• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serial number verification / obfuscation (was: Re: Hiding
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serial number verification / obfuscation (was: Re: Hiding

  • Subject: Re: Serial number verification / obfuscation (was: Re: Hiding
  • From: Ondra Cada <email@hidden>
  • Date: Sun, 28 Jul 2002 18:52:27 +0200
On Sunday, July 28, 2002, at 06:25 , Andrew Merenbach wrote:

One can, for example, tell the program to retrieve its own file size, in bytes. That can be a very simple checksum, as few programs have the same number of bytes. If a hacker/cracker patched the code, the number of bytes might change, and then the program could render itself unusable.

Considering that preferences are not stored within an application, and thus that the contents of an application are only likely to change if it is tampered with, this could be a very secure method of preventing tampering.

It is not. For anyone who can patch the original serial number check it is quite easy to patch the other one (which checks the length, or checksum, or MD5 hash, or just whatever) too.

You can devise more and more devillish schemes like placing a big number of such checks into different places in code to be performed randomly, perhaps with quite a low probability (so that there's a good chance that cracker's testing won't hit them, whilst using a cracked version, sooner or later, would), and that's just a beginning of the way...

Don't waste time though: the cracker's time is always cheaper than yours, and -- triple alas -- often the sob is even smarter. The scheme of the previous paragraph would be overcome by automated testing. As soon as you devise something to prevent it (say, first idea: checking the clock to know whether the last 10000 of usages happened to be in last hour), the cracker would change the clock. And so on, and so forth.
---
Ondra Cada
OCSoftware: email@hidden http://www.ocs.cz
private email@hidden http://www.ocs.cz/oc
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Serial number verification / obfuscation (was: Re: Hiding
      • From: Philip George <email@hidden>
References: 
 >Re: Serial number verification / obfuscation (was: Re: Hiding (From: Andrew Merenbach <email@hidden>)

  • Prev by Date: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Next by Date: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Previous by thread: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Next by thread: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Index(es):
    • Date
    • Thread