Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
- Subject: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
- From: Greg Parker <email@hidden>
- Date: Wed, 24 Feb 2010 17:41:54 -0800
On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
> On 24 Feb 2010, at 22:57, Michael A. Crawford wrote:
>> Part of your response suggests that if there was an existing framework that was openly available, it wouldn't do me any good because the bad guys would have the source code.
>
> I disagree. If it's based on a tried and tested (and occasionally formally verified) crypto system, knowing the algorithm doesn't lead to a crack. Weaknesses would come through bugs in the framework (or incorrect application of it), and the more people who can see the source the greater chance there is that good people as well as bad can find the issues. Good people fix 'em.
Except in the standalone piracy-prevention case, the algorithm is already known to be broken. Formally, the attacker already has in hand all of the information they need: they have the executable and all of the data accessed by the executable. The only information the attacker lacks is the algorithm. Once they know the algorithm, they know how to rewrite your executable to bypass the protection system.
The only solutions to that are (1) hide information from the attacker in a place they cannot see, like a server you control or a piece of tamper-proof "trusted" hardware, or (2) obfuscate the algorithm and the executable and hope the attacker gives up before solving the puzzle.
--
Greg Parker email@hidden Runtime Wrangler
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden