Re: executable obfuscator?
Re: executable obfuscator?
- Subject: Re: executable obfuscator?
- From: Laurence Harris <email@hidden>
- Date: Mon, 11 Dec 2006 13:56:35 -0500
On Dec 11, 2006, at 12:07 PM, Mike Blaguszewski wrote:
I don't think you need to go so far as to encrypt the
whole .strings file. There's probably only a few strings that are
directly tied to your anti-piracy code, and for these you can either:
1. Load them ahead of time and cache them someplace
2. Store the literal string encrypted somewhere, decrypt it a
runtime, and then pass it to NSLocalizedString() or the Carbon
equivalent. This means genstrings won't handle it, but that only
impacts you, not the localizers.
3. When possible, keep the strings in nibs (though this may be more
susceptible to runtime analysis).
Also remember that we're talking obfuscation, not real encryption.
XOR or similar is probably fine.
Finally, though it's a bit off-topic for xcode-users, I did want to
mention that one of my coworkers has written a very good essay on
shareware piracy:
"The Plain Truth About Piracy"
<http://www.ambrosiasw.com/news/old_newsletter.php?id=34059>
An excerpt:
And for the last 2 days, starting right after we posted the latest
update to Snapz Pro X, our server has been very busy. Out of the
194 different hosts that tried to renew a license code, 107 of
them sent in pirated codes. Incredibly, more than 50% of the
people installing the update are entering one or both of the
pirated codes we've known about for months. Some of these people
even tried several different variants on the names when the server
refused them access ("maybe I misspelled it"), and one guy got so
frustrated he pounded the Renew button over and over every 4
seconds ("WHY click IS click THIS click NOT click WORKING???")
until our server blacklisted him for flooding.
We do the same thing and we see the same results, though the
percentage of pirate serial numbers isn't nearly that high. I can
only guess that people are a little more willing to pay for something
they find useful -- even butt-saving at times -- than they are for a
game. Whatever the reason, it seems to be the case that the real
weapon here is expiring registration codes, not obfuscation. Is there
any evidence to suggest that obfuscating strings would provide a
measurable level of improvement to this scheme?
Larry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden