• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .

  • Subject: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
  • From: Graham Lee <email@hidden>
  • Date: Thu, 25 Feb 2010 01:47:20 +0000
On 25 Feb 2010, at 01:41, Greg Parker wrote:

> On Feb 24, 2010, at 5:27 PM, Graham Lee wrote:
>> On 24 Feb 2010, at 22:57, Michael A. Crawford wrote:
>>> Part of your response suggests that if there was an existing framework that was openly available, it wouldn't do me any good because the bad guys would have the source code.
>>
>> I disagree. If it's based on a tried and tested (and occasionally formally verified) crypto system, knowing the algorithm doesn't lead to a crack. Weaknesses would come through bugs in the framework (or incorrect application of it), and the more people who can see the source the greater chance there is that good people as well as bad can find the issues. Good people fix 'em.
>
> Except in the standalone piracy-prevention case, the algorithm is already known to be broken. Formally, the attacker already has in hand all of the information they need: they have the executable and all of the data accessed by the executable. The only information the attacker lacks is the algorithm. Once they know the algorithm, they know how to rewrite your executable to bypass the protection system.

They don't even need to know the algorithm, if they have access to kernel memory - at some point the code has to end up in a state the OS can execute. Believing that DRM provides confidentiality is the most common "incorrect application" I come across :-)

Graham.
--
Graham Lee
http://blog.securemacprogramming.com/
http://www.mac-developer-network.com/category/columns/security/

_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Looking for info on anti-piracy and trial-mode techniques for my app . . . (From: "Michael A. Crawford" <email@hidden>)
 >Re: Looking for info on anti-piracy and trial-mode techniques for my app . . . (From: "Paul Sanders" <email@hidden>)
 >Re: Looking for info on anti-piracy and trial-mode techniques for my app . . . (From: "Michael A. Crawford" <email@hidden>)
 >Re: Looking for info on anti-piracy and trial-mode techniques for my app . . . (From: Graham Lee <email@hidden>)
 >Re: Looking for info on anti-piracy and trial-mode techniques for my app . . . (From: Greg Parker <email@hidden>)

  • Prev by Date: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
  • Next by Date: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
  • Previous by thread: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
  • Next by thread: Re: Looking for info on anti-piracy and trial-mode techniques for my app . . .
  • Index(es):
    • Date
    • Thread