Am 29.08.2006 um 17:35 schrieb Frank:
Mathieu Langlois wrote:
I think the reason for obfuscation is serial number theft. At least
that's what monkeybread recommends it for. So that the serial number
can't be extracted easily from a compiled app, which is easy if the
serial number is not obfuscated in code, else it will appear in plain
text that can be searched with an hex editor. Including the customer
information in the serial number will not prevent that kind of theft.
You may find this 2002 article written by Ambrosia interesting and
relevant.
....
When I finally contacted Andrew, I said to him one word:
"Polynomials".
That's why I proposed some time ago to use public-private key
cryptography.
This technique is probably near by Polynomials.
Based on Cocoa, we've implemented such a schema, which is composed of
two
parts: A runtime code verifier and a gode generator to be use by us.
This technique isn't strong against hacking the binary code
verification code,
but it is strong enough to not enable third parties to generate new
codes.
At least, the process of generating a new code requires hacking the
compiled
binary.
While ObjC is really nice for writing app, it's very nice too, to find
and patch message signatures and message dispatching.
Thus, we've developed a technique based on pure C code, which makes it
at least more complicated to verify, what's going on inside the app.
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
