or encryption of msi file
Started by
IgorS
, Jun 18 2002 12:06
1 reply to this topic
hteichert
-
- Members
- 158 posts
Posted 19 June 2002 - 09:07
There is no file encryption or password protection possible for the msi-file.
You could use a tool like PFTW to pack and password protect your full setup, but as soon as it is run, it's possible to get the decrypted install package from the temp-folder. Doesn't help very much.
If you want to protect your CAs (what they are doing) then you have to change your setup to use EXEs or DLLs instead of VBScript actions. Rewrite them in C (or C++), compile, link and use. In several cases there is even no other possibility, because a lot of things can't be done in VBScript.
But, I have another question to you:
Are your VBScript CAs so ingenious, that it's necessary to hide them? Normally it's not possible to reengineer the product, only it's installation. And that's one of the big advantages of the concept of windows installer: The admin has the possibility to change your setup to set some default values for example to allow a company customized installation.
You could use a tool like PFTW to pack and password protect your full setup, but as soon as it is run, it's possible to get the decrypted install package from the temp-folder. Doesn't help very much.
If you want to protect your CAs (what they are doing) then you have to change your setup to use EXEs or DLLs instead of VBScript actions. Rewrite them in C (or C++), compile, link and use. In several cases there is even no other possibility, because a lot of things can't be done in VBScript.
But, I have another question to you:
Are your VBScript CAs so ingenious, that it's necessary to hide them? Normally it's not possible to reengineer the product, only it's installation. And that's one of the big advantages of the concept of windows installer: The admin has the possibility to change your setup to set some default values for example to allow a company customized installation.
h.teichert-ott