GDL
About building parametric objects with GDL.

gdl password protection safety

ae91a8a4
Contributor

i am wondering, how is the password protection of a gdl safe? (if it is)

every instance of archicad can read a password protected gdl, without knowing the password.

are gdl's really even encrypted, or is it just a farce?

9 REPLIES 9
Jochen Suehlo
Moderator

The script is protected and encrypted, not the use of the object. It is not possible to see the script in a protected object, if yo do not have the password. How safe this is, I do not know.
The conversion from gsm to xml is also not possible without password.

Jochen Suehlo . AC12-27 . MAC OSX 14.4 . WIN11
GDL object creation: b-prisma.de
Barry Kelly
Moderator

The old 'hide scripts' option was quite easy to bypass, but with the new password protection, I have not found a way around it.

The best I have done is to get a list of the parameter names used (as these are hidden as well, although I don't think they should be).

So I think it is quite safe.

 

Just don't lose your password, as there is no way to recover it.

Or keep an original copy of your object that is not password protected.

Do not use 'Save As' to keep a copy with/without the password as that will create an object with the same name but different GSID, and they will not be compatible.

Just 'save' without password protection and them move a copy to another folder for your records.

Then save the original with password protection.

Or as I said, just never forget the password.

 

Barry.

One of the forum moderators.
Versions 6.5 to 27
i7-10700 @ 2.9Ghz, 32GB ram, GeForce RTX 2060 (6GB), Windows 10
Lenovo Thinkpad - i7-1270P 2.20 GHz, 32GB RAM, Nvidia T550, Windows 11

i'm totally with you about the hidden parameters.
i would like to know how you got them.

for the important gdl's i work with the hsf format, to never lose access to the source code.

 

i hope you are right about the safety,

although chat-gpt has a different "opinion" on that:

It is important to note that if a software claims to provide encryption that allows users around the world to read files without knowing the password, then the encryption scheme being used is likely not secure. True encryption relies on the secrecy of the password or key to protect the content, and allowing anyone to read the file without knowing the password would mean that the encryption is easily breakable.

Maybe GS team used for password something like Zero-knowledge proof. Plus there's no such thing as 100% guarantee...

AC 22, 24 | Win 10
Jochen Suehlo
Moderator

You can hide the scripts by using the XML-Converter, and the Parameters are still be seen.
But be aware, that this operation can't be undone. The scripter himself will not be able to get access to the script, except he has a copy.
See more about this:
"

4.3 Hiding script sections

Library Parts provide a way to have the scripts hidden from the end user. This can be done in XML by adding 64 to the SectionFlags attribute of the script to be hidden. This will create a GSM file with the given scripts hidden. Converting a library part with hidden scripts back to XML will create empty script elements, so be sure to keep the original XML files after publishing the library."

Jochen Suehlo . AC12-27 . MAC OSX 14.4 . WIN11
GDL object creation: b-prisma.de

i'm sure there is no function in archicad or the conversion-tool to bypass the password protection.

but from a encryption standpoint the gsm file is either encrypted or not.
there is no "use-only-encryption"...
the question is: whats the encryption-key?
if it was the password given by the gdl-author, then nobody else could use the script.
so it has to be a universal graphisoft-password, which has to be stored inside of archicad.
if someone can reverse-engineer that, they can unlock all the gdl's with one password.

there are cracked versions of archicad on the internet.
it's hard to believe nobody ever cracked the gsm-encryption-part of it...

i mean i'm all for open source, but more on a voluntarily basis...

 


@ae91a8a4 wrote:

i'm totally with you about the hidden parameters.
i would like to know how you got them.


Place the passworded object in a plan.

Select it and save that as a new object.

It will create a new object and if you open the script for it, you will see a CALL for the original object and should list all of the parameters and their default values.

 

Barry.

One of the forum moderators.
Versions 6.5 to 27
i7-10700 @ 2.9Ghz, 32GB ram, GeForce RTX 2060 (6GB), Windows 10
Lenovo Thinkpad - i7-1270P 2.20 GHz, 32GB RAM, Nvidia T550, Windows 11

Also when you create a schedule you can see all parameters of object, how they are called

AC 22, 24 | Win 10

i tried to understand what you mean by that, but i can't put it together.

but i tried something else.
if you save a encrypted gsm with a repetitive content,
e.g. a bunch of lines with zeros,
you get a repetitive binary.

this means the encryption is more in the ballpark of a caesar cipher
and therefore not exactly safe...

Didn't find the answer?

Check other topics in this Forum

Back to Forum

Read the latest accepted solutions!

Accepted Solutions

Start a new conversation!