Re: Protecting Software w/ Software License Keys...
Re: Protecting Software w/ Software License Keys...
- Subject: Re: Protecting Software w/ Software License Keys...
- From: Jason Harris <email@hidden>
- Date: Mon, 17 Jun 2002 16:03:10 -0700
I haven't done this since the OS 8 days, but essentially, you used MacsBug
to break on a particular function call and then reverse-engineer from the
assembly language. I wrote a tutorial describing this process a long time
ago, and apparently, it's still kicking around on the web. I'm slightly
ashamed of myself now :)
http://www.google.com/search?hl=en&q=kool krack tutorial&btnG=Google+Sea
rch
Anyway, you'd need different tools now, but you could definitely do it with
a combination of gdb and ResEdit/Resorcerer.
Jason Harris (smeger, wheee)
Kyle Moffett Tried to Tell Me:
>
On Monday, June 17, 2002, at 06:13 PM, Jason Harris wrote:
>
> A cracker would completely ignore the whole public/private thing and
>
> find
>
> the spot where the function that checks 'em returns YES or NO. And
>
> change
>
> it so it always returns YES.
>
>
>
> You could encrypt part of your code and when serialized, provide a value
>
> that when hashed with the MAC gives the encryption key. But even
>
> then, a
>
> hacker would take a properly serialized version, let it unencrypt the
>
> code,
>
> and create a patch that replaces the encrypted code with the unencrypted
>
> code.
>
>
>
> It's just not worth the time you'd spend implementing this. Instead,
>
> develop something that _can_ be cracked, but that will get the majority
>
> of
>
> people to pay.
>
>
>
> Jason Harris
>
>
I am not very familiar with how to do this. If this is possible with C
>
code, then I
>
accept the validity of your argument. How would someone go about
>
changing
>
the function? Would it be done on disk? How would this be affected if
>
the code
>
was linked in statically vs. dynamically? Is there any way to protect
>
against this
>
kind of attack? Would inlining help at all? Could the processing
>
functions use
>
a macro that is compiled in, so the hacker would have to alter all of
>
the functions?
>
>
In any case, the goal is to prevent a simple serial from working on any
>
given system.
>
If a serious effort like this is required to crack it, then I'm
>
satisfied. I would rearrange
>
functions and memory addresses every release anyway, just to make it more
>
difficult to crack.
>
>
Thanks,
>
Kyle Moffett
>
_______________________________________________
>
cocoa-dev mailing list | email@hidden
>
Help/Unsubscribe/Archives:
>
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
>
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.