protection levels comparison
ReFox will decompile Level I+ only if used standalone,
if combined with III (or II+) the protection is irreversible,
(III or II+ is made over I+)
using password
with Level I or I+
the password means a magic word which enables decompilation,
with Level II, II+, III the password is hashed to long int which is used
as a seed
for random number generator modifying the encryption
(password is not used for decompilation)
if you do not use password:
ReFox will use any random value derived from internal clock ticks
i.e. each file you protect will have different encryption,
(see the =gen= value in the protection log file)
these files cannot work together
you have to use any password (i.e. not empty) if your application will call any external fxp or app
(all must be protected using the same encryption)
(with Level III - the external fxp or app can be not-protected,
i.e not encrypted at all or VFP standard encryption only, if you are not interested in protecting it)
you should use I+ dbg option (not remove debug information) for testing and debuging only,
you should allways remove debug info from application before releasing/publishing it
(I+ will empty the METHOD field and protect the OBJCODE in VCX and SCX)
if your application calls any external, then the hacker can use it to inject
a short code
which will force VFP to export all open VCX and SCX,
(the possibility of code injection is a weakness of VFP
- Chris Wollenhaupt aka foxpert has reported it several years ago)
if the debug info were not removed, all the source code is accesible in the METHODS field,
using I+ protects the code in OBJCODE from decompilation
---
rexbrand.html