Uli's Web Site
[ Zathras.de - Uli's Web Site ]
Other Sites: Stories
Abi 2000
Stargate: Resurgence
Lost? Site Map!
     home | blog | moose | programming | articles >> blog

 Blog Topics

15 Most Recent [RSS]

 Less work through Xcode and shell scripts
2011-12-16 @600
 iTunesCantComplain released
2011-10-28 @954
 Dennis Ritchie deceased
2011-10-13 @359
 Thank you, Steve.
2011-10-06 @374
 Cocoa Text System everywhere...
2011-03-27 @788
 Blog migration
2011-01-29 @520
 All you need to know about the Mac keyboard
2010-08-09 @488
 Review: Sherlock
2010-07-31 @978
 Playing with Objective C on Debian
2010-05-08 @456
 Fruit vs. Obst
2010-05-08 @439
 Mixed-language ambiguity
2010-04-15 @994
 Uli's 12:07 AM Law
2010-04-12 @881
 Uli's 1:24 AM Law
2010-04-12 @874
 Uli's 6:28 AM Law
2010-04-12 @869
 Uli's 3:57 PM Law
2010-04-12 @867


Aquatic Prime proof-of-concept crack

Aquatic Prime is an open source serial number scheme. Jonathan Wight just posted an article on how he wrote a crack for it. Most of the things he did were already alluded to in discussions on the MacSB mailing list a while ago, but I think the main lesson we're learning from this is that monocultures are still bad, and that security through obscurity does work to a certain degree:

It requires more cleverness and more effort from a person trying to crack a program. If you see the entire implementation of a licensing scheme, it's fairly easy to pick out the weak spots. If you only see machine-generated assembly gobbledygook, you'll probably be spending an hour just to figure out what the heck the code is doing.

Still, I guess the suggestion the author of AP made is valid: It's BSD-licensed code. Nobody's keeping you from taking the core code, rearranging it and rolling your own scheme. He did a great service to the community. Thanks Lucas Newman!

Reader Comments: (RSS Feed)
No comments yet
Or E-Mail Uli privately.

Created: 2006-06-08 @013 Last change: 2006-06-08 @097 | Home | Admin | Edit
© Copyright 2003-2023 by M. Uli Kusterer, all rights reserved.