sjmachin at lexicon.net
Sat Jun 18 23:19:26 CEST 2005
Dennis Lee Bieber wrote:
> On 18 Jun 2005 07:48:13 -0700, "cpunerd4" <cpunerd4 at gmail.com> declaimed
> the following in comp.lang.python:
>>crackers have a harder time getting into compiled programs rather than
>>intepreted languages. I know hiding the code won't stop all crackers
> A good debugger in step mode can get into anything... At my
> college, those of us with the skills took less than 30 minutes to unlock
> the system assembler after it had been set to run on higher privileged
> accounts (the OS had numeric "priority" levels in accounts; students ran
> at 20 or 40, the assembler had been set to something like 50 to stop the
> troublemakers). Copy the executable to local, start under debugger,
> step through until the test for account priority was reached, change
> comparison... Voila, private copy of the assembler.
This unnamed OS didn't allow granting execute access but not read access?
I do agree with your main point however. Once you have read access to
the software, you can do pretty much what you like.
I recall a piece of software that was paid for on an annual licence fee
basis, and would stop working after a given date. The update sometimes
arrived late. Fortunately it was a trivial exercise to find the date
check in the "expired" executable and circumvent it. Debug in step mode?
How quaint and tedious! All one had to do was to put a Trojan
DLL-equivalent in the path; this contained a today()-equivalent function
that simply called the system debug function. Of course the authors
could have prevented that by dynamically loading the today()-equivalent
function directly from the manufacturer-supplied system-central
DLL-equivalent; my guess is that doing so would have prevented easy
testing of the "stop working" code on a shared machine where they
couldn't change the system date without upsetting other users, and it's
probable they were using a Trojan today()-equivalent gadget to supply
"old" dates for testing.
More information about the Python-list