• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Securely limit the running an application by serial number
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Securely limit the running an application by serial number

  • Subject: Re: Securely limit the running an application by serial number
  • From: Jim Thomason <email@hidden>
  • Date: Fri, 3 Jul 2009 15:26:50 -0500
>> I'm writing a 64-bit only app. Any pointers on where I can find info on
>> obfuscation?
>
>
> <http://unsanity.org/archives/000101.php>

In addition to that, don't even think about doing your checks in
objective-C. It's just too easy to hack around, and if somebody's
dedicated to cracking you, it's an easy entry point.

So do it all in C. It's much tougher to crack into.

Once you've written it all in C, then convert it all to a C macro
instead. That makes it excruciatingly difficult to find it. And, at
that point, there is no if statement to crack - the macro duplicates
the code all over the app, so even if somebody hacked into the
assembly and switched it in one place, you've still got unaltered
checks all over the rest of the place.

Raw C executes pretty fast, so you can pepper your app with it. In
completely unrelated methods, even, just to spread out the checks
everywhere.

Wanna get really hardcore? Write 3 different versions of your
validation macro and vary which one you use. That's now 3 different
blocks of assembly that the black hat is going to have to decipher,
disassemble, and hack to get inside.

Sound like too much trouble to you? Well, then security really isn't
that important anyway. :-)

Just remember - it's always an arms race, and the more time you spend
writing security functionality for your application, the less time
you're spending actually developing the stuff that the user cares
about. No end user is going to be impressed at all with your app that
so securely locks them down to a single machine and if that gives your
competition time to catch up with a better feature set, you're in big
trouble.

Oh, I also wrote up an article with my experience in doing some of
this stuff a few years ago. Doesn't specifically address tying to the
hardware, but may be useful for general pointers, too:

http://www.jimandkoka.com/m.cgi/Journal.mchn?state=display_entry&journal_entry_id=283

-Jim....
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Securely limit the running an application by serial number (From: Ammar Ibrahim <email@hidden>)
 >Re: Securely limit the running an application by serial number (From: Nick Zitzmann <email@hidden>)
 >Re: Securely limit the running an application by serial number (From: Ammar Ibrahim <email@hidden>)
 >Re: Securely limit the running an application by serial number (From: Nick Zitzmann <email@hidden>)

  • Prev by Date: Re: Securely limit the running an application by serial number
  • Next by Date: Re: Securely limit the running an application by serial number
  • Previous by thread: Re: Securely limit the running an application by serial number
  • Next by thread: Re: Securely limit the running an application by serial number
  • Index(es):
    • Date
    • Thread