Well, apparently you don't have full grasp of what
licmax.com is or
does. All I can tell you is do your homework and rtfm before making
claims.
licmax.com generates license keys using widely used industry
standard one-way hash algorithms such as SHA-256, SHA-384, MD5, etc.
If you claim you can crack these algorithms, I'd suggest you post your
findings to the standards committees that take care of such algorithms
(
http://www.nist.gov/itl/ , http://www.itl.nist.gov/fipspubs/index.htm).
Again, the provided reference implementation is nothing but that.
Developers won't necessarily use the exact provided code where it
would be obvious to hackers. Each developer would implement their own
way and strategy to achieve verification goal. You don't seem you know
the difference between RI and client library.
licmax.com helps application developers protect their products in the
world marketplace using industry standard algorithms. It basically
relieves them from implementing their own licensing service - thats
all. This way developers can concentrate on the functionality of their
product, increase customer satisfaction, and maximize revenue.
On Apr 5, 11:00 pm, Al Sutton <
[email protected]> wrote:
I made an offer of anyone using licmax could send me their app and I would make a video showing it working without a valid license, as yet I haven't received a single request, which is why there has been no video posted, but I'd be happy to do the same for whatever you consider to be a "secure" example.
Demos and reference implementation are only useful when they cover most real world scenarios, so to put out a demo which, by you're own admission is trivial to crack, is like trying to sell umbrellas by providing people with samples that have no canvas.
I suspected the method I used would be completely undetectable, thanks for your confirmation. To me this means that developers using your solution would not only be left unsecured they would also be left unaware that piracy was happening. This is the same situation they would be in if they didn't implement licmax, and hence it would appear your product offers little if any benefit to developers.
Al.
--
* Looking for Android Apps? - Tryhttp://andappstore.com/*
======
Funky Android Limited is registered in England & Wales with the company number 6741909.
The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries.
On 5 Apr 2010, at 21:33, licmax wrote:
Hi,
licmax is a web-based license generation and verification service, not
a client library. Developers may implement use of the service to
varying degrees of defense against piracy according to their strategy.
licmax' mechanism is neither proprietary nor undocumented. Our
literature clearly describes full details of the mechanism, which
happens also to be employed by other providers. It is our technical
conviction that such a mechanism can be part of a robust anti-piracy
solution.
The demos and reference implementations are merely intended to
exemplify fetching and verifying license keys. Cracking the reference
implementation binary is trivial. We clearly state its use is at the
discretion of the developer.
As for this specific piracy attempt cited in the first post of this
discussion, we can confirm there has been no compromise of license
keys on our servers. The attempt clearly didn't exercise the
principles of licmax since there is no trace of the perpetrator on our
system. Our installed customer base regularly endures piracy attempts
none of which as has ever been successful.
If you need further guidance on the licmax strategy, please visit us
at licmax.com and feel free to contact us at [email protected].
Kind Regards,
The licmax Team
On Mar 30, 12:07 am, Al Sutton <[email protected]> wrote:
Given the amount of emails the LicMax guys have put to the list I thought it would be worth trying their solution and it took me all of 20 minutes from the moment I downloaded their demo to having it falsely report that the demo application was permanently authorised (I actually could get it to report whatever I wanted, but going from unauthorised to permanently authorised seemed a good demo).
I've nothing against competition, but when we're talking about a fundamental aspect of developers income (i.e. anti-piracy measures), I have little time for badly thought out solutions that aren't hard to break.
If anyone has a LicMax secure application and they'd like to confirm that what I've done will unlock their app then please send me the APK (off-list of course), and I'll make a video available showing a "before" and "after" video showing the normal application state and the post-break application state. I'm only going to do 1 app so that it can be independently verified, I'm not going to start showing everyone the same thing for different apps.
And no, I'm not going to make public how I did it. I'm not interested in helping people crack protection systems, I'm only interested in ensuring developers don't start using sub-standard solutions.
And yes, the method I used would work for other platforms they support.
Al.
--
* Looking for Android Apps? - Tryhttp://andappstore.com/*
======
Funky Android Limited is registered in England & Wales with the company number 6741909.
The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries.
--
You received this message because you are subscribed to the Google Groups "Android Discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group athttp://groups.google.com/group/android-discuss?hl=en.
--
You received this message because you are subscribed to the Google Groups "Android Discuss" group.
To post to this group, send email to
[email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-discuss?hl=en.
