• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Registering software
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Registering software

  • Subject: Re: Registering software
  • From: "Marcus S. Zarra" <email@hidden>
  • Date: Mon, 13 Mar 2006 12:56:49 -0700
I would have to disagree. Having every developer create yet another license scheme is really a waste of time. Yes there are ways to crack any license scheme out there. If you write a home grown scheme it can get cracked to. Obscurity is poor security.

There are quite a few applications that are using Aquatic Prime for their registration. My own applications use it and we have had great success with it.

The goal of a registration scheme is not to be 100% hack-proof. The goal is to make it difficult enough that the customer would rather purchase the software than try to steal it, but make it easy enough to register that the customer does not get frustrated enough to just hack it instead.

It boils down to whether you want to spend your time playing war with crackers or if you want to write your application.

This has strayed way off target. The OP wanted some suggestions and he has some. Not sure what additional point this thread would have to answering that question.

On Mar 13, 2006, at 11:53 AM, Finlay Dobbie wrote:

On 13/03/06, Marcus S. Zarra <email@hidden> wrote:
No registration schema is perfect. 

Of course.

What would your suggestion be for
a registration schema for an Objective-C/Cocoa application?


Something home-grown. Be creative.

BTW, I have yet to see an Aquatic Prime hack on the net. 

I have yet to see an app which uses Aquatic Prime. Perhaps they do
exist, I'm not really a follower of such things. However, I do
remember when it came out I whipped up a proof-of-concept hack in a
few minutes.

The Obj-C interface is obviously trivial to crack (say, inputmanager
which overrides the validation function and always returns
"registered" with a category, or something).

If you use the framework, you're also SOL (compile your own
AquaticPrime.framework which always says it's registered, and replace
the one in the binary with that).

Securest form is probably the static library "Carbon" implementation,
but even then it is fairly trivial to patch the binary (you know what
the implementation looks like in machine code, just do a find &
replace).

The whole thing about "RSA encryption" and suchlike is clearly irrelevant.

-- Finlay

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Registering software (From: "D.K. Johnston" <email@hidden>)
 >Re: Registering software (From: "Marcus S. Zarra" <email@hidden>)
 >Re: Registering software (From: "Finlay Dobbie" <email@hidden>)
 >Re: Registering software (From: "Marcus S. Zarra" <email@hidden>)
 >Re: Registering software (From: "Finlay Dobbie" <email@hidden>)

  • Prev by Date: Cocoaheads Lake Forest Meeting tomorrow, Mar 14, 2006
  • Next by Date: Re: Registering software
  • Previous by thread: [Moderator] Re: Registering software
  • Next by thread: Re: Registering software
  • Index(es):
    • Date
    • Thread