Allan Odgaard
Is this you? Claim Profile »
2 years ago
in Tattoo Removal for Cory on toxicsoftware.com
$0 / $1000? So I take it that you do not believe enough in this to actually make a donation yourself? :p
2 years ago
in AquaticPrime Warning on toxicsoftware.com
schwa: this is why I suggested above that AP stores the public key encrypted — this should avoid the ability to blindly replace the key via some universal application.
FYI I do that in TM “just to be sure,†though I have seen several cracks of my application, but never have they targeted the public/private key system, as there is generally an easier way to get the application working as was it registered, in fact I would bet that many of the cracks done for TM took less than 30 minutes to produce, as the cracker just run the application in a debugger, and then figures out where to insert nop’s.
FYI I do that in TM “just to be sure,†though I have seen several cracks of my application, but never have they targeted the public/private key system, as there is generally an easier way to get the application working as was it registered, in fact I would bet that many of the cracks done for TM took less than 30 minutes to produce, as the cracker just run the application in a debugger, and then figures out where to insert nop’s.
2 years ago
in AquaticPrime Warning on toxicsoftware.com
Daniel: Using a simple / symmetric license key scheme has the problem that once cracked, all future versions of the program will be free for the user who obtained the faked/leaked serial number — unless either a) the author tracks down all “fake†serials and black-list them, or b) he (regularly) change his license scheme (which requires sending out new license keys to all existing users.)
So the damage of a faked/leaked serial is much much worse than a binary crack alone for this reason. If a user is willing to track down a new binary crack, each time the program is updated, and often wait months for the crack to be available, then surely, he would never have paid the registration price.
I sent this the following to the macsb list, but let me repeat it here:
The purpose of Aquatic Prime is NOT to prevent a particular version of your application from being cracked, or even make it difficult to crack it.
Why? Because to run your program, the user needs the entire code, and that allows him to read it and make changes to it [1].
Time spent making it difficult to crack is roughly proportional with time required to crack it, so playing this game is a waste of time [2].
What it DOES DO is ensure that a binary crack IS a requirement. So if you want to point out flaws in the architecture, you should demonstrate that you can unlock an application WITHOUT altering the code of that application.
[1] At least until trusted computing arrives
[2] Automated code obfuscation could alter this.
So the damage of a faked/leaked serial is much much worse than a binary crack alone for this reason. If a user is willing to track down a new binary crack, each time the program is updated, and often wait months for the crack to be available, then surely, he would never have paid the registration price.
I sent this the following to the macsb list, but let me repeat it here:
The purpose of Aquatic Prime is NOT to prevent a particular version of your application from being cracked, or even make it difficult to crack it.
Why? Because to run your program, the user needs the entire code, and that allows him to read it and make changes to it [1].
Time spent making it difficult to crack is roughly proportional with time required to crack it, so playing this game is a waste of time [2].
What it DOES DO is ensure that a binary crack IS a requirement. So if you want to point out flaws in the architecture, you should demonstrate that you can unlock an application WITHOUT altering the code of that application.
[1] At least until trusted computing arrives
[2] Automated code obfuscation could alter this.
2 years ago
in AquaticPrime Warning on toxicsoftware.com
This probably boils down to whether or not you believe that casual users can easily get hold of binary cracks, and if so, if they will use them.
Personally I am not of this belief. I have a popular product out there. and I see far more requests for cracks, than actual cracks, and that’s on forums such as torrentskickass, which although a popular forum, are really for the segment of Mac users
that you should not expect paying for your software.
That said, it might be a good idea if AquaticPrime stored the public key internally encrypted — as the poster of this blog noted, that is just a way of obfuscating things, and doesn’t affect the theoretic crackability of the program, but it would (to some degree) prevent a universal patch to affect all programs which use AquaticPrime, since the cracker would have to analyse the code, to figure out how to encrypt his replacement public key.
Personally I am not of this belief. I have a popular product out there. and I see far more requests for cracks, than actual cracks, and that’s on forums such as torrentskickass, which although a popular forum, are really for the segment of Mac users
that you should not expect paying for your software.
That said, it might be a good idea if AquaticPrime stored the public key internally encrypted — as the poster of this blog noted, that is just a way of obfuscating things, and doesn’t affect the theoretic crackability of the program, but it would (to some degree) prevent a universal patch to affect all programs which use AquaticPrime, since the cracker would have to analyse the code, to figure out how to encrypt his replacement public key.