| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: johncybpk at gmx.net (johnny cyberpunk) Subject: Re: Reverse Engineering thoughts hi n30, what you are doing is not reversing the tool for security bugs, it's traditional cracking stuff. my opinion is, that this can't be reported directly as a security problem, but you can point out that they should improve there software with a harder copy protection, such as runtime binary encryption, anti-debugging stuff and so on. cheers, johnny cyberpunk / thc +++ no cock is as hard as life +++ public key: http://www.thc.org/keys/jcyberpunk.pub fingerprint: CB59 19F9 ABF2 781A 4E6C 0A43 F773 9106 BADA BF8C ----- Original Message ----- From: "n30" <n30_lists@...mail.com> To: <pen-test@...urityfocus.com>; <full-disclosure@...ts.netsys.com> Sent: Tuesday, January 06, 2004 7:36 PM Subject: Reverse Engineering thoughts > Hello Folks, > > Just wanted your opinion. > > Say I am pen-testing an application...It requires authentication credentials > to run. Also, the software has a demo mode & full version mode. > > Now using RE (Reverse engineering), I can change the ASM & create a small > patch file to bypass the auth & convert the demo mode to full version mode. > > Is this a security problem?? What should be my recommendation?? > > This is assuming that I work for a pen test firm & the company wants us to > test their product. So I should not be affected by DMCA?? Am i right?? > > Thanks in advance > -N > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- >
Powered by blists - more mailing lists