On June 29, 2005 10:39 am, Erico Franco wrote:
> Yes for sure. Thinking that non-crack is a armlet feature is
> something strange. I just want to make my code more difficulty to
> debug as my own strategy.
Self-modifying code, encrypted code segments, and other wild tricks
could help there.
> ok, its is not impossible to disassemble it. But is more difficulty
> to disassemble it in armlet? it worths to take some man hours to do
> part of my *RegCode* in armlet?
I have a resource editor -on my handheld- which can disassemble and
modify individual opcodes in both m68k ('code') and ARM ('armc')
compiled code. Insert a NOP here, change a branch instruction there,
and in some cases it would be trivially easy to bypass registration
systems. I've done this to my own applications. I was very
dis-heartened and have switched to having two branches of my code. A
limited "demo" version (where code really does not exist to perform
"registered" actions), and a fully registered version that cripples
itself when beamed.
Limiting your registration system to ARM would leave a large percentage
of PalmOS users who use PalmOS 4 (and even 3!) in the lurch. Is
limiting yourself to new devices worth it? If you rely upon other
PalmOS 5 features (new sound manager, other ARM code, etc.) then
nevermind.
> I don't want to make a impossible to crack code, I just want to get
> statistics on my favor.
I believe Aaron Ardiri wrote a good article on how to write secure
shareware applications on PalmOS... I just can't for the life of me
find it back. It covered such topics as encrypted code segments,
multiple and diverse (i.e. not just a "if ( !MyIsRegisteredGlobal )"
checks) tests for registration, and a variety of other tidbits.
Yes, ARM code, being new, will not have as many crackers knowledgeable
in defeating it. However, careful design is a must - if your ARM
function simply returns true if the user is registered, and false
otherwise, a cracker would quickly figure out that they could replace
your entire code resource.
Debugging ARM code was (from what I can tell) a difficult task in the
past - but PalmSource has now come up with a true ARM
emulator/debugger, and if such a program gets into the hands of the
crackers...
--
Matthew Bevan, Systems Administrator
Top Floor Computer Systems Ltd.
--
For information on using the PalmSource Developer Forums, or to unsubscribe,
please see http://www.palmos.com/dev/support/forums/
