Security of LabVIEW VI Password Protection vs. Removing VI Block Diagrams

Issue Details

I would like to block the user from viewing and editing the block diagram of my VI. What are my options, and what are the differences in security levels?
 

Solution

LabVIEW VI Password Protection

LabVIEW VI password protection is a feature that allows the user to run the VI, but prevents the user from viewing or editing the VI's block diagram without a password. This feature will apply when the VI is opened in future versions of LabVIEW as long as it is recompiled. See Creating Password-Protected VIs to learn how to password-protect a VI.

In order for LabVIEW to be able to recompile a VI, it must be able to read the VI’s block diagram. Because LabVIEW must be able to execute this without prompting the user for a password, LabVIEW cannot use any strong encryption to protect the VI’s block diagram. The current VI password protection mechanism relies on a set of hashes derived from the VI password and additional salt (data used as input to the hash function) embedded at different locations inside the VI. The password itself never gets stored inside the VI, ensuring that LabVIEW still has access to the block diagram without prompting for the password, should it need to recompile the VI. At the same time, users will be prompted for the VI password should they try to view or edit the VI’s block diagram. When the user enters a password, LabVIEW compares the computed set of hashes for the entered password with the hashes stored in the VI before letting the user access the block diagram. As a result of this approach and the design decision not to encrypt the VI’s block diagram, it is possible for an attacker to either replace the password hashes with their own, should they either be able to: 

1. Determine the salt, as well as the exact locations of the hashes inside the VI file -or-
2. Modify the hash comparison routines of the LabVIEW process, e.g. using a memory debugger

While we believe it to be rare to date, it is possible for an attacker to create a program that can crack a VI’s password protection, replacing its password with another of the attacker’s choosing.

If you require greater security than that provided by VI password protection, we recommend that you instead remove the VI’s block diagram.


Removing the VI's Block Diagram

Removing a VI's block diagram provides greater protection than using VI password protection, but does not allow easy recovery of the block diagram or use on different LabVIEW versions. See Removing Block Diagrams from VIs to learn how to remove VI block diagrams.

Once you have removed the VI’s block diagram, recovering the original block diagram from the VI is quite difficult, comparable to recovering the source of a text program given only the executable application containing the machine instructions generated by the text language compiler. In addition, LabVIEW will only allow running the VI on the same LabVIEW version and platform for which the VI was compiled and saved; future LabVIEW versions or other platforms will not be able to recompile the VI. Therefore, you will need to provide a separate VI for each combination of LabVIEW version and platform you wish to support. 

Avoiding this VI distribution burden that accompanies removing VI block diagrams is the reason we created and continue to provide the VI password protection feature, even though it is less secure than removing VI block diagrams.