Topics

Forum Topics not found

Replies

skoutz.rothchild
22 Jun 2017, 10:46

RE: RE: RE: RE:

BeardPower said:

skoutz.rothchild said:

What you say is theoretically correct but is knowledge of no practical usage

I assume he was not referring to breaking AES, but normal decryption with the key, which can be grabbed.
The decryption key needs to be stored somewhere, be it a passphrase or the hash of the passphrase. The .calgo files are used by cTrader/cAlgo, so they need to load and decrypt the files. To achieve this, they need the key, which means it has to be stored somewhere. The decryped/plaintext key is at some point available in RAM and so it can be grabbed.The attack vector is not the encrypted .calgo file, but the application, which is using/decrypting it, which is cTrader/cAlgo.

You are absolutely right even though I don't think this is what his point was. But again, good luck with that :) ! Even with decryption gone, you still need to pass through the obfuscation security layer... To be honest, I believe that most people would not undersand what a cBot does even if they were given the actual C# code. Personally I believe that Spotware's security is more than enough for cBots that in general do not cost more that some bucks to buy. More sophisticated strategies are usually offered through signals or pamm accounts rather that cBots. If you have such a valuable strategy that worths all this hacking effort and you sell it as a cBot then you are really running your business bad. 


@skoutz.rothchild

skoutz.rothchild
19 Jun 2017, 10:31

RE: RE:

Harry Sty said:

Spotware said:

Hi to all,

cAlgo files are encrypted and can be decrypted only by cAlgo. Therefore it is not possible to be reverse engineered. Reverse engineering would be possible only if the files where obfuscated or compiled to native code, somehing which is not the case with cAlgo.

 

Any Turing based machines, of which cAlgo is a class of, or more generally pretty much all of our current compute architecture is based on, can be reverse engineered. The question is at what cost.

Even if encryption is added as a layer, you will still need to decrypt it to run. At that point, anyone adept enough can read the original intent of the cBot. The question is still the same, at what cost does the reader want to pay to read the code.

What you say is theoretically correct but is knowledge of no practical usage. Everyone with computer science degree knows that but even if Spotware encrypts their files with a typical AES encryption algorithm, it will practically take enormous time to decrypt. No matter how much you invest. Quoting Wikipedia

"...This is a very small gain, as a 126-bit key (instead of 128-bits) would still take billions of years to brute force on current and foreseeable hardware. Also, the authors calculate the best attack using their technique on AES with a 128 bit key requires storing 288 bits of data (though this has later been improved to 256,[28] which is 9 petabytes). That works out to about 38 trillion terabytes of data, which is more than all the data stored on all the computers on the planet in 2016. As such this is a seriously impractical attack which has no practical implication on AES security... "

 


@skoutz.rothchild

skoutz.rothchild
16 May 2017, 16:08

Can you post the FIX message you use?


@skoutz.rothchild

skoutz.rothchild
13 Mar 2017, 14:01

Hi,

I tried for the period Febuary 11th to March 8th but i dont get 40% return. I will try again and send you the screenshot and input paramerers.

Thanks


@skoutz.rothchild

skoutz.rothchild
13 Mar 2017, 12:29

Hi trend_meanreversion,

I tried reproducing your results using backtesting but I couldn't. Can you please provide some instructions on how to reproduce your results for the specified period using backtesting? If i manage to reproduce it i might "invest" something also :).

Thanks!


@skoutz.rothchild