Tutorial: Unpacking ipk files to further your knowledge

pointgod36 · 07/09/2009, 10:32 AM

Most of us learn by watching, reading, or rehearsing. For this reason I've chose to share the method on how to view someones already packaged application code. (I know that some of you already know this, but this thread is for the people who don't

)

1) First download and install7-Zip.
This can be found here: Download Windows version

2) Right click on ipk file and select 7-Zip>Extract Files and then proceed to extract files.

3) The application will be found in \data\usr\palm\applications

4) Have fun learning from other peoples code!

Please remember... Do NOT Plagiarize a fellow developers work. This tutorial was meant to be informational not a tool to rip off others hard works and efforts!

Blubble · 07/09/2009, 11:24 AM

I absolutely HATE this about the Pre's development model. As a developer it sucks to know that anyone can just open your code and steal it if they want to. I am looking into ways to obfuscate my code. It won't be foolproof, but will keep most wandering eyes confused.

These javascript apps are fine for some stuff, but it sure would be nice to use a compilable app development model. Not only for protection of code, but for performance and the ability to do some things that are simply not possible with js.

mosdl · 07/09/2009, 11:35 AM

Quote:

Originally Posted by Blubble

I absolutely HATE this about the Pre's development model. As a developer it sucks to know that anyone can just open your code and steal it if they want to. I am looking into ways to obfuscate my code. It won't be foolproof, but will keep most wandering eyes confused.

These javascript apps are fine for some stuff, but it sure would be nice to use a compilable app development model. Not only for protection of code, but for performance and the ability to do some things that are simply not possible with js.

There are js obfuscators out there. I prefer the Dojo Toolkit java-based one - ShrinkSafe | The Dojo Toolkit

Remember - even compiled code can be decompiled

Blubble · 07/09/2009, 11:42 AM

I have been looking into a few. Have you tried ShrinkSafe with Mojo apps? Obfuscating a few lines of JS in a single page or js file is easy. I am using a lot of complex custom classes, so I'll need to see how well it all works together for an entire app.

mosdl · 07/09/2009, 01:37 PM

Quote:

Originally Posted by Blubble

I have been looking into a few. Have you tried ShrinkSafe with Mojo apps? Obfuscating a few lines of JS in a single page or js file is easy. I am using a lot of complex custom classes, so I'll need to see how well it all works together for an entire app.

You can point shrinksafe at multiple files. It should work on mojo

ydaraishy · 07/09/2009, 05:22 PM

Any determined developer can "steal" your code whether it's JS or Perl or C or whatever. You have legal recourse if someone does try and steal your code.

People make this out to be such a big deal, and it's not -- or is it just that I don't really have objections to open source software?

Blubble · 07/09/2009, 06:13 PM

That's your option. I am glad to help others out, but I personally like to get paid fairly for my work.

I know that any piece of code can be decompiled, cracked or otherwise stolen, but there is no reason to make it easier than necessary. A little obfuscation can make it a headache for most people to steal code.

rposa · 07/09/2009, 06:59 PM

Interesting, Blubble, that you would hang out in a forum, benefiting from knowledge that others are offering for free, but wanting to obfuscate your own code so nobody could learn from you.

Now, I'm not here to start a flame war, but if you have code that is "that" specific to what you do / need / whatever, then if another app came along that had copies of your code, then you could shut it down with a DMCA notice.

If your code is obfuscated, and an app comes out, the de-obfuscation will be different enough to come up with a "two people came up with the same style of code" type of a thing, especially since the variables would suffer the most.

Now, I'm all for someone being compensated for their hard work, so don't misunderstand me. Make an app, charge for it - etc.

Blubble · 07:57 PM

You're just being argumentative. I participate in this forum both by helping others and by learning from them. Anytime I see someone asking a question to which I know the answer, I am more than happy to help without expecting anything in return. I have helped a lot of members around here and will continue to do so.

My desire to protect a product I create from theft and plagiarism does not in any way conflict with the spirit of this forum. You often see professional developers participate in open forums. However, this doesn't mean that they are expected to freely share code for the software they create.

Palm seems to understand the importance of protecting developer code. They have announced to the early access program that they are developing a method for protecting application code and data. In the meantime, developers are free to obfuscate their code before submitting apps to the catalog. I agree that it is not a perfect method, but it is the only option for the moment.

ydaraishy · 07/09/2009, 08:29 PM

Blubble: the issue is that your protection is through legal means, not technical ones -- this has always been the case.

ualdayan · 07/09/2009, 08:29 PM

Quote:

Originally Posted by mosdl

There are js obfuscators out there. I prefer the Dojo Toolkit java-based one - ShrinkSafe | The Dojo Toolkit

Remember - even compiled code can be decompiled

That obfuscator looks pretty good. Major plus in its favor is that it's open source and free too.

ydaraishy · 07/09/2009, 10:34 PM

Quote:

Originally Posted by mosdl

There are js obfuscators out there. I prefer the Dojo Toolkit java-based one - ShrinkSafe | The Dojo Toolkit

Remember - even compiled code can be decompiled

That's a compressor, not an obfuscator. Even the link says:

Quote:

There are many "obfuscators" available in addition to size reduction tools. Over the years, many people have attempted to "encrypt" or otherwise obfuscate JavaScript sent over the wire to browsers, and it never pans out. Why not? For starters, JavaScript (as implemented in browsers) is completely interpreted. This means that any further compilation beyond source transformations will not work everywhere, and the tool provides a "decryption" tool along with the "encrypted" or obfuscated source, the unencrypted version will be available at runtime for anyone with a debugger to see. For those tools that just transform source code by mangling variable names, it's even easier to revert their changes. Therefore, obfuscation and encryption aren't useful goals. Size reduction, on the other hand, is a useful goal.

johncc · 07/09/2009, 10:34 PM

Quote:

Originally Posted by ualdayan

That obfuscator looks pretty good. Major plus in its favor is that it's open source and free too.

Now that IS ironic.

cube660 · 07/10/2009, 09:54 PM

First let me say this,

Anyone who truly knows Javascript programming and how it's interpreted by browsers, should know that it is IMPOSSIBLE to protect the source code. PERIOD!

Secondly, anyone one who took the opportunity to download the SDK, truly shouldn't be whining about their code being stolen. As you are holding and using an unauthorized piece of software.

Thirdly, it's usually the case that the one who screams thief the loudest is the one who is most guilty. I will ask anyone you here, who thinks they're righteous, all of a sudden.... Did you pay for that copy of Dreamweaver you are using?...hmm

If the APP you developed is good enough, it WILL sell. Obfuscation or not. If it's the first of it's kind, then it will most likely sell more than the copy cats, so long as it is better and remains better. Apple's business model has already proven this. Also, The average person, which makes up 99% of palms users don't give a rats *** about your javascript, nor would they understand it, if it hit them over the head, they just want GOOD apps. The other 1%, whom are on this and every other forum are hackers.

Lastly, trust me when I tell you this, regardless of what concept you THINK you have invented in your javascript coding, it has already been implemented before you. Just google and you will see it!

Regards

Jason Robitaille · 07/10/2009, 11:04 PM

I not coming out in favour of open source or obfuscation, but doesn't compression, especially for larger javascript files, reduce memory size and slightly increase performance?

RoyS · 07/10/2009, 11:40 PM

I have to agree with Blubble here. Not everyone is a hobbyist. Corporations may be looking to the Pre as a platform for publishing. They may have code that is a trade secret or is encumbered by licensing from third parties and without tools to protect those implementations they may pass it up. I don't see this as a serious issue for 95% of the apps people will produce but that doesn't mean that the other 5% of apps should be ignored.

Blubble · 12:00 AM

Watch the insults. You don't know **** about me. Did you sign up just to talk smack?

First, I fully understand and have stated that obfuscation for javascript is hardly a foolproof method. However, it will at least make it a pain for most to decipher a developer's code. I am not suggesting that I invented anything new, but I certainly have the right to help protect the product of my work from the less scrupulous.

I am actually part of the Palm early access program and have their full official SDK. I can now talk about my involvement because they changed the rules to allow it. Several people have asked me to leak documentation, but I respect my agreement with Palm and consequently won't do so.

I am no thief. I won't even pirate a song, much less expensive software. I can afford to pay for everything I use and do so. Besides, I don't use Dreamweaver. That wysiwyg garbage is for designers or people that don't know how to code.

Contribute something meaningful to this community instead of coming on here to bother people with your drivel. It's a shame that people can't accept differing opinions without resorting to personal attacks. It's pathetic, but not surprising.

gigaorg · 07/11/2009, 12:11 AM

I can see both sides here. Didn't the web take off due to the "open" nature of HTML and JS? Sites got better and better as people learned off what worked elsewhere. It's with it. That said, if a developer spends months putting something together, he/she should expect that the idea is not stolen. Sounds like Palm is wokring on something to protect developers...let's just make sure that techniques are shared in order to accelerate future app functionality. Just my 2 cents.

Blubble · 07/11/2009, 12:16 AM

Don't get me wrong. I am all for sharing knowledge. You can see from many of my posts that I am quick to help anyone when I am able.

I can also accept the point of view of others although I may disagree. There is room for disagreement, but simply no call for personal attacks.

gigaorg · 07/11/2009, 12:19 AM

BTW Bluble...can you talk about what you are building? We could use some "future app" buzz given the current catalog.

07/09/2009, 10:32 AM	#1 (permalink)
pointgod36 Member Join Date: Jun 2009 Posts: 11 Likes Received: 0 Thanks: 0 Thanked 5 Times in 1 Post	Tutorial: Unpacking ipk files to further your knowledge Most of us learn by watching, reading, or rehearsing. For this reason I've chose to share the method on how to view someones already packaged application code. (I know that some of you already know this, but this thread is for the people who don't ) 1) First download and install7-Zip. This can be found here: Download Windows version 2) Right click on ipk file and select 7-Zip>Extract Files and then proceed to extract files. 3) The application will be found in \data\usr\palm\applications 4) Have fun learning from other peoples code! Please remember... Do NOT Plagiarize a fellow developers work. This tutorial was meant to be informational not a tool to rip off others hard works and efforts!
	Liked by Thanked by Arcticus, elchileno, gregstoll, palmdoc2005, rub2008

07/09/2009, 11:24 AM	#2 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	I absolutely HATE this about the Pre's development model. As a developer it sucks to know that anyone can just open your code and steal it if they want to. I am looking into ways to obfuscate my code. It won't be foolproof, but will keep most wandering eyes confused. These javascript apps are fine for some stuff, but it sure would be nice to use a compilable app development model. Not only for protection of code, but for performance and the ability to do some things that are simply not possible with js.
	Liked by

07/09/2009, 11:42 AM	#4 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	I have been looking into a few. Have you tried ShrinkSafe with Mojo apps? Obfuscating a few lines of JS in a single page or js file is easy. I am using a lot of complex custom classes, so I'll need to see how well it all works together for an entire app.
	Liked by

07/09/2009, 05:22 PM	#6 (permalink)
ydaraishy Member Join Date: Jun 2009 Posts: 44 Likes Received: 0 Thanks: 0 Thanked 4 Times in 3 Posts	Any determined developer can "steal" your code whether it's JS or Perl or C or whatever. You have legal recourse if someone does try and steal your code. People make this out to be such a big deal, and it's not -- or is it just that I don't really have objections to open source software?
	Liked by

07/09/2009, 06:13 PM	#7 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	That's your option. I am glad to help others out, but I personally like to get paid fairly for my work. I know that any piece of code can be decompiled, cracked or otherwise stolen, but there is no reason to make it easier than necessary. A little obfuscation can make it a headache for most people to steal code.
	Liked by Thanked By: Jason Robitaille

07/09/2009, 06:59 PM	#8 (permalink)
rposa Member Join Date: Mar 2009 Posts: 266 Likes Received: 0 Thanks: 15 Thanked 26 Times in 19 Posts	Interesting, Blubble, that you would hang out in a forum, benefiting from knowledge that others are offering for free, but wanting to obfuscate your own code so nobody could learn from you. Now, I'm not here to start a flame war, but if you have code that is "that" specific to what you do / need / whatever, then if another app came along that had copies of your code, then you could shut it down with a DMCA notice. If your code is obfuscated, and an app comes out, the de-obfuscation will be different enough to come up with a "two people came up with the same style of code" type of a thing, especially since the variables would suffer the most. Now, I'm all for someone being compensated for their hard work, so don't misunderstand me. Make an app, charge for it - etc.
	Liked by

07/09/2009, 07:52 PM	#9 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	You're just being argumentative. I participate in this forum both by helping others and by learning from them. Anytime I see someone asking a question to which I know the answer, I am more than happy to help without expecting anything in return. I have helped a lot of members around here and will continue to do so. My desire to protect a product I create from theft and plagiarism does not in any way conflict with the spirit of this forum. You often see professional developers participate in open forums. However, this doesn't mean that they are expected to freely share code for the software they create. Palm seems to understand the importance of protecting developer code. They have announced to the early access program that they are developing a method for protecting application code and data. In the meantime, developers are free to obfuscate their code before submitting apps to the catalog. I agree that it is not a perfect method, but it is the only option for the moment. Last edited by Blubble; 07/09/2009 at 07:57 PM.
	Liked by

07/09/2009, 08:29 PM	#10 (permalink)
ydaraishy Member Join Date: Jun 2009 Posts: 44 Likes Received: 0 Thanks: 0 Thanked 4 Times in 3 Posts	Blubble: the issue is that your protection is through legal means, not technical ones -- this has always been the case.
	Liked by

07/10/2009, 09:54 PM	#14 (permalink)
cube660 Member Join Date: Jul 2009 Posts: 58 Likes Received: 0 Thanks: 8 Thanked 14 Times in 10 Posts	Why the hypocrisy? First let me say this, Anyone who truly knows Javascript programming and how it's interpreted by browsers, should know that it is IMPOSSIBLE to protect the source code. PERIOD! Secondly, anyone one who took the opportunity to download the SDK, truly shouldn't be whining about their code being stolen. As you are holding and using an unauthorized piece of software. Thirdly, it's usually the case that the one who screams thief the loudest is the one who is most guilty. I will ask anyone you here, who thinks they're righteous, all of a sudden.... Did you pay for that copy of Dreamweaver you are using?...hmm If the APP you developed is good enough, it WILL sell. Obfuscation or not. If it's the first of it's kind, then it will most likely sell more than the copy cats, so long as it is better and remains better. Apple's business model has already proven this. Also, The average person, which makes up 99% of palms users don't give a rats *** about your javascript, nor would they understand it, if it hit them over the head, they just want GOOD apps. The other 1%, whom are on this and every other forum are hackers. Lastly, trust me when I tell you this, regardless of what concept you THINK you have invented in your javascript coding, it has already been implemented before you. Just google and you will see it! Regards
	Liked by Thanked by gigaorg, NurseNTexas

07/10/2009, 11:04 PM	#15 (permalink)
Jason Robitaille Legend Join Date: May 2005 Location: Winnipeg, MB, Canada Posts: 3,883 Likes Received: 496 Thanks: 801 Thanked 12,956 Times in 1,495 Posts	I not coming out in favour of open source or obfuscation, but doesn't compression, especially for larger javascript files, reduce memory size and slightly increase performance?
	Liked by

07/10/2009, 11:40 PM	#16 (permalink)
RoyS Member Join Date: Jun 2009 Location: www.pre101.com Posts: 48 Likes Received: 0 Thanks: 13 Thanked 8 Times in 5 Posts	I have to agree with Blubble here. Not everyone is a hobbyist. Corporations may be looking to the Pre as a platform for publishing. They may have code that is a trade secret or is encumbered by licensing from third parties and without tools to protect those implementations they may pass it up. I don't see this as a serious issue for 95% of the apps people will produce but that doesn't mean that the other 5% of apps should be ignored. __________________ Pre101 - Tips and tricks for using your Palm Pre
	Liked by

07/10/2009, 11:54 PM	#17 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	Watch the insults. You don't know **** about me. Did you sign up just to talk smack? First, I fully understand and have stated that obfuscation for javascript is hardly a foolproof method. However, it will at least make it a pain for most to decipher a developer's code. I am not suggesting that I invented anything new, but I certainly have the right to help protect the product of my work from the less scrupulous. I am actually part of the Palm early access program and have their full official SDK. I can now talk about my involvement because they changed the rules to allow it. Several people have asked me to leak documentation, but I respect my agreement with Palm and consequently won't do so. I am no thief. I won't even pirate a song, much less expensive software. I can afford to pay for everything I use and do so. Besides, I don't use Dreamweaver. That wysiwyg garbage is for designers or people that don't know how to code. Contribute something meaningful to this community instead of coming on here to bother people with your drivel. It's a shame that people can't accept differing opinions without resorting to personal attacks. It's pathetic, but not surprising. Last edited by Blubble; 07/11/2009 at 12:00 AM.
	Liked by Thanked by Jason Robitaille, JoshC72

07/11/2009, 12:11 AM	#18 (permalink)
gigaorg Member Join Date: Feb 2008 Posts: 136 Likes Received: 0 Thanks: 21 Thanked 16 Times in 14 Posts	I can see both sides here. Didn't the web take off due to the "open" nature of HTML and JS? Sites got better and better as people learned off what worked elsewhere. It's with it. That said, if a developer spends months putting something together, he/she should expect that the idea is not stolen. Sounds like Palm is wokring on something to protect developers...let's just make sure that techniques are shared in order to accelerate future app functionality. Just my 2 cents.
	Liked by

07/11/2009, 12:16 AM	#19 (permalink)
Blubble Member Join Date: Jun 2009 Location: Silicon Valley, California Posts: 1,025 Likes Received: 0 Thanks: 37 Thanked 444 Times in 161 Posts	Don't get me wrong. I am all for sharing knowledge. You can see from many of my posts that I am quick to help anyone when I am able. I can also accept the point of view of others although I may disagree. There is room for disagreement, but simply no call for personal attacks.
	Liked by

07/11/2009, 12:19 AM	#20 (permalink)
gigaorg Member Join Date: Feb 2008 Posts: 136 Likes Received: 0 Thanks: 21 Thanked 16 Times in 14 Posts	BTW Bluble...can you talk about what you are building? We could use some "future app" buzz given the current catalog.
	Liked by

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode