Re: time-based beta termination system
Re: time-based beta termination system
- Subject: Re: time-based beta termination system
- From: Sailor Quasar <email@hidden>
- Date: Thu, 24 Jul 2003 10:32:07 -0400
On Thursday, July 24, 2003, at 09:55 AM, Alex Curylo wrote:
A seasoned
cracker can pretty much circumvent any copy-protection you dream up
by liberally adding a few no-ops to the code instead of your
registration checks.
While 'tis true that anything that executes in memory is fundamentally
crackable, downloading necessary code fragments on the fly from your
secure
server over the Internet is a method that requires a hell of a lot
more work
to crack than "a few no-ops". More importantly, anyone capable of
doing it
almost certainly has more remunerative and/or interesting things to
spend
their time on.
With respect, I disagree that it's really that difficult. One need only
spy on the Net data streams (after decryption in the client software if
necessary), take that code, hack it, and use a firewall rule to
redirect requests for the secure server back to a local one set up for
the purpose. More work than some no-ops, yes, but hardly a catastrophic
toll of work either.
A solution to this would be to embed ten or so checksums (each based on
a different algorithim) into the code fragments that go over the net
(and each fragment being linked to the others only by the client
program), and to cross-check these sums against yet another set of data
from the server.
There are methods to breaking this as well. Circles exist within
circles existing within further circles, and eventually the security
question becomes mathematically chaotic in nature. In short, so long as
crackers exist, they can not be defeated except by dint of constant
effort, effort so constant that the developer would have no time to do
anything with the program itself. The security will quickly come to
encompass more code than the original intended program, and a module
developed by a third party for the purpose is useless because
uniformity is a prime weakness of secure systems. Even total hardware
support for every imaginable security measure can be broken by someone
with the resources and desire.
The practical outcome of the argument, then, is that one must do one's
level best and be resigned to deal with those who take the time to
break their programs.
-- Sailor Quasar, guardian of Leraz's memory
"A face of stone may hide a soul with the deepest Love of all"
Email: email@hidden
-- Sailor Quasar, just another player in The World
"Come with me in the twilight of the summer night for awhile"
Email: email@hidden
-- Sailor Quasar, High Codemaster of the Web, scourge of systems
cvs server: Updating Quasar/brain/caffiene
A pepsi
R coke
Email: email@hidden
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.