AW: OT: locking software to one specific machine?

Jeff Massung massung at gmail.com
Thu Mar 4 14:57:16 EST 2010


On Thu, Mar 4, 2010 at 1:38 PM, Richard Gaskin
<ambassador at fourthworld.com>wrote:

> Jeff Massung wrote:
>
>  On Thu, Mar 4, 2010 at 1:18 PM, Richard Gaskin
>> <ambassador at fourthworld.com>wrote:
>>
>>
>> [... snip ...]
>>
>>
>>  Then write the inverse of the generator to validate your codes, but break
>>> up the validation into multiple handlers each doing a small part of it,
>>> using obscure function names strewn all over your code base with lots of
>>> red-herring handlers with similar names littered among them. Extra bonus
>>> points if the handlers you call also call others; the more the merrier.
>>>  Anyone tracing your code in a low-level debugger will find it far more
>>> annoying than it's worth.
>>>
>>
> ...
>
>  2. Don't follow the "Extra bonus points" recommendation. This is a *bad
>> idea*. You want these functions that check reg codes to be extremely small
>> and obfuscated.
>>
>
> I agree with everything else you wrote, and it seems very reflective of
> much of the Delphi Anti-Cracking FAQ, but on this I'm confused:
>
> It seems like we're saying the same thing about obfuscation. Or maybe I
> just wrote poorly.
>
> Having obscure, small handlers in your validation scheme calling other
> obscure, small handlers, some of which are are red-herrings, seems to only
> further obfuscate the code, no?
>
> At least, that was what I had intended to suggest. I think we're in
> agreement here, unless I misunderstand something.
>

Fundamentally, I this we are in agreement. My experience here has been that
calling out to any other code (even red herrings) just increases the number
of possible failure points that a cracker can hone in on... and they only
have to break one.

While you don't want to funnel the registration check into a single
location, you just as equally don't want to explode the code location of the
registration check as opposed to exploding the number of places where the
check is located.

Jeff M.

P.S. I like this thread... dunno why, but I really get into things like
this. ;-)



More information about the use-livecode mailing list