Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
- Subject: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
- From: Jens Alfke <email@hidden>
- Date: Wed, 24 Feb 2010 17:40:29 -0800
On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
I disagree. If it's based on a tried and tested (and occasionally
formally verified) crypto system, knowing the algorithm doesn't lead
to a crack. Weaknesses would come through bugs in the framework (or
incorrect application of it), and the more people who can see the
source the greater chance there is that good people as well as bad
can find the issues. Good people fix 'em.
This is all completely true … for cryptosystems and actual security
code. But as I said, DRM is not real security, not on an open
platform. It doesn't matter what kind of fancy algorithms your DRM
code uses if the hacker can simply open the app in a hex editor and
replace it with NOP instructions. (And no, code signing does not
prevent this. The hacker just has to patch out the code that checks
the signature.)
In this situation, what counts isn't the strength of the algorithm but
how hard it is to find the machine code that implements it. So
obscurity wins.
Things are different on a closed platform like the iPhone OS, where
you can't mess with code on the device, and where you can't disable
the DRM checks because they're in the OS itself. [Yes, modulo
jailbreaking the device.]
—Jens_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden