• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])

  • Subject: Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • From: Pierre-Olivier Latour <email@hidden>
  • Date: Sun, 28 Jul 2002 02:58:38 +0200
> If your software is any good it *will* be cracked -- I once read the
> "news bulletin" on a cracker-site and saw many comments like this:
> "Program XXX cracked due to weak pseudo-random-number-generator" -- so
> not only is it no problem for the crackers to ressource your program
> (and the site in question actually dealt with Windows software, i.e.
> already highly obfuscated x86 assemblar ;-) ) and figure out the logic,
> but they can also overcome mathematical challenges you may introduce by
> e.g. using a secret key to sign the name of the person who register your
> program, and use that signature as the serial number..

I already know this rule: every program gets cracked. All the programs I've
done were cracked (for one of them, I even found the sn algorithm
reversed-engineered - that was actually useful to me, since I did not
remember it ;) ).

My latest software (about 8 months old) has not been cracked yet, but 2 of
its sn were in Serial Surfers about 2 months after its release... Of course,
I know who leak the SN since I have the name & address of each buyer, but
I'm not going to go on trial for this of course...

The point is not about having your software not being cracked (as you said
it well, if it's popular, it will be anyway), but about having it protected
enough to be cracked only by "professional" crackers.


The only really secure protection I've heard about is having a small but
critical portion of the application code run on an Internet server. When
your app needs to execute this code, it simply sends the parameters to the
server, which returns the result. The server can easily check if the user is
registered of not.
This system is virtually uncrackable, since the cracker would have to
rewrite the complete algorithm, compile it then insert it into the
executable to hack the software.

Never tried this system into my programs since of course, you need:
1) a program that has a critical code routine very difficult to rewrite
(like a complex mathematical algorithm)
2) users with permanent internet connections

It might even work with a simple PHP script on the server, who knows?

_____________________________________________________________

Pierre-Olivier Latour email@hidden
Lausanne, Switzerland http://www.pol-online.net
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
References: 
 >Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...]) (From: Allan Odgaard <email@hidden>)

  • Prev by Date: Re: (no subject)
  • Next by Date: Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • Previous by thread: Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • Next by thread: Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • Index(es):
    • Date
    • Thread