• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: executable obfuscator?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: executable obfuscator?


  • Subject: Re: executable obfuscator?
  • From: Laurence Harris <email@hidden>
  • Date: Mon, 11 Dec 2006 13:56:35 -0500


On Dec 11, 2006, at 12:07 PM, Mike Blaguszewski wrote:

I don't think you need to go so far as to encrypt the whole .strings file. There's probably only a few strings that are directly tied to your anti-piracy code, and for these you can either:
1. Load them ahead of time and cache them someplace
2. Store the literal string encrypted somewhere, decrypt it a runtime, and then pass it to NSLocalizedString() or the Carbon equivalent. This means genstrings won't handle it, but that only impacts you, not the localizers.
3. When possible, keep the strings in nibs (though this may be more susceptible to runtime analysis).


Also remember that we're talking obfuscation, not real encryption. XOR or similar is probably fine.

Finally, though it's a bit off-topic for xcode-users, I did want to mention that one of my coworkers has written a very good essay on shareware piracy:
"The Plain Truth About Piracy"
<http://www.ambrosiasw.com/news/old_newsletter.php?id=34059>


An excerpt:
And for the last 2 days, starting right after we posted the latest update to Snapz Pro X, our server has been very busy. Out of the 194 different hosts that tried to renew a license code, 107 of them sent in pirated codes. Incredibly, more than 50% of the people installing the update are entering one or both of the pirated codes we've known about for months. Some of these people even tried several different variants on the names when the server refused them access ("maybe I misspelled it"), and one guy got so frustrated he pounded the Renew button over and over every 4 seconds ("WHY click IS click THIS click NOT click WORKING???") until our server blacklisted him for flooding.

We do the same thing and we see the same results, though the percentage of pirate serial numbers isn't nearly that high. I can only guess that people are a little more willing to pay for something they find useful -- even butt-saving at times -- than they are for a game. Whatever the reason, it seems to be the case that the real weapon here is expiring registration codes, not obfuscation. Is there any evidence to suggest that obfuscating strings would provide a measurable level of improvement to this scheme?


Larry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


References: 
 >Re: executable obfuscator? (From: Greg Guerin <email@hidden>)
 >Re: executable obfuscator? (From: "Andy O'Meara" <email@hidden>)
 >Re: executable obfuscator? (From: leenoori <email@hidden>)
 >Re: executable obfuscator? (From: David Alger <email@hidden>)
 >Re: executable obfuscator? (From: Laurence Harris <email@hidden>)
 >Re: executable obfuscator? (From: "Andy O'Meara" <email@hidden>)
 >Re: executable obfuscator? (From: Mike Blaguszewski <email@hidden>)

  • Prev by Date: Re: executable obfuscator?
  • Next by Date: Re: OT: Re: executable obfuscator?
  • Previous by thread: Re: OT: Re: executable obfuscator?
  • Next by thread: Re: executable obfuscator?
  • Index(es):
    • Date
    • Thread