Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Native Development


Thank you for visiting the BlackBerry Support Community Forums.

BlackBerry will be closing the BlackBerry Support Community Forums Device Forums on April 1st (Developers, see below)

BlackBerry remains committed to providing excellent customer support to our customers. We are delighted to direct you to the CrackBerry Forums, a well-established and thorough support channel, for continued BlackBerry support. Please visit http://forums.crackberry.com or http://crackberry.com/ask. You can also continue to visit BlackBerry Support or the BlackBerry Knowledge Base for official support options available for your BlackBerry Smartphone.

"When we launched CrackBerry.com 10 years ago, we set out to make it a fun and useful destination where BlackBerry Smartphone owners could share their excitement and learn to unleash the full potential of their BlackBerry. A decade later, the CrackBerry community is as active and passionate as ever and I know our knowledgeable members and volunteers will be excited to welcome and assist more BlackBerry owners with their questions."

- Kevin Michaluk, Founder, CrackBerry.com

Developers, for more information about the BlackBerry Developer Community please review Join the Conversation on the BlackBerry Developer Community Forums found on Inside BlackBerry.


Reply
Developer
Posts: 828
Registered: ‎10-16-2012
My Device: Red Z10
My Carrier: Rogers

Re: QML obfuscation

@BBSJdev in app for free apps would theoretically be the same, because only the purchase initates the payment service unless the app itself is paid then it should go through the encryption 

 

but it appears that qrc is only visually appealing

Developer
Posts: 1,178
Registered: ‎03-20-2013
My Device: Red LE Developer Z10
My Carrier: Fido

Re: QML obfuscation

This is a good point. My app is a "freemium" product. The download and basic features are free to download and use, but enhanced features are unlocked via in-app purchases. My application QML would be wide open if someone obtained the bar file, even though a legit user would have to pay for full features.

 

That said, quite a bit of the hard stuff in my app is written in C++ so figuring out that stuff would be more difficult. I'm in the midst of a complete ground-up rewrite just now, and my new version will have just about all program code in C++ with only the page layouts in QML so I guess that will be more secure against reverse engineering.

 


slashkyle wrote:

@BBSJdev in app for free apps would theoretically be the same, because only the purchase initates the payment service unless the app itself is paid then it should go through the encryption 

 

but it appears that qrc is only visually appealing






Developer of Built for BlackBerry certified multiFEED RSS/Atom feed reader and aggregator.  multiFEED Icon

Play nice: Clicking Like Button on posts that helped you not only encourages others to continue sharing their experience, but also improves your own rating on this board. Also, don't forget to accept a post if it solves your problem or answers your question.
Highlighted
Developer
Posts: 206
Registered: ‎05-15-2012
My Device: None
My Carrier: Telus

Re: QML obfuscation

At the end of the day, if somebody got a hold of my QML, it would probably be quicker for them to rewrite it all in their own style then to try to reimplement my c++ code-behind, so I don't see this as a very serious issue.

----------------------
Check out my app, Alien Flow for reddit

And of course, like my post if you found it helpful or informative!
Developer
Posts: 1,178
Registered: ‎03-20-2013
My Device: Red LE Developer Z10
My Carrier: Fido

Re: QML obfuscation

Hi Simon. I know this is an old thread, but this new tool makes all our QML and Javascript open for the peeking...

 

http://forums.crackberry.com/blackberry-10-apps-f274/download-bar-any-physical-bar-bbworld-980486/

 

Your comments?



Developer of Built for BlackBerry certified multiFEED RSS/Atom feed reader and aggregator.  multiFEED Icon

Play nice: Clicking Like Button on posts that helped you not only encourages others to continue sharing their experience, but also improves your own rating on this board. Also, don't forget to accept a post if it solves your problem or answers your question.
Developer
Posts: 92
Registered: ‎10-30-2011
My Device: Blackberry Playbook
My Carrier: Telstra LTE

Re: QML obfuscation

[ Edited ]

Well, it's not new at all. You have always been able to download .bar files for free and paid apps of BBOS, Playbook and BB10. It's not exactly a secret either. I'm surprised the people in these comments did not know of it.

 

I made a little tool to create some awareness about the issue. It is actually easier to use the blackberry url directly than using that tool I created. Although for the sake of not sparking a frenzy and in the interest of protecting paid apps, I have not released that url. It is, however, described on Google already if anyone cared to look it up. It's also known by quite a number of people.

 

So, you still can and I doubt it will change any time soon. You should always assume people can see your .bar.

Developer
Posts: 78
Registered: ‎12-11-2013
My Device: BlackBerry Z10
My Carrier: Maxis

Re: QML obfuscation

The issue is not as wide you think otherwise there would be a lot of warez website. It's definitely not wide spread until you release a too. All threads in BlackBerry forum like "bar downloading bar directly from app world ", "qml obfuscation" and "obfuscation of bb10 code" have link towards crackberry "bar download" thread started by you.
Developer
Posts: 92
Registered: ‎10-30-2011
My Device: Blackberry Playbook
My Carrier: Telstra LTE

Re: QML obfuscation

[ Edited ]

It is quite common but you're right, no one has started 'warez' threads. What's the point in doing such a thing?

You'll notice no one did that after I created the awareness either.

Those are just recent threads. This issue is as old as AppWorld/BBWorld itself.

Developer
Posts: 82
Registered: ‎11-04-2011
My Device: PlayBook, DAC, SQN100-3, STL100-1, STL100-2
My Carrier: MTS RUS

Re: QML obfuscation

Hi, if you look at post 17 of this thread you see that I mentioned about missed ssl encryption for downloading free apps from BBW (I also post a bug to jira that day) in September 2013. BlackBerry spend more than 6 months to fix it. It's a shame. And if I understand correctly this bug is known for 3-4 years.

Developer
Posts: 92
Registered: ‎10-30-2011
My Device: Blackberry Playbook
My Carrier: Telstra LTE

Re: QML obfuscation

[ Edited ]

Hey xnike,

The SSL encryption is only for network downloads over BBWorld. This is to prevent MITM attacks that was reported as a security exploit. Not in any way related to downloading of .bar files.

No encryption is used in downloading .bar files and anyone can do this with a simple HTTP request.

 

JIRA is fairly useless. I have a bunch of Playbook bugs I reported that were never even looked at. I had a look the other day and it said '50 new bugs this month, 0 fixed'. You need to talk to their security team when you discover things like this and then hope that they think it is an issue too. If it's not related to security, then  no idea!

Developer
Posts: 82
Registered: ‎11-04-2011
My Device: PlayBook, DAC, SQN100-3, STL100-1, STL100-2
My Carrier: MTS RUS

Re: QML obfuscation

Hi, yes I know this.

I've mentioned this just to show how BlackBerry handle security related issues. If this was not a bug, then BlackBerry should not fixed it at all. The same applies to another still open issues.