>> I'm writing a 64-bit only app. Any pointers on where I can find info on >> obfuscation? > > > <http://unsanity.org/archives/000101.php>
In addition to that, don't even think about doing your checks in objective-C. It's just too easy to hack around, and if somebody's dedicated to cracking you, it's an easy entry point. So do it all in C. It's much tougher to crack into. Once you've written it all in C, then convert it all to a C macro instead. That makes it excruciatingly difficult to find it. And, at that point, there is no if statement to crack - the macro duplicates the code all over the app, so even if somebody hacked into the assembly and switched it in one place, you've still got unaltered checks all over the rest of the place. Raw C executes pretty fast, so you can pepper your app with it. In completely unrelated methods, even, just to spread out the checks everywhere. Wanna get really hardcore? Write 3 different versions of your validation macro and vary which one you use. That's now 3 different blocks of assembly that the black hat is going to have to decipher, disassemble, and hack to get inside. Sound like too much trouble to you? Well, then security really isn't that important anyway. :-) Just remember - it's always an arms race, and the more time you spend writing security functionality for your application, the less time you're spending actually developing the stuff that the user cares about. No end user is going to be impressed at all with your app that so securely locks them down to a single machine and if that gives your competition time to catch up with a better feature set, you're in big trouble. Oh, I also wrote up an article with my experience in doing some of this stuff a few years ago. Doesn't specifically address tying to the hardware, but may be useful for general pointers, too: http://www.jimandkoka.com/m.cgi/Journal.mchn?state=display_entry&journal_entry_id=283 -Jim.... _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
