[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lock for TS2000i code ?



PureBytes Links

Trading Reference Links


>> The only totally secure solution is to code all your systems and
>> studies in .dll's and then provide your own security block. 
>
>That's a bit of a pain, but it would probably be reasonably secure.
>
>If someone *really* wanted to crack your code, they could reverse-
>compile the code in the DLL and figure it out from there -- including 
>disabling your security block test.  It's not that hard for a serious 
>cracker.

Well, it's not true .. sure, there is the possibility to reverse an
assembled code but the "skill" of the coder is to use programming
techniques that make this task really difficult .. or impossible. An hard
coded DLL is surely the best protection system and it's also flexible. 
The best way to protect something is letting a skilled, low level
programmer to do the job.


>
>The most secure solution I'm aware of is the DiamondLock product from 
>Doug Deming &crew.  Warning:  this is NOT for the faint of heart.  
>You have to remove some of your code and replace it with DiamondLock 
>code to implement the same functionality.  The DL code, which must be 
>hand-generated, is extremely low-level and obtuse.  You basically 
>have to manually create machine-level code to implement the piece of 
>functionality you're locking.  It's painful, slow, and error-prone.
>
>But if you're really worried about getting your code stolen, it's 
>probably the most secure way to do it.  The machine code that you 
>create is encoded so that it would be nearly impossible to reverse-
>compile it.  Since it's so difficult to create the machine code, it's 
>not practical to encode your entire system, but you can encode 
>critical portions.

Not so impossible, the difficulty level is equal to decompile a DLL and
reverse-engineering it, but it's quite more painful from the user point of
view.

>
>And as part of the bargain, DL also locks the code to a specified 
>machine, for a specified period of time.  You don't have to provide a 
>security block or any of those hassles -- just have your customers 
>run a utility to generate a unique system ID for the systems they 
>>want to license.
>
>Gary