• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code signing
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code signing

  • Subject: Re: Code signing
  • From: glenn andreas <email@hidden>
  • Date: Tue, 23 Aug 2005 11:24:44 -0500

On Aug 23, 2005, at 11:14 AM, Brad Peterson wrote:

Hi,

What I was really looking for is a way to prevent
hacked copies of an app from circulating. I believe
there may be such versions available already, or
possibly an app that attacks any other apps that use
our licensing engine. (I can't prove it, though, so I
can't design around _a_ specific type of attack, as
yet.)


If there is a hacked version of the app out there, adding any sort of signature on the binary isn't going to do much but slow down the next version by a couple of days - they'll just hack out the "check signature" code in the app.

Plugin signing would be nice, too, but I was thinking
primarily of the main app and/or anything else. I was
hoping for a system-level service such that the user
could be prompted by the OS before running the app.

You know, "This application does not appear to match
its digitial signature. Continue?" or something along
those lines.


No such thing, sorry.


In my limited experience with code signing, the file
size, a CRC value, etc. are usually included with the
signature to prevent exactly the sort of thing I'm
trying to prevent.

Yes, I realize that to some extent, nearly every
system is hackable. I'm only looking for more stuff to
slow 'em down. ;)


Not going to really slow them down much, I'm sorry to say.

For fear of devolving into "yet another copy protection" thread (and trying to keep things Cocoa related) remember that the Cocoa runtime architecture is very open to run time modification. Personally, if I were to want to hack an application written in Cocoa I'd start by snooping through the macho file to get a feel for the classes, methods, and the like, and then inject code to modify it accordingly, resulting in something that doesn't touch the original binary at all.


Glenn Andreas                      email@hidden
 <http://www.gandreas.com/> wicked fun!
quadrium | build, mutate, evolve | images, textures, backgrounds, art

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Code signing

      • From: Bob Ippolito <email@hidden>
      • 





References: 


 >Re: Code signing (From: Brad Peterson <email@hidden>)






    

  • Prev by Date:
Re: Code signing

    • 

  • Next by Date:
Re: Float behaviour

    • 

  • Previous by thread:
Re: Code signing

    • 

  • Next by thread:
Re: Code signing

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •