.MXF Security

Aug 23, 2008 at 6:25am

.MXF Security

As far as I can tell, .mxf files are not very secure at all. It seems like it’s pretty easy to pull the patching information out of a .mxf file in TextEdit, copy it, and paste it into a new patcher in Max5. Is this supposed to work this way? I thought the point of the mxf files was that they were somewhat obfuscated so that people couldn’t edit/steal code?

#39407
Aug 23, 2008 at 6:46am

OK, I guess it’s not actually the ‘point’ of an MXF file to obfuscate anything. Are there any plans to make an encrypted export style for Max5? As it is right now, if I were to sell my app, anyone could open up the .mxf file in textedit, copy the patcher info, and paste it right into a max5 patch (they could do it in the demo, even, meaning just about anyone could easily steal the code, unlock demo version restrictions, etc etc.)

#138757
Aug 23, 2008 at 7:04am

On Sat, Aug 23, 2008 at 8:46 AM, mushoo wrote:

>
> OK, I guess it’s not actually the ‘point’ of an MXF file to obfuscate
> anything. Are there any plans to make an encrypted export style for Max5?
> As it is right now, if I were to sell my app, anyone could open up the .mxf
> file in textedit, copy the patcher info, and paste it right into a max5
> patch (they could do it in the demo, even, meaning just about anyone could
> easily steal the code, unlock demo version restrictions, etc etc.)
>

It’s text. So yes, its not meant to be secure. Save your patches as binary
instead.

Max5′s compressed text format is encrypted, but the goal is to reduce text
size for posting to the list, not security.

Thijs

#138758
Aug 23, 2008 at 7:13am

As far as I can tell, there is no way to save max5 patches as binary. Building an application now (in OSX, at least), builds a container application containing the Max Runtime and an MXF file.

#138759
Aug 23, 2008 at 9:22am

On Sat, Aug 23, 2008 at 9:13 AM, mushoo wrote:

>
> As far as I can tell, there is no way to save max5 patches as binary.
> Building an application now (in OSX, at least), builds a container
> application containing the Max Runtime and an MXF file.
>

I didn’t realize the maxpat format was just the json text. I see your point,
but I don’t have an answer.

Thijs

#138760
Aug 23, 2008 at 9:59am

On 23 Aug 2008, at 08:04, Thijs Koerselman wrote:

> Max5′s compressed text format is encrypted, but the goal is to
> reduce text size for posting to the list, not security.

It’s not encrypted – I believe it’s a combo of gzip and base64. What
would be the point of encryption, since Max can open it regardless?

– N.

Nick Rothwell / Cassiel.com Limited
http://www.cassiel.com
http://www.myspace.com/cassieldotcom
http://www.last.fm/music/cassiel
http://www.reverbnation.com/cassiel
http://www.linkedin.com/in/cassiel
http://www.loadbang.net

#138761
Aug 23, 2008 at 10:06am

Yeah the compressed copy is just that – compressed, not encrypted.

All I really want is a way to build binaries like in Max 4.6, so that if one were to release something closed-source to the public, it’d actually be closed-source. It just kind of bothers me that as it is, we don’t have a choice as to whether something we release made using max5 is open source or not – it pretty much just IS.

#138762
Aug 23, 2008 at 4:35pm

If you can put some of the code logic inside an external (coded in C) or into an mxj object, that part will be “secret” to all and sundry unless you OS the code.

Collectives were mainly invented so that a patch could have all required externals bundled with it. This avoids the embarrassment of preparing a performance patch, traveling thousands of miles with it, and then discovering some custom externals (or other components) are missing.

There’s never been a reliable mechanism for shrouding patches. Some people used to position windows at ridiculous offscreen coordinates as a form of protection, but that was also easy to circumvent.

If you want your work to remain proprietary, I think you’re either going to have to go either C or Java.

#138763
Aug 23, 2008 at 9:52pm

Well, yes but the main reason I use Max/MSP for making stuff is that I don’t know C or Java, and don’t really have the time to learn, whereas I know Max passably/well.

#138764
Aug 23, 2008 at 11:21pm

The collective file format is not “secure” nor has it been designed or represented as such. As Peter says, it’s more about a hopefully convenient way to make things portable.

If you want to encrypt work you have created in MaxMSP then you’ll need to roll something yourself or get involved with some kind of 3rd party CP software.

Cheers

Andrew

#138765
Aug 27, 2008 at 10:47pm

…can anybody provide me some assistance in extracting patcher information from a .mxf file created in Max 4? I can open the .mxf in BBEdit, but I don’t see any usable information, whether due to compression or encryption. I have lost my original patcher files due to computer theft and now have only the collective files that I placed in an installation to work from…

help!

/noah

#138766
Aug 27, 2008 at 10:55pm

Hi, Noah. Any chance you could attach some/one of the MXF files in question? I don’t know if I’ll be able to help but I’ll have a much better idea of whether or not I could if I could see the actual file. Promise I won’t steal anything!

#138767
Aug 27, 2008 at 11:24pm

MuShoo,

Attached are two of the .mxf files I am working with. Anything you can do would be so much appreciated. Thank you for your efforts!

/noah

#138768
Aug 28, 2008 at 12:39am

OK I’ve taken a look – I think you’re probably outta luck. :(

I did a couple quick tests, made some max4 binary files, and then MXFs of them, and compared the two – there’s some minor differences but everything is about the same length. There’s some extra characters at the beginning and end of a MXF file that I assume are meant as containers for the patching information – but I think they’re different for each file. Plus, some characters are shifted, while others are not.

For instance, in the binary editable file, you get

“{poly

#138769
Aug 28, 2008 at 1:22am

just to clarify, these mxf files were made as .exe collectives on a windows machine. i don’t know if this information will affect your process, but hey…

#138770

You must be logged in to reply to this topic.