Dennis Lee Bieber wrote: > On 18 Jun 2005 07:48:13 -0700, "cpunerd4" <[EMAIL PROTECTED]> declaimed > the following in comp.lang.python: > > >>even so, >>crackers have a harder time getting into compiled programs rather than >>intepreted languages. I know hiding the code won't stop all crackers > > > A good debugger in step mode can get into anything... At my > college, those of us with the skills took less than 30 minutes to unlock > the system assembler after it had been set to run on higher privileged > accounts (the OS had numeric "priority" levels in accounts; students ran > at 20 or 40, the assembler had been set to something like 50 to stop the > troublemakers). Copy the executable to local, start under debugger, > step through until the test for account priority was reached, change > comparison... Voila, private copy of the assembler. >
This unnamed OS didn't allow granting execute access but not read access? I do agree with your main point however. Once you have read access to the software, you can do pretty much what you like. <war story> I recall a piece of software that was paid for on an annual licence fee basis, and would stop working after a given date. The update sometimes arrived late. Fortunately it was a trivial exercise to find the date check in the "expired" executable and circumvent it. Debug in step mode? How quaint and tedious! All one had to do was to put a Trojan DLL-equivalent in the path; this contained a today()-equivalent function that simply called the system debug function. Of course the authors could have prevented that by dynamically loading the today()-equivalent function directly from the manufacturer-supplied system-central DLL-equivalent; my guess is that doing so would have prevented easy testing of the "stop working" code on a shared machine where they couldn't change the system date without upsetting other users, and it's probable they were using a Trojan today()-equivalent gadget to supply "old" dates for testing. </war story> Cheers, John -- http://mail.python.org/mailman/listinfo/python-list
