15 Most Recent [RSS]
Aquatic Prime proof-of-concept crack
Aquatic Prime is an open source serial number scheme. Jonathan Wight just posted an article on how he wrote a crack for it. Most of the things he did were already alluded to in discussions on the MacSB mailing list a while ago, but I think the main lesson we're learning from this is that monocultures are still bad, and that security through obscurity does work to a certain degree:
It requires more cleverness and more effort from a person trying to crack a program. If you see the entire implementation of a licensing scheme, it's fairly easy to pick out the weak spots. If you only see machine-generated assembly gobbledygook, you'll probably be spending an hour just to figure out what the heck the code is doing.
Still, I guess the suggestion the author of AP made is valid: It's BSD-licensed code. Nobody's keeping you from taking the core code, rearranging it and rolling your own scheme. He did a great service to the community. Thanks Lucas Newman!