Jason Dawes wrote:
>
> At 10:15 AM 6/9/99 -0700, you wrote:
> >
> >I still don't see the point of this. Presumably after you've done all
> >this magic, you make some decision: did the regcode check out ok or
> >not? A cracker just needs to find this bit of logic and make it look
> >like the decision came out "ok". Alternatively, he can find the place
> >where you start the regcode process and branch around the whole thing.
> >Or am I missing something?
>
> Yes. More sophisticated registration checking code uses algorithms the
> program itself depends on. If the algorithms are changed, the program
> itself doesn't work correctly. You simply check the result (non boolean)
> of an function with predetermined inputs. This can make cracking the
> program much more difficult.
Sorry, I still don't get it. Whatever code does the registration
checking can just be avoided by judiciously placed branch instructions.
I suppose you can make it harder to find the right place to put the
branch that will avoid the reg code checking without affecting other
parts of the program, but I can't see how it can be made terribly
difficult in any case. If you're calling a function that is a necessary
part of the program logic and checking the result, a cracker wouldn't
patch the function itself, but the one (or more) calls to that function
that affect only the reg code decision.
--Mark
