At 12:28 PM 6/9/99 -0700, you wrote:
>Jason Dawes wrote:
>
>Sorry, I still don't get it.
Yeah, you do, you're just looking at it the wrong way. You're right what
you say that all this sort of scheme does is make things a little bit
harder - that's the point. Maybe you think cracking programs is fairly
easy - remember that a large percentage of the population doesn't. Look at
it the same way a marketing firm would: stastically, no-one understands
this stuff enough to crack any program. This is why most large software
firms just put a simple registration code in & sometimes even make you have
the CD in the machine. Any cracks that happen to turn up are random
aberations that probably fall under "shrinkage" and are either tax
deductable or make good insurance claims.
>Whatever code does the registration checking can just be avoided by
judiciously
>placed branch instructions.
>If you're calling a function that is a necessary part of the program logic
>and checking the result, a cracker wouldn't patch the function itself, but
>the one (or more) calls to that function that affect only the reg code
decision.
Adding things like a CRC check of the registration code within the code the
program depends on helps here, but it's a never ending game. You must also
take into consideration that _all_ security schemes increase complexity and
reduce speed. I guess you could say that a program that won't run is the
most secure.
>I suppose you can make it harder to find the right place to put the
>branch that will avoid the reg code checking without affecting other
>parts of the program, but I can't see how it can be made terribly
>difficult in any case.
This is the whole point of this sort of scheme - you don't make it
impossible, just harder. You're trying to make it so hard most crackers
give up in disgust.
However, you're never going to stump professional/obsessive crackers.
(Which is why most people are content with a lock on their doors & thats
about it - they know professional criminals are going to get in if they
want, they just try not to think about it)
