Re: Serial number verification / obfuscation
Re: Serial number verification / obfuscation
- Subject: Re: Serial number verification / obfuscation
- From: Shawn Erickson <email@hidden>
- Date: Sun, 28 Jul 2002 12:52:28 -0700
On Sunday, July 28, 2002, at 12:32 PM, Andreas Monitzer wrote:
What about encrypting parts of the binary itself using some PGP-like
(well, reverse PGP) private key? The app can decrypt itself using a
public key into memory and run this code.
A cracker could store the memory snapshot to a file, but re-encrypting
the cracked code wouldn't work, because the private key is stored only
on the developer's machine.
He'd have to assemble the app partly from unencrypted disk data, the
hacked decryption code, and the part stored in memory only, which
sounds to me as if it would be faster to re-write the whole app.
You could even do it more complicated by storing and erasing parts of
the app depending on where the user is in the app (dialog-based for
example).
It wouldn't be hard for the hacker to add code just after the decrypt
routine that would patch your unencrypted code in RAM. Basically they
would extend the unencrypted part of your app to patch the encrypted
part after it was decrypted.
Now if this was a OS provided service... it could work because your
whole application could be encrypted and the memory space secured from
patching from outside.
-Shawn
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.