hi all...

I've been involved with reverse engineering for several years and it really is fun and one can learn a lot by reversing a single application. But most things we do are only for fun and learning and we don't have to take any responsibility for it.

I wonder what would happen if we had to develop a commercial software protection and sell it to some large corporations like Oracle or similar. Would any of us be ready for such an adventure? What if someone cracked our protection within a week - would we ever have the chance to be _cool_ reversers again?

I would like you to think about this, because every of us should ask himself/herself if he/she is ready to put a signature on his/her knowledge and take the full responsibility for it. Nobody has to say YES or NO. It's just a personal issue every of us should take into consideration.

greetz.

null

Hi :)

Well, I think that a great part of this answer is determined by my attitude towards software and information sharing. I really cannot imagine myself writing a "real" protection for a software (that is, a protection which avoids people to share it), first of all because I think I'm lame in that field (realizing that almost no protection really works and being able to build a working one are two different things), then because I'd prefer to earn money in different ways (programming GPL or, better, TEACHING something -at least until I have something to teach).

Anyway, even if I changed my ideas about freedom, I think that I wouldn't take the responsibility for such a work, nor probably for a sysadmin one... I don't mind about coolness, anyway: when I say I'll do something for work, I usually do that and make it work well, no matter how much time I spend on it; if I'm sure it will be broken sooner or later, I simply don't take the responsibility of it.

Finally, I'd say I'm ready to put a signature on my knowledge: I'd be glad to use it for a real job (and well, I've done it yet :wink:) and I -almost always- trust my skills.

byez,

+mala

We might have the same sight on the real life, I might work at one protection for some days and in some weeks it's cracked. then why work for weeks instead fo some hours and using some tricks in the protection instead ?

Teaching, coding will be the best thing to earn money in. I have never liked to be one sys admin, I only now if one of my friends is gonna to be that at one company.. I'm willing to try to crack that server every day for some weeks, just to make hell for him :) *grins*

Acid

In simple terms my friend, no software protection is ever 100% solid. Fact of this world we move within. So if it was to be broken i wouldnt feel guilty or somehow that i done a substandard job in a way that makes me feel ive degraded my worth as a reverser/coder/protectionisnt. Simply if it can be constructed, it can be deconstructed or another way to look at it in this context would be

...if they can split an atom the fibre of everything in half a software protection stands no chance :idea:

Just my slant on it, though i may have taken this in the wrong context :?:

Good Health,
+Malik

Heh, I agree with you +malik... I would feel guilty only if I said that the protection is uncrackable, but of course I wouldn't say it (even if it's what many people would like to hear).

For what concerns the "everything is deconstructable", I always like to use the example of the magnetic keys of some vendor machines. They seem impossible to crack ("magnetic? Hey, where do I stick these wires?"), but at a deepest inspection most of them are just the same old problem hidden by some smoke in your eyes... And like this one, we can reverse many other things and try to make them work as we want them to do.

i think that every software protection scheme can be cracked in one or two days, except for protections based on heavy cryptography.
Protection tecniques today are really advanced, but i dont understand why to spend a lot of time implementing a protection tecnique that adds calculus overhead at the application (think at api-redirection, you run redirection code at every apicall) etc etc if you know that the protection will be cracked?
I would instead spend 1 day to implement a silly protection like
if(license_ok) run(); else MessageBox("license error");
and spend a lot of time to plan a GOOD selling strategy. If you code a good winzip clone and you sell it for 19$, do you expect people will buy it?
However, for BIG softwares the problem is the opposite, they should like people sharing their products. Lets have an example: LightWave3d is a good 3d rendering software package. It is really expensive, here in my country i would pay for it about 4000$. I used it because i like computer graphics, of course i had it cracked. People that use lightwave for work HAVE the original license, because working with it exposes them to severe license checks by related authoryties (i dont think that at pixar they use a cracked copy of softimage :)). How could i know lightwave3d if i dont try it? They cant expect me to buy it and pay 4000$ if i dont know the program! And the only way to know these big software packages is *see it with your own eye*
So now that i know it i could pay 4000$ because i like this software a lot!
This scenario is a little different from sharewares! However in such a case i would spend time in planning selling strategies, customer support, free training courses etc etc. It has no sense to spend more than 1 hour in plaaning a protection for such a software.
Bye!
AndreaGeddon

Yeah for sure +mala , the Same Lady dressed differantly!

Andrea i would agree, how do they expect someone to pay thousands for software if you havent tried it. And alot of companys that make high priced software simply wont put demo's out becuase they know its going to be brought up to full stardard or near to full standard as can be managed. It would cool if we could go back to the days of shareware like IDsoftware. I realy believe they held back some of the piracy by giving you the first chapter of doom shareware, becuase some users felt good about the fact ID was willing to share a 3rd of a game with them for nothing...and would go and by the full version. A good sales technique, but one of the past! the if you scratch my back , ill scratch yours relationship between Users and Software houses seem to be gone.

Is it just me or are the software companys that used to be almost the anti establishment are now the establishment? such as borland...they realy dissapoint me these days! They now push Builder X thats over a grand last time i checked. And they caved into the evils of .net by adding it to delphi....seems their uniqueness is slowly draining away.

Anyhoo! bit of topic there :oops: "rant :lol: "


Good Health,
+ Malik

Personally, I've always favored free software - that is, no money requested at all.
I don't mind charging for the cost of a CD, shipping and handling,
but I'm not comfortable charging $500 for a program which can be dup'ed over and over for free.
This is why I'm a strong supporter of Linux - it's all free.
Sure, there are some programs which cost money, but you don't have to use those. I don't.
Microsoft is all about money - they have billions, yet they still charger over $100 for most of their apps. Why?

As for protection, since I offer my material free, I wouldn't need it.
If a company asked me to write protection for them, I could probably make something virtually uncrackable.
But remember this - anytime someone else cracks your code, you can ask them how they did it and use that information to make your code more secure against future cracks.

Learning is important to me. If I can learn something new because someone cracked my code, I'm all for it.
I just hope people out there are willing to try.

This means the question to ask is:
Can you write code which will outlast someone's interest in trying to crack it?
This is really a matter of someone being willing to put the time and effort into doing the crack. If they give up before the job is done, then you have won. You have to make your code really tedius and time-consuming it you wish to have a chance of your code being "secure".

-- Andy