Re: executable obfuscator?
Re: executable obfuscator?
- Subject: Re: executable obfuscator?
- From: Laurence Harris <email@hidden>
- Date: Mon, 11 Dec 2006 01:44:21 -0500
On Dec 10, 2006, at 9:54 PM, David Alger wrote:
On Dec 10, 2006, at 3:28 PM, leenoori wrote:
El 10/12/2006, a las 21:52, Andy O'Meara escribió:
Steve, assuming you're willing expend a level that yields a
pretty high bang for the buck, below is some simple stuff that
our company does. Our software targets both Mac OS and Windows,
so the stuff that we do has to be maintenance free as well as
cross-platform. The big picture is block entry-level crackers,
and as Steve pointed out, you'll never be able to stop determined
blackbelt crackers. To us, this is a winning strategy since
entry-level crackers are typically teenager-types that give up if
it's not an easy crack. The blackbelts are professional software
guys by day and are considerably fewer in numbers (so you have to
have a big big product to get their attention). By definition,
the blackbelt's time is worth money, so as long as you make it a
PITA for them and your title isn't a must-have, they'll move on
to something else.
Couldn't agree with you more on that.
(a) Lightly encrypt "telltale" strings (and decrypt them on
demand) so that a cracker looking at the app's string table can't
go any useful leads.
I thought about this, but decided against it due to the fact that
it made working with localizations more cumbersome. How do you
handle the issue of localization, Andy?
One thing you could do is:
Use numerical keys for all of your strings.
Encrypt all the strings in the .strings files.
Remove all the comments from released copies of your app.
Finally, use a macro similar to Andy's to load and decrypt strings.
It seems like this would add extra work for localizers, who typically
use tools like iLocalize to localize applications. Those tools
display the strings to be translated in the localizing applications
interface for the localizer to translate. That's not going to work if
you encrypt the strings.
I've been following this thread, and it seems reminiscent of
premature optimization: a lot of work for an unknown benefit. I don't
have any hard statistics to support my beliefs (and I don't know that
anyone has hard numbers about revenues lost to hackers), but:
- I'm not worried about people who hack software so they can use it
for free. Those are a tiny percentage of users. A much, much bigger
issue is the practice of posting serial numbers they've hacked on the
web for anyone and everyone to use. That only requires one person who
is able to hack your application and willing to post hacked serial
number and then anyone who lacks integrity can use your product for
free.
- I'm inclined to believe that the majority of software being used
without a valid license does not represent lost revenue. Many people
who will use software for free wouldn't use it if they had to pay for
it.
Okay, so maybe you can make a few people work a little harder, and
you discourage some of the amateur hackers, but is the real benefit
of that worth making a lot more work for yourself and your localizers?
Larry _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden