• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Serial number verification / obfuscation (was: Re: Hiding
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Serial number verification / obfuscation (was: Re: Hiding

  • Subject: Re: Serial number verification / obfuscation (was: Re: Hiding
  • From: j o a r <email@hidden>
  • Date: Sun, 28 Jul 2002 11:19:24 +0200
On Sunday, Jul 28, 2002, at 08:13 Europe/Stockholm, Andrew Merenbach wrote:

Is there a consensus on which is "safer," i.e. more hack-proof?

None of these methods are hack-proof to any extent that matters. People will either:
1) Distribute the serial numbers, or create a serial number generator
2) Patch the code that verifies the serial number

I have yet to find an application that isn't available on the Internet through either of these methods.
If you put a lot of effort in protecting the serial numbers, then the hackers will patch the code that checks for the serial number, case closed.
I don't think that any attempt to obfuscate the code would have any serious impact on the time required for someone to patch an application, but I could be wrong?

The only successful approach that I have seen to work for years without being hacked, is to rip out some of the functionality of the application and provide it as an online service. Since the server side binary is not available for the hackers to run through the debugger, it's probably impossible to patch like you would patch the client side binary. After that you'd "only" have to care about the security of the machines running the server app from the network... :)

Now - before you tell me - I know that forcing the users to be online at all times might not be an acceptable solution today, but that is something that could change over the next few years.

There is actually yet another way to prevent an application from being patched that is available in at least one big commercial application today. Unfortunately I'm not allowed to talk about it - but it would be interesting if someone else could think of it and bring it to this discussion. There's a challenge for you! :)

j o a r

Btw. Didn't we have this discussion just a couple of weeks ago?
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: Serial number verification / obfuscation (was: Re: Hiding
      • From: Jason Howk <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding
      • From: Daryn <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding
      • From: Ondra Cada <email@hidden>
    • Re: Serial number verification / obfuscation (was: Re: Hiding
      • From: Wade Tregaskis <email@hidden>
References: 
 >Re: Serial number verification / obfuscation (was: Re: Hiding (From: Andrew Merenbach <email@hidden>)

  • Prev by Date: Re: OT: View/subview setup [Was: Re: (got it) lower-right origin on NSView?]
  • Next by Date: Fwd: NSTableView rows and delete key
  • Previous by thread: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Next by thread: Re: Serial number verification / obfuscation (was: Re: Hiding
  • Index(es):
    • Date
    • Thread