home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.mac.programmer
- Path: sparky!uunet!munnari.oz.au!uniwa!cujo!NewsWatcher
- From: peter@cujo.curtin.edu.au (Peter N Lewis)
- Subject: Re: how to put indelible serial# in resource fork of app?
- Message-ID: <peter-230792103333@134.7.50.3>
- Followup-To: comp.sys.mac.programmer
- Sender: news@cujo.curtin.edu.au (News Manager)
- Organization: NCRPDA, Curtin University
- References: <Jul.20.17.18.21.1992.16265@gandalf.rutgers.edu> <1992Jul20.232738.21376@hobbes.kzoo.edu>
- Date: Thu, 23 Jul 1992 02:51:21 GMT
- Lines: 67
-
- In article <1992Jul20.232738.21376@hobbes.kzoo.edu>,
- k044477@hobbes.kzoo.edu (Jamie R. McCarthy) wrote:
-
- > It's pretty easy to make it "unchangeable." Make a routine that converts
- > a 32-bit number into a moderately long (say, a 32-byte) code. Make it
- > so ridiculously weird and complicated that no one will ever be able to
- > figure out what in the heck you're doing. Then have the app check to be
- > sure its code can be derived from a real 32-bit number; if so, that's
- > the serial number; if not, put up a nasty message and exit.
-
- Thats always a fun technique to break that one :-). A quick atb trap break
- in macsbug for the GetNewDialog call, ten seconds later you have the branch
- code that checks the validity of the code number, reverse that branch so it
- only puts up the dialog if the code number is CORRECT, and thats it. Then
- I delete the app, and sometimes I even mail the authors to thank them for
- the entertainment their program gave me :-)
-
- Now, please people if you want to write serial number type stuff here are
- some do's and don'ts:
-
- Do make it hard to crack - some of us enjoy a chalenge :-)
-
- Don't make it a pain to install - some of us don't like a chalenge :-)
-
- Don't make it a nightmare for network administrators who have to install
- dozens/hundreds of copies of your app - some of us hate a challenge! :-)
-
- If they must register to get the serial name that matches their name,don't
- screw up the spelling of their name! - some of us like our names spelled
- the way they are suppose to be (anyone heard of a preventatation research
- centre?)
-
- Don't make users enter something everytime the program runs - some of us
- want to use your program, not memorise code numbers
-
- Don't forget that any form of copy protection will likely get mentioned in
- review of your programs, and this may adversly affect sales.
-
- Don't waste network bandwidth on serial number checks - its not your
- network to be wasting the bandwidth on, you want to tie up a network, get
- your own.
-
- Do be pleasant about it - some of us are not to pleased to see acusing
- dialogs everytime we launch an app we paid good money for.
-
- For users: Don't pirate software, and pay for shareware - some of us want
- to eat.
-
- ObProgramming: One way to make life difficult for crackers is to use the
- serial number to encryp a code resource - store the user's name, and the
- users serial number in the data fork, display it in the startup dialog, and
- use it to decrypt vital code resources. Then, checksum the code and if its
- not right, put up an alert - that way, even if the branch is removed the
- program will just crash (serves those nasty crackers right :-). Of course,
- the virus detectors will probably blow their tops if you go around hacking
- with Code Resources. Aside from which people will quite probably want to
- run a single copy of the app off a locked file server... And for heavens
- sake turn macsbug name generation off before you compile it! I have seen
- several commercial apps with names turned on in their code checking code,
- pretty impressive guys :-)
-
- Have fun all,
- Peter.
-
- _______________________________________________________________________
- Peter N Lewis, NCRPDA, Curtin University peter@cujo.curtin.edu.au
- GPO Box U1987, Perth WA 6001, AUSTRALIA FAX: +61 9 367 8141
-
