I dare to say that your conclusions are wrong:
1. It's not a protection if it can be breaked by patching a single
opcode. There should be no check: true or false. You should use a
submitted info (syncName or FlashID) as a key or password to decrypt
a vital information, eg initiating the code.
2. Flashable - why can't your application be located in Flash and use
dynamically allocated memory or even stack to copy crypted code
there, decrypt it and make a call.
Again you can find an illustration on http://klyatskin.da.ru Code is
flashable while it is crypted and self-modifying.
I do advise you to have a look at
http://x4.dejanews.com/=hotbot/getdoc.xp?AN=464434822&CONTEXT=92522056
8.1207566347&hitnum=10
there is my reply to some opponents. You could find it to be useful.
Regards,
Constantine
http://klyatskin.da.ru
----------------------------
Date: 27 Apr 1999 08:55:00 -0700From: Richard Hartman
<[EMAIL PROTECTED]>
Subject: RE: FYIAt the end of almost all protection schemes will
be a test -- did (whatever algorithm I chose) pass
or fail. You don't have to attack, or even understand,
the protection algorithm used if you can just change
the sense of that test by patching one opcode.
Of course, the protection mechanism could work
by actually encrypting the code and get around
that hole -- but then it would not be flashable
---------------------------
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
