Forums > MaxMSP

.MXF Security

August 23, 2008 | 6:25 am

As far as I can tell, .mxf files are not very secure at all. It seems like it’s pretty easy to pull the patching information out of a .mxf file in TextEdit, copy it, and paste it into a new patcher in Max5. Is this supposed to work this way? I thought the point of the mxf files was that they were somewhat obfuscated so that people couldn’t edit/steal code?


August 23, 2008 | 6:46 am

OK, I guess it’s not actually the ‘point’ of an MXF file to obfuscate anything. Are there any plans to make an encrypted export style for Max5? As it is right now, if I were to sell my app, anyone could open up the .mxf file in textedit, copy the patcher info, and paste it right into a max5 patch (they could do it in the demo, even, meaning just about anyone could easily steal the code, unlock demo version restrictions, etc etc.)


August 23, 2008 | 7:04 am

On Sat, Aug 23, 2008 at 8:46 AM, mushoo wrote:

>
> OK, I guess it’s not actually the ‘point’ of an MXF file to obfuscate
> anything. Are there any plans to make an encrypted export style for Max5?
> As it is right now, if I were to sell my app, anyone could open up the .mxf
> file in textedit, copy the patcher info, and paste it right into a max5
> patch (they could do it in the demo, even, meaning just about anyone could
> easily steal the code, unlock demo version restrictions, etc etc.)
>

It’s text. So yes, its not meant to be secure. Save your patches as binary
instead.

Max5′s compressed text format is encrypted, but the goal is to reduce text
size for posting to the list, not security.

Thijs


August 23, 2008 | 7:13 am

As far as I can tell, there is no way to save max5 patches as binary. Building an application now (in OSX, at least), builds a container application containing the Max Runtime and an MXF file.


August 23, 2008 | 9:22 am

On Sat, Aug 23, 2008 at 9:13 AM, mushoo wrote:

>
> As far as I can tell, there is no way to save max5 patches as binary.
> Building an application now (in OSX, at least), builds a container
> application containing the Max Runtime and an MXF file.
>

I didn’t realize the maxpat format was just the json text. I see your point,
but I don’t have an answer.

Thijs


August 23, 2008 | 9:59 am

On 23 Aug 2008, at 08:04, Thijs Koerselman wrote:

> Max5′s compressed text format is encrypted, but the goal is to
> reduce text size for posting to the list, not security.

It’s not encrypted – I believe it’s a combo of gzip and base64. What
would be the point of encryption, since Max can open it regardless?

– N.

Nick Rothwell / Cassiel.com Limited
http://www.cassiel.com
http://www.myspace.com/cassieldotcom
http://www.last.fm/music/cassiel
http://www.reverbnation.com/cassiel
http://www.linkedin.com/in/cassiel
http://www.loadbang.net


August 23, 2008 | 10:06 am

Yeah the compressed copy is just that – compressed, not encrypted.

All I really want is a way to build binaries like in Max 4.6, so that if one were to release something closed-source to the public, it’d actually be closed-source. It just kind of bothers me that as it is, we don’t have a choice as to whether something we release made using max5 is open source or not – it pretty much just IS.


August 23, 2008 | 4:35 pm

If you can put some of the code logic inside an external (coded in C) or into an mxj object, that part will be "secret" to all and sundry unless you OS the code.

Collectives were mainly invented so that a patch could have all required externals bundled with it. This avoids the embarrassment of preparing a performance patch, traveling thousands of miles with it, and then discovering some custom externals (or other components) are missing.

There’s never been a reliable mechanism for shrouding patches. Some people used to position windows at ridiculous offscreen coordinates as a form of protection, but that was also easy to circumvent.

If you want your work to remain proprietary, I think you’re either going to have to go either C or Java.


August 23, 2008 | 9:52 pm

Well, yes but the main reason I use Max/MSP for making stuff is that I don’t know C or Java, and don’t really have the time to learn, whereas I know Max passably/well.


August 23, 2008 | 11:21 pm

The collective file format is not "secure" nor has it been designed or represented as such. As Peter says, it’s more about a hopefully convenient way to make things portable.

If you want to encrypt work you have created in MaxMSP then you’ll need to roll something yourself or get involved with some kind of 3rd party CP software.

Cheers

Andrew


August 27, 2008 | 10:47 pm

…can anybody provide me some assistance in extracting patcher information from a .mxf file created in Max 4? I can open the .mxf in BBEdit, but I don’t see any usable information, whether due to compression or encryption. I have lost my original patcher files due to computer theft and now have only the collective files that I placed in an installation to work from…

help!

/noah


August 27, 2008 | 10:55 pm

Hi, Noah. Any chance you could attach some/one of the MXF files in question? I don’t know if I’ll be able to help but I’ll have a much better idea of whether or not I could if I could see the actual file. Promise I won’t steal anything!


August 27, 2008 | 11:24 pm

MuShoo,

Attached are two of the .mxf files I am working with. Anything you can do would be so much appreciated. Thank you for your efforts!

/noah


August 28, 2008 | 12:39 am

OK I’ve taken a look – I think you’re probably outta luck. :(

I did a couple quick tests, made some max4 binary files, and then MXFs of them, and compared the two – there’s some minor differences but everything is about the same length. There’s some extra characters at the beginning and end of a MXF file that I assume are meant as containers for the patching information – but I think they’re different for each file. Plus, some characters are shifted, while others are not.

For instance, in the binary editable file, you get

"{poly


August 28, 2008 | 1:22 am

just to clarify, these mxf files were made as .exe collectives on a windows machine. i don’t know if this information will affect your process, but hey…


Viewing 15 posts - 1 through 15 (of 15 total)