On 24 Dec 2000, Paul Crowley wrote:
>"Trivial" is overstating it, I think. I've seen dongle-based license
>code designed such that if you tried modifying the code to skip the
>dongle check, the program's pointer arithmetic would go screwy and it
>would crash in horrible ways.
That is one of many, many ways to make code difficult to crack. Few ordinary
coders would believe the kind of pipe dreams some people can come up with
when they really want nobody to mess with their code - for instance,
actually emulating the microprocessor with a totally malformed statemachine
and running the code on top of that. Or letting some asynch parallel
process (like DMA) rewrite the code and rely on timing gimmicks to give the
right version just as the program counter crosses the modified code (so that
to debug, you would need to have a debugger which virtualizes everything
perfectly - a rarity; dedicated people roll their own as they go,
naturally). Anything. Compared to measures of that sort, what you're
describing indeed sounds rather tame.
In fact, you would not believe the kind of morality boost that sort of
thing gives to a hacker, with hacker taken in the original sense of the
word. I've seen people go on for 48 hours straight pounding the stuff
simply because it reads like a challenge and then discard the puzzle after
it's solved. There are plenty of capable coders around, and more in line
should copy protection once again become a widespread nuisance. So I'm
pretty much sure all software short of provably secure will end up being
circumvented. The rest will be patched, with patches distributed online.
Tamper proof hardware is the only solution and as everybody knows, it's not
exactly fool-proof either.
Sampo Syreeni <[EMAIL PROTECTED]>, aka decoy, student/math/Helsinki university
