[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <66743335-0E47-4443-B550-2BCC80A11A93@mac.com>
Date: Tue, 4 Dec 2007 07:06:52 -0500
From: Kyle Moffett <mrmacman_g4@....com>
To: Matti Aarnio <matti.aarnio@...iler.org>
Cc: Dan Kegel <dank@...el.com>, linux-kernel@...r.kernel.org
Subject: Re: Relax permissions for reading hard drive serial number?
On Dec 02, 2007, at 13:45:44, Matti Aarnio wrote:
> This lack of having stable(*) unique system identifier available to
> applications is one of the small details that make node locked
> commercial software delivery challenging thing in UNIX environments..
>
> *) "stable" as both stable data, and stable API to get it.
Well... There's that. There's also the fact that anybody with a
modicum of ASM programming skills can get clever with GDB and traces
from "Correct HW serial" and "Incorrect HW serial" can write a 10-
line GDB script to make it work regardless. I did something similar
with a popular FPS (which I legitimately own) on one of my Mac
systems after having left the DVD behind when going to a LAN party.
Addresses removed to protect the innocent^Wguilty, but they took
maybe 15 minutes to acquire:
break *END_OF_CDKEY_CODE_DECRYPTION
run
delete 1
advance *JUST_AFTER_CDKEY_CHECK
set $r3 = 0
detach
At some point every such "locked" computer program has code like this:
> if (program_is_not_authorized()) {
> display_nasty_dialog();
> exit(1);
> }
All it takes for somebody with a debugger is to identify the last
instruction of the "program_is_authorized()" function and change $r3
(or whatever return register your system uses) from a 1 to a 0. The
fact remains that once the software is running on *THEIR* computer
there is nothing you can practically do to forcibly prevent them from
using it in whatever fashion they desire. Typically if you price
your software reasonably people will be willing to pay for multiple
copies but there are no foolproof technical measures to enforce that
they do so.
Cheers,
Kyle Moffett
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists