Have an amazing solution built in RAD Studio? Let us know. Looking for discounts? Visit our Special Offers page!
DelphiResearch

Delphi Provides Better Enterprise Source Code Protection Than WPF And Electron

wp1_ip_security_gauge

How do Delphi, WPF .NET Framework, and Electron perform compared to each other, and what’s the best way to make an objective comparison? Embarcadero commissioned a whitepaper to investigate the differences between Delphi, WPF .NET Framework and Electron for building Windows desktop applications. The benchmark application – a Windows 10 Calculator clone – was recreated in each framework by three Delphi Most Valuable Professionals (MVPs) volunteers, one expert freelance WPF developer, and one expert Electron freelance developer. In this blog post, we are going to explore the IP Security metric, which is part of the Functionality comparison used in the whitepaper.

rad-studio-1042

What is IP Security in a deployable application?

How secure is the intellectual property of the source code in a deployable project? After businesses invest resources into their projects, they face the challenge of putting their product into the hands of the public while protecting the code and techniques that produce revenue. This qualitative metric evaluates the ability of a user to access source code via decompilation. 

calc

Intellectual property protection is fundamentally important to long-term business plans. If a product solves a new problem or utilizes a novel technique, the developers should understand how their choice of framework affects IP vulnerability. Delphi programs compile into platform-native machine code rather than intermediate code. Decompilation using free tools can recover the GUI form but only yields assembly code for the logic. IP security is more tenuous in WPF. Decompiling executable and library files with free tools results in recognizable C# business logic and nearly recognizable XAML text. Finally, Electron has the most significant problem – it gives away source code with each installation by default. Electron application code can be recovered with a simple text editor – a function of how the framework is structured – but can be somewhat obfuscated using third-3rd party tools. Available decompiler tools and their results when applied to each framework’s calculator application are listed below.

The goal of this decompilation exercise was to determine the feasibility of retrieving both the UI and the original code from each framework’s calculator application using open-source or free tools. The frameworks assessed were Delphi VCL, Delphi FMX, WPF (C#), and Electron (with Angular).

When the Delphi VCL and FMX calculators were decompiled, all UI elements were successfully extracted and the logic code was presented as assembly. This exercise did not extract function and procedure structure, but it may be possible.

Decompiling the WPF calculator yielded the UI elements and mostly recognizable C# code. WPF .NET Framework applications use a known MSIL (Microsoft Intermediate Language) format that is easy to disassemble and decompile. Dependent assemblies can easily be extracted. Resources can easily be extracted. .NET Reflection can be used to extract information about a .NET assembly. The entire contents can be extracted including the classes, methods, code, and resources from an assembly. An advanced decompiler can reconstruct almost the exact structure of your code including for/while loops, if statements, and try catch blocks. Literal strings can easily be extracted. Finally, calls to methods and properties to external assemblies can be extracted.

The UI elements and JavaScript code of the Electron calculator are easily exposed using a standard text editor. The Typescript code was transpiled into JavaScript and could not be recovered. Overall, Electron’s packaging provided a very limited level of obfuscation.

wp1_ip_security-9146666

Let’s take a look at each framework.

Can Delphi applications be decompiled?

Delphi compiles to native machine code, eliminating much of the source code structure and metadata necessary for accurate decompilation and interpretation. Decompilation using a tool like DeDe will provide full details about the UI but only assembly code for the logic/back-end.

Decompilation Tools

  • DeDe – one of the most popular Delphi decompilers.
  • Interactive Delphi Reconstructor – a decompiler for Delphi executables and dynamic libraries.
  • MiTeC DFM Editor – a standalone editor for Delphi Form files (*.dfm) in both binary and text format.
code1-9102577
DeDe Decompilation of Delphi VCL
calcform1-4789534
DFM Editor GUI Code View of Delphi VCL
calcform2-2620481
DFM Editor GUI Design View of Delphi VCL
code2-3165443
Delphi VCL Assembly Code Generated by IDR
tcoffeeandcode

Can WPF .NET Framework applications be decompiled?

WPF compiled to a Windows desktop application is converted to .dll and .baml files. Decompilation back to recognizable C# and near-perfect XAML is possible through 3rd party tools. Microsoft includes a community edition of Dotfuscator with Visual Studio but its license is for personal use only. Professional solutions for .NET obfuscation range from hundreds to thousands of dollars. There are also extra steps involved to protect an application with an obfuscation tool.

Decompilation Tools

  • WPF StylesExplorer – a WPF .baml decompiler and tool to explore .baml resources.
  • Snoop WPF – a tool to spy/browse the visual tree of a running WPF application without the need for a debugger.
  • JetBrains dotPeek – a .NET decompiler and assembly browser.
code1-5023829
dotPeek Decompilation of WPF Logic
ui1-9482695
dotPeek Decompilation of WPF GUI
ui2-8640867
Snoop WPF Decompilation of WPF GUI

Can Electron applications be decompiled?

Electron source code is packaged and deployed to the end-user’s system. Unless a developer uses third-3rd party tools to obfuscate code, the source code can be read verbatim using a simple text editor or by unpacking with a tool like asar.

Decompilation Tools

  • TextPad – a general purpose text editor for plaintext files.
  • asar – a simple file uncompressed concatenation archive format packing and unpacking tool.
code1-7271822
Textpad Displaying Electron Logic Code
ui1-7519115
Textpad Displaying Electron UI Code

Overall, Delphi provides the most assured long-term outlook, best intellectual property security, and easiest in-house customization at the cost of a one-time commercial license purchase. WPF’s can be decompiled with ease in it’s default setup and requires extra steps and tools to obfuscate it’s code. Electron also can be decompiled with ease in it’s default setup. It requires extra steps and tools to obfuscate the code. An uncertain long-term outlook and relying on corporate sponsorships and community support for additional development are detrimental.

Ready to explore all the metrics in the “Discovering The Best Developer Framework Through Benchmarking” whitepaper?

Download The Free Delphi vs. WPF vs. Electron for Windows Desktops Whitepaper


What's New for RAD Studio 11

Reduce development time and get to market faster with RAD Studio, Delphi, or C++Builder.
Design. Code. Compile. Deploy.
Start Free Trial   Upgrade Today

   Free Delphi Community Edition   Free C++Builder Community Edition

About author

Chief Developer Advocate for Embarcadero Technologies.
Related posts
C++DelphiRAD Studio

The High-Performance Future Of AI Is REST APIs

CodeDelphiTech Partner

How To Create Your Own Components For The FastReport Dialog

C++Code

What Are The New C++ Posts From LearnCPlusPlus.org?

DelphiRAD Studio

Delphi in the Galileo Project in Brazil

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IN THE ARTICLES