• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])

  • Subject: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • From: Allan Odgaard <email@hidden>
  • Date: Sat, 27 Jul 2002 23:56:27 +0200
On lxrdag, juli 27, 2002, at 10:21 , Pierre-Olivier Latour wrote:

If you'd like, I could take a look at your registration solution and provide
feedback on how you could make it more secure. I have had some experience
with this lately. I have evaluated about 30 cocoa programs and their
respective serial number mechanisms in order to find the best solution for
my own application. I managed to crack 20 of them in less than an hour each [...]

It would be very interesting if you'd write a summary of your observations! I realize the potential harm that could do to the weak registration-schemes out there, OTOH you may help those authors do better, and as long as you don't mention programs by name... furthermore it's unlikely that Joe User will be able to use the summary to crack his favourite program...

However, I'm seriously concerned about serial numbers in cocoa programs:
because because of Obj-C, it seems easier to crack.

If your software is any good it *will* be cracked -- I once read the "news bulletin" on a cracker-site and saw many comments like this: "Program XXX cracked due to weak pseudo-random-number-generator" -- so not only is it no problem for the crackers to ressource your program (and the site in question actually dealt with Windows software, i.e. already highly obfuscated x86 assemblar ;-) ) and figure out the logic, but they can also overcome mathematical challenges you may introduce by e.g. using a secret key to sign the name of the person who register your program, and use that signature as the serial number...
--
http://www.diku.dk/students/duff/
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
      • From: Brent Gulanowski <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
      • From: Pierre-Olivier Latour <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
      • From: David Remahl <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
      • From: Carson Baker <email@hidden>
References: 
 >Re: Hiding class and method symbols in the compiled program? (From: Pierre-Olivier Latour <email@hidden>)

  • Prev by Date: Re: Alternate for NSUIElement
  • Next by Date: Breaking on runtime asserts
  • Previous by thread: Re: Hiding class and method symbols in the compiled program?
  • Next by thread: Re: Serial number verification / obfuscation (was: Re: Hiding [...] symbols [...])
  • Index(es):
    • Date
    • Thread