The Nest
Explore
0 
From ygingras@ygingras.net  Wed Sep  4 18:59:01 2002
Return-Path: <ygingras@ygingras.net>
Delivered-To: yyyy@localhost.spamassassin.taint.org
Received: from localhost (jalapeno [127.0.0.1])
	by jmason.org (Postfix) with ESMTP id 821DE16F49
	for <jm@localhost>; Wed,  4 Sep 2002 18:58:53 +0100 (IST)
Received: from jalapeno [127.0.0.1]
	by localhost with IMAP (fetchmail-5.9.0)
	for jm@localhost (single-drop); Wed, 04 Sep 2002 18:58:53 +0100 (IST)
Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com
    [66.38.151.27]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id
    g84HOPZ12385 for <jm@jmason.org>; Wed, 4 Sep 2002 18:24:25 +0100
Received: from lists.securityfocus.com (lists.securityfocus.com
    [66.38.151.19]) by outgoing.securityfocus.com (Postfix) with QMQP id
    3E30AA35FF; Wed,  4 Sep 2002 10:55:38 -0600 (MDT)
Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <secprog.list-id.securityfocus.com>
List-Post: <mailto:secprog@securityfocus.com>
List-Help: <mailto:secprog-help@securityfocus.com>
List-Unsubscribe: <mailto:secprog-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:secprog-subscribe@securityfocus.com>
Delivered-To: mailing list secprog@securityfocus.com
Delivered-To: moderator for secprog@securityfocus.com
Received: (qmail 4415 invoked from network); 4 Sep 2002 10:36:32 -0000
Content-Type: text/plain; charset="iso-8859-15"
From: Yannick Gingras <ygingras@ygingras.net>
To: secprog@securityfocus.com
Subject: Re: Secure Sofware Key
Date: Wed, 4 Sep 2002 06:52:07 -0400
User-Agent: KMail/1.4.2
References: <20020829204345.91D1833986@LINPDC.eclipsys.qc.ca>
    <20020903192326.C9DA533986@LINPDC.eclipsys.qc.ca>
    <002c01c253c3$5d522d70$740aa8c0@fmmobile>
In-Reply-To: <002c01c253c3$5d522d70$740aa8c0@fmmobile>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <200209040652.07546.ygingras@ygingras.net>

> Software vendors have been trying since forever to prevent software piracy.
> Remember when you had to enter a specific word from a specific page of the
> software manual, which was printed on dark maroon paper so that it could
> not be photocopied?  Didn't work.  Propritery encoding of DVD's?  Didn't
> work. Software that required the use of a registration key?  Didn't work. 
> Windows XP was shipped with this supposedly revolutionary method for
> stopping piracy, and what happened?  How long was it before the code was
> cracked? How many keygens are there for Windows XP?  Is someone running a
> pirated version of XP really going to use Windows Update to installed a
> service pack which breaks their OS?  Just because M$ didn't include the
> change in their README?  Fat chance.

My problem is not the same as MS's one, I don't have to deal with millions of 
identical copy of the same CD with propably millions of working keys.  Each 
download can be unique with a small preparation delay.  The key generator is 
a problem only if multiple keys are usable.  If the end users are teenagers, 
you'll face a huge wall when asking to be 100% of the time online but if we 
think of something like a health care system that keep track of patients 
personnal information, the end user will be willing to take every possible 
steps to protect the system from his own employees to use illegaly.

I agree with all of you that mass production CDs will not be safe from piracy 
in a near futur.  That can be seen as a collateral of mass market 
penetration.

BTW thanks for all of you who provided interestiong insight.  I'm playing with 
gdb's dissassembler now but I don't think it's what a typical cracker would 
use.  Any hints on UNIX cracking tools ?

Thanks.

-- 
Yannick Gingras
Coder for OBB : Onside Brainsick Bract
http://OpenBeatBox.org