Access Accde files Disassembler (1 Viewer)

[BenKuperstein]

I have recently created a disassembler program for the VBA bytecode saved inside accde files.
This potentially allows recovering some of the code that was stored inside it (if you know what you are doing).
The project is an early state, if you try it and encounter an bug please open an issue.

 

[BenKuperstein]

For some reason I can't publish the link to the project, search for AccessAccdeDisassembler by BenKuperstein in github

 

[theDBguy]

Hi Ben. Welcome to AWF!

Sorry, links are not allowed for new members to deter spammers. I'll check it out...

 

[isladogs]

Hi Ben
Welcome to the forum.

This is a very ambitious project you have embarked upon but I'm somewhat concerned about its purpose.
Many developers including myself supply projects as ACCDE files.
If you are able to supply a method by which anyone can reverse that process, it undermines the whole point of creating compiled code in the first place. What, if any, safeguards do you intend to attach to your code?

I am aware of the long established ACCDE to ACCDB conversion service available from Wayne Phillips at EverythingAccess.com. However, that is a paid service and he will only proceed if proof of ownership is supplied. That appears to be totally different from what you are working on.

 

[The_Doc_Man]

I will also add a general warning that reverse-assemblers / disassemblers may violate EULAs on products. Therefore, before anyone attempts to do any reverse engineering, double-check the legality of what you are about to do because it may well be illegal. For example, if you bought a commercial program that happens to be powered by Access Run-Time, running a disassembler might lead to copyright violations or other legal safeguards. Disassembly of VBA byte code may well run afoul of the MS EULA that goes with Office (any version). You DON'T want Microsoft on your tail. Trust me on that fine point.

 

[Jason Lee Hayes]

Disassembly of the bytecode stored in SRP streams is easy enough but of no value if the VBA code is purged.... There are other methods to achieve this using the right approach but cannot be discussed here... Remember IDA Pro is your best friend if you know how to make maximum use of it

 

[gemma-the-husky]

@isladogs
I use the code protector from everything access, which removes all trace of variable names from disassembled projects, thus making the code much less readable. Just in case. It only takes a few seconds to process any mde/accde

 

[BenKuperstein]

Hi Ben
Welcome to the forum.

This is a very ambitious project you have embarked upon but I'm somewhat concerned about its purpose.
Many developers including myself supply projects as ACCDE files.
If you are able to supply a method by which anyone can reverse that process, it undermines the whole point of creating compiled code in the first place. What, if any, safeguards do you intend to attach to your code?

I am aware of the long established ACCDE to ACCDB conversion service available from Wayne Phillips at EverythingAccess.com. However, that is a paid service and he will only proceed if proof of ownership is supplied. That appears to be totally different from what you are working on.

This project is very far from begin a full decompiler like the one provided by EverythingAccess.com.
It only provides disassembly to internal vba bytecode language and not a full decompilation, achieving actual modifiable source code is much more difficult to do automatically.
Of course it is possible to manually recover the source code from the disassembly, but this is quite tedious for a big project.
IMO this tool does not really threat any developer currently.
On a broader aspect, most programming languages do have open source decompilers (usually work really really good for higher level languages like C# or Java), and people are still able to make closed source products using them (sometimes more code protection mechanisms are used).
I think that the greatest value we provide as developers is not the code itself but the ability to support and maintain it for our customers needs (especially true for tailor made access projects).

 

[BenKuperstein]

I think that this tool can be really useful (if access version support would have better) for cases where you have a previous version of accdb file, but the most up to date version has been lost

 

[GPGeorge]

I think that this tool can be really useful (if access version support would have better) for cases where you have a previous version of accdb file, but the most up to date version has been lost

Can you guarantee that would be the only use for it?

 

[BenKuperstein]

I can't, since it is an open source project...

 

[GPGeorge]

Can you guarantee that would be the only use for it?

I can't, since it is an open source project...

Therein lies the significant concerns people have expressed about the appropriateness of the project. See The_Doc_Man's comments in particular.

 

[Jason Lee Hayes]

I will also add a general warning that reverse-assemblers / disassemblers may violate EULAs on products. Therefore, before anyone attempts to do any reverse engineering, double-check the legality of what you are about to do because it may well be illegal. For example, if you bought a commercial program that happens to be powered by Access Run-Time, running a disassembler might lead to copyright violations or other legal safeguards. Disassembly of VBA byte code may well run afoul of the MS EULA that goes with Office (any version). You DON'T want Microsoft on your tail. Trust me on that fine point.

Different countries have different rules; many dont have any legislation for RE both software & hardware.

Here is a plain English explanation of the Reverse Engineering Prohibited clause:
- The Receiving Party is the party getting software, prototypes or other tangible items from the Disclosing Party.
- The Receiving Party agrees not to reverse engineer, decompile or disassemble these items.
- Reverse engineering means taking something apart to see how it works.
- Decompiling and disassembling mean similar things, like converting back to source code.
- The Receiving Party cannot try to do these things to discover trade secrets.
- However, they may reverse engineer only if the law specifically allows it, despite this clause.
- The purpose is to protect the Disclosing Party's intellectual property and trade secrets.
- It prevents the Receiving Party from stealing proprietary information through reverse engineering.
- But it permits reverse engineering in limited cases where laws expressly authorize it.

All well and good but we can work within proxies and legally not be challenged or face prosecution where countries do not cover RE in law..

A good example i remember many years ago when sky card cloning was done using hardware only available to legally use in the Isle of Man. Once cloned remotely we could not be prosecuted and shipping to UK was not illigal too. The use of the card though was considered theft which is a different law all together.

 

[Pat Hartman]

@BenKuperstein A product like this opens you up to a lawsuit if your tool is used to break into an application by anyone other than the original developer. That is why Wayne insists on proof of ownership before decompiling the database you send to him. So, you probably want to think twice about what you have done by releasing the source code.

 

[Jason Lee Hayes]

@BenKuperstein A product like this opens you up to a lawsuit if your tool is used to break into an application by anyone other than the original developer. That is why Wayne insists on proof of ownership before decompiling the database you send to him. So, you probably want to think twice about what you have done by releasing the source code.

A lawsuit would not stand in any country by providing such a tool. A 3rd party making use of it is a different thing altogether.

 

[GPGeorge]

A lawsuit would not stand in any country by providing such a tool.

Spoiler:

A 3rd party making use of it is a different thing altogether.

Could you elaborate on that statement, which doesn't parse very well logically. What does it mean?

 

[sonic8]

What does it mean?

Neither selling nor buying a hammer is a crime.
Using the hammer to smash other peoples' property very well is.

 

[GPGeorge]

Neither selling nor buying a hammer is a crime.
Using the hammer to smash other peoples' property very well is.

That explanation is a good a translation. Thanks.