View Single Post
Old 05-05-2008, 05:05 PM
LibX LibX is offline
Join Date: Feb 2007
Location: The Netherlands
Posts: 118

Originally Posted by Andu View Post
It is not my intention to offend or bitch someone at this board. If that should have happened then I'm sorry.
No u didn't iam just stunned by the way your looking at application security

Originally Posted by Andu View Post
Let's say there would be a packer that hasn't been cracked then this should not be possible in my understanding (which may be wrong!).
Well in this case you are wrong, since u don't need to break a packer to make a patch or a memory load, its even easier then breaking the packer itself i hope u understand that now

Originally Posted by Andu View Post
My question to you is: What do you mean by a good security system if sourcecode is open and changeable (patchable)? It makes no sense for me to have any security system inside OS code and I think that you mean that I shall code my own packer/protector or something like this. Is that right?
Golden rule: U can ALWAYS modifiy the code no meter what packer or protector u use u can always make a normal or a inline patch or a memory loader (modifies the application in memory for example to make the good guy/bad guy jump)

The only possible protection is obfuscation, this doesn't prevent modifying the code its only to prevent people from being able to easily decompile and use your code, this same applies for packers/protectors.

Your task is to code a licensing system that once its obfuscated is hard to analyze, another possibility is to only provide people with a down loadable DEMO copy accept of a trial and provide a retail (Full and also with a good licensing system) when someone buys your software.
Another possibility is buying a commercial licensing system, but again u should extend this with self made checks or code otherwise is far to easy to analyze.

And this licensing system should make use of public key encryption (RSA-1024 or ECC crypto for example) otherwise u basically provide the cracker with the encryption key needed to keygen the software.

I hope this helps you understand the situation
There is really no need in putting so much time in picking a obfuscator or a protecor

Reply With Quote