[extropy-chat] FWD (SK) RFC: copy protection report

Eugen Leitl eugen at leitl.org
Thu Dec 1 17:04:25 UTC 2005


On Thu, Dec 01, 2005 at 10:43:00AM -0600, Acy Stapp wrote:

> Online unlocking can be defeated by capturing the decrypted code using
> SoftICE or a hardware in-circuit emulator. There are numeroues methods

Of course. You can't defeat these attacks my means other than
keying to DRM in the CPU (not quite there yet but in game consoles,
and a few notebooks).

However, this defeats the "just burn me a copy" and "keygen serialz, d3wd!"
kinds of attack. And customers react way less grumpy to online unlocking 
than to chains of dangling dongles.

> for detecting SoftICE and other debuggers, but in the end your only
> solutions are to use an off-the-shelf copy protection package and

No, I would just let the installer pull a critical part of the
code from a remote server after authentication. Easy, and pretty
difficult to defeat. Extra points for computing a hardware fingerprint,
and generate that code server-side as-u-wait (works especially well 
for firmware).

> accept that you will be cracked or develop your own copy protection,
> and expect to be cracked unless you hire an expert to develop it
> specifically for your product.

You wrote the application in the first place. Why do you need an 
expert for online unlockin? A child of ten could program it.

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20051201/1d5f7187/attachment.bin>


More information about the extropy-chat mailing list