Hi Al, Good luck with your product. Licmax wishes it the best of success. We are willing to share ways and ideas on how to protect apps in general. After all, licmax's methods are public. But, there is more tot he picture than meets the eye. Licmax has a lot more to offer in terms of protection for its customers. What you see on the public site is just the beginning. We pretty much know most if not all the techniques of cracking an app. We try to make cracking an app a prohibitive task in terms of efforts, money and time. You'd have to sign up at licmax to see more of our methodologies.
We don't go to high schools or universities. We either pick a neutral location or use our own premise depending on availability of resources. The reason for choosing those is simply they have the patience and endurance and the reward is relatively high. This is not an educational program by any means though we give out lots of basic hints and techniques. It is serious challenge for them and us. Our methodologies involve techniques of making use of existing standards. We did not invent anything new yet. We just make it simpler for independent developers to make protection available for their applications in the marketplace. Sign Up at licmax.com and see more. On Apr 18, 12:03 am, Al Sutton <[email protected]> wrote: > I've tried to keep the AndAppStore product out of this discussion, but as > you've raised it there are a a big differences between the theoretical holes > mentioned in that thread and what I've actually done with your licmax secured > demo; My method of working around your system does not require me to modify > the application, whereas the methods detailed in that threat required > decompilation of the application, searching through the decompiled code for > how certain classes are used, following the flow of the decompiled version of > the application to ensure the usage is not vital to the applications > operation, removing the specific usage related to the license checking, then > recompiling the code. > > All solutions wholly embedded in the app can be circumvented by decompiling, > searching for usage, modifying the app, and recompiling (licmax included), > and it's the way the most commercial systems are cracked, but the method I've > used to circumvent licmax did not require me to modify the application in any > way, which makes things a lot easier for a software pirate and thus means it > can be pirated by more people because the skill set required to circumvent > licmax is a lot less than required to circumvent the AndAppStore solution. > > I'm not based in the US, so it would be difficult to speak at a High School > or College, but one thing I will say is that using high and college students > to verify the security of a solution isn't the best way to do it (otherwise > Apple would probably let high school & college students verify apps for the > app store). Those kind of competitions are great for getting innovate and > cool applications, but not so good for verify implementations as students > rarely have the kind of experience that is useful when looking for holes in > an application / library. > > Al. > -- > > * Looking for Android Apps? - Tryhttp://andappstore.com/* > > ====== > Funky Android Limited is registered in England & Wales with the company > number 6741909. > > The views expressed in this email are those of the author and not necessarily > those of Funky Android Limited, it's associates, or it's subsidiaries. > > On 18 Apr 2010, at 07:28, licmax wrote: > > > > > So you are trying to promote your own product that got discredited by > > engineers before it started! Read this thread: > >http://groups.google.com/group/android-developers/browse_thread/threa... > > Repeating word for word what other engineers mentioned about your > > (solution) does not necessarily apply to others. > > Perhaps you should learn more about and from licmax.com. It looks like > > your (solution) can benefit some. > > > licmax.com frequently sponsors application cracking tournaments among > > high school and college students. If you are interested in > > participating (perhaps as a guest speaker), licmax would extend an > > invitation to you. Tournaments are usually held from Friday till > > Sunday on premise. Let us know! > > > licmax.com helps application developers protect their products in the > > world marketplace for all platforms using industry standard > > algorithms. It basically relieves them from implementing their own > > licensing service - thats all. This way developers can concentrate on > > the functionality of their product, increase customer satisfaction, > > and maximize revenue. > > > On Apr 14, 10:12 pm, Al Sutton <[email protected]> wrote: > >> I'm guessing that as it took you over a week to reply you're still none > >> the wiser as to how I'm doing it, so let me re-iterate some important > >> points you seem to have missed; > > >> 1) I've not told you how I did it, so what makes you think your little > >> rant on crypto algorithms is relevant to what I've done? > > >> 2) A reference implementation serves as a "gold standard" by which other > >> implementations can be judged > >> (seehttp://en.wikipedia.org/wiki/Reference_implementation_(computing) ), > >> so as your "Gold Standard" implementation is vulnerable it's logical to > >> assume that all implementations will be vulnerable as they'll be based on > >> the RI. > > >> I'm still waiting for someone to send me an implementation so I can create > >> a video showing it pre and post-crack, but as I've not received one I'm > >> guessing that developers are choosing not to use your product. > > >> Al. > > >> -- > > >> * Looking for Android Apps? - Tryhttp://andappstore.com/* > > >> ====== > > >> Funky Android Limited is registered in England & Wales with the company > >> number 6741909. > > >> The views expressed in this email are those of the author and not > >> necessarily those of Funky Android Limited, it's associates, or it's > >> subsidiaries.On 15 Apr 2010, at 02:13, licmax wrote:Well, apparently you > >> don't have full grasp of whatlicmax.comis or > >> does. All I can tell you is do your homework and rtfm before making > >> claims.licmax.comgenerates license keys using widely used industry > >> standard one-way hash algorithms such as SHA-256, SHA-384, MD5, etc. > >> If you claim you can crack these algorithms, I'd suggest you post your > >> findings to the standards committees that take care of such algorithms > >> (http://www.nist.gov/itl/,http://www.itl.nist.gov/fipspubs/index.htm). > >> Again, the provided reference implementation is nothing but that. > >> Developers won't necessarily use the exact provided code where it > >> would be obvious to hackers. Each developer would implement their own > >> way and strategy to achieve verification goal. You don't seem you know > >> the difference between RI and client library.licmax.comhelps application > >> developers protect their products in the > >> world marketplace using industry standard algorithms. It basically > >> relieves them from implementing their own licensing service - thats > >> all. This way developers can concentrate on the functionality of their > >> product, increase customer satisfaction, and maximize revenue. > >> On Apr 5, 11:00 pm, Al Sutton <[email protected]> wrote:I made an > >> offer of anyone using licmax could send me their app and I would make a > >> video showing it working without a valid license, as yet I haven't > >> received a single request, which is why there has been no video posted, > >> but I'd be happy to do the same for whatever you consider to be a "secure" > >> example.Demos and reference implementation are only useful when they cover > >> most real world scenarios, so to put out a demo which, by you're own > >> admission is trivial to crack, is like trying to sell umbrellas by > >> providing people with samples that have no canvas.I suspected the method I > >> used would be completely undetectable, thanks for your confirmation. To me > >> this means that developers using your solution would not only be left > >> unsecured they would also be left unaware that piracy was happening. This > >> is the same situation they would be in if they didn't implement licmax, > >> and hence it would appear your product offers little if any benefit to > >> developers.Al.--* Looking for Android Apps? > >> -Tryhttp://andappstore.com/*======Funky Android Limited is registered in > >> England & Wales with the company number 6741909.The views expressed in > >> this email are those of the author and not necessarily those of Funky > >> Android Limited, it's associates, or it's subsidiaries.On 5 Apr 2010, at > >> 21:33, licmax wrote:Hi,licmax is a web-based license generation and > >> verification service, nota client library. Developers may implement use of > >> the service tovarying degrees of defense against piracy according to their > >> strategy.licmax' mechanism is neither proprietary nor undocumented. > >> Ourliterature clearly describes full details of the mechanism, > >> whichhappens also to be employed by other providers. It is our > >> technicalconviction that such a mechanism can be part of a robust > >> anti-piracysolution.The demos and reference implementations are merely > >> intended toexemplify fetching and verifying license keys. Cracking the > >> referenceimplementation binary is trivial. We clearly state its use is at > >> thediscretion of the developer.As for this specific piracy attempt cited > >> in the first post of thisdiscussion, we can confirm there has been no > >> compromise of licensekeys on our servers. The attempt clearly didn't > >> exercise theprinciples of licmax since there is no trace of the > >> perpetrator on oursystem. Our installed customer base regularly endures > >> piracy attemptsnone of which as has ever been successful.If you need > >> further guidance on the licmax strategy, please visit usatlicmax.comand > >> feel free to contact us at [email protected] Regards,The licmax Team > > >> ... > > >> read more » > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Discuss" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/android-discuss?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Android Discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/android-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
