• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: executable obfuscator?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: executable obfuscator?


  • Subject: Re: executable obfuscator?
  • From: Laurence Harris <email@hidden>
  • Date: Mon, 11 Dec 2006 01:44:21 -0500


On Dec 10, 2006, at 9:54 PM, David Alger wrote:


On Dec 10, 2006, at 3:28 PM, leenoori wrote:

El 10/12/2006, a las 21:52, Andy O'Meara escribió:

Steve, assuming you're willing expend a level that yields a pretty high bang for the buck, below is some simple stuff that our company does. Our software targets both Mac OS and Windows, so the stuff that we do has to be maintenance free as well as cross-platform. The big picture is block entry-level crackers, and as Steve pointed out, you'll never be able to stop determined blackbelt crackers. To us, this is a winning strategy since entry-level crackers are typically teenager-types that give up if it's not an easy crack. The blackbelts are professional software guys by day and are considerably fewer in numbers (so you have to have a big big product to get their attention). By definition, the blackbelt's time is worth money, so as long as you make it a PITA for them and your title isn't a must-have, they'll move on to something else.

Couldn't agree with you more on that.

(a) Lightly encrypt "telltale" strings (and decrypt them on demand) so that a cracker looking at the app's string table can't go any useful leads.

I thought about this, but decided against it due to the fact that it made working with localizations more cumbersome. How do you handle the issue of localization, Andy?

One thing you could do is:

Use numerical keys for all of your strings.
Encrypt all the strings in the .strings files.
Remove all the comments from released copies of your app.
Finally, use a macro similar to Andy's to load and decrypt strings.

It seems like this would add extra work for localizers, who typically use tools like iLocalize to localize applications. Those tools display the strings to be translated in the localizing applications interface for the localizer to translate. That's not going to work if you encrypt the strings.


I've been following this thread, and it seems reminiscent of premature optimization: a lot of work for an unknown benefit. I don't have any hard statistics to support my beliefs (and I don't know that anyone has hard numbers about revenues lost to hackers), but:

- I'm not worried about people who hack software so they can use it for free. Those are a tiny percentage of users. A much, much bigger issue is the practice of posting serial numbers they've hacked on the web for anyone and everyone to use. That only requires one person who is able to hack your application and willing to post hacked serial number and then anyone who lacks integrity can use your product for free.

- I'm inclined to believe that the majority of software being used without a valid license does not represent lost revenue. Many people who will use software for free wouldn't use it if they had to pay for it.

Okay, so maybe you can make a few people work a little harder, and you discourage some of the amateur hackers, but is the real benefit of that worth making a lot more work for yourself and your localizers?

Larry _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


  • Follow-Ups:
    • Re: executable obfuscator?
      • From: "Andy O'Meara" <email@hidden>
    • Re: executable obfuscator?
      • From: leenoori <email@hidden>
References: 
 >Re: executable obfuscator? (From: Greg Guerin <email@hidden>)
 >Re: executable obfuscator? (From: "Andy O'Meara" <email@hidden>)
 >Re: executable obfuscator? (From: leenoori <email@hidden>)
 >Re: executable obfuscator? (From: David Alger <email@hidden>)

  • Prev by Date: Re: executable obfuscator?
  • Next by Date: Re: Shared builds folder vs. trunk and branch builds: any better solutions?
  • Previous by thread: Re: executable obfuscator?
  • Next by thread: Re: executable obfuscator?
  • Index(es):
    • Date
    • Thread