Post #4,259
8/8/01 4:06:27 PM
8/8/01 4:07:42 PM
|
Encrypting scripts?
Does anybody know of any good resources, webpages, or tips for encrypting scripts, or even executables, such as for distributing demos?
It seems that any encryption scheme around for long enough eventually gets hacked and posted on the net for the world to see.
One can remove comments and replace internal variable names with jabberwocky, but with a little patience and experimentation a cheater can still make simple changes, such as removing demo nag messages. (This is essentially what compilers do: replace meaningful names with address slots.)
________________ oop.ismad.com
Edited by tablizer
Aug. 8, 2001, 04:07:42 PM EDT
Encrypting scripts
Does anybody know of any good resources, webpages, or tips for encrypting scripts, or even executables, such as for distributing demos?
It seems that any encryption scheme around for long enough eventually gets hacked and posted on the net for the world to see.
One can remove comments and replace internal variable names with jabberwocky, but with a little patience and expirementation a cheater can still make simple changes, such as removing demo nag messages. (This is essentially what compilers do: replace meaningful names with address slots.)
________________
oop.ismad.com
|
Post #4,270
8/8/01 4:42:16 PM
|
Re: Encrypting scripts?
As my good friend Scott Anderson once told me:
You should look into Exchange Pair encryption (ie. private and public keys) where you have the users who download the demo register with you to receive a public key.
As for actual implementations, you'll have to do your own research. Though, I can offer that I recently did an implementation with M$'s CryptAPI set, and it works fairly well.
HTH, -Jason
----
My pid is Inigo Montoya. You "killed -9" my parent process. Prepare to vi.
|
Post #4,274
8/8/01 4:48:26 PM
|
and once they get the key?
>> You should look into Exchange Pair encryption (ie. private and public keys) where you have the users who download the demo register with you to receive a public key. <<
But once they unlock it, they can spread it on the web, no?
>> Though, I can offer that I recently did an implementation with M$'s CryptAPI set, and it works fairly well. <<
How do you know? One does not discover hacks until it it too late?
But, I will look into it. Does it work with scripts, or only VB and C?
Thanks
________________ oop.ismad.com
|
Post #4,276
8/8/01 4:49:50 PM
|
Public key encryption is currently very, very difficult
to break.
As computers get faster, this will change, but you have a few years for now.
Regards,
-scott anderson
|
Post #4,281
8/8/01 4:59:28 PM
|
Re: and once they get the key?
Sure, they can spread it.
But, just keep in mind that nothing is hackable. It's just a matter of finding that degree of security that you're comfortable with.
Like Scott mentioned, it's very difficult to hack the private key. Doable, but difficult. And, sure, they can dissimenate the public key if they wanted (see [link|http://astalavista.box.sk|http://astalavista.box.sk] to see how many *current* hacks for *very* expensive software are out there), but, again, it's just a degree of security.
CryptAPI will work with any M$ scripts (such as VBS/WSH scripts). It's just your basic COM DLL. Hunt a bit, though. We actually found a wrapper that someone had already written that helped make the native API a bit more friendly.
-Jason
----
My pid is Inigo Montoya. You "killed -9" my parent process. Prepare to vi.
|
Post #6,398
8/22/01 11:02:52 PM
|
They can spread the key.
And you include, as part of your customer agreement, that a broken key = loss of service.
And you keep an eye out for broken keys on the web, as well as unusual activity on your website. You get a broken key, you invalidate it in your updated version. All versions until that one work fine, but as soon as somebody tries to upgrade, the key no longer works.
"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Friedrich Nietzsche
|
Post #4,317
8/8/01 10:02:16 PM
|
cryptic spagetti code works fairly decent
put a gobbledegook section that makes little sense that places a file in a strange place and pops a stack every 24hrs removes one then removes the script when stack reaches zero. thanx, bill
Our bureaucracy and our laws have turned the world into a clean, safe work camp. We are raising a nation of slaves. Chuck Palahniuk
|
Post #4,327
8/9/01 12:14:48 AM
|
I'll use OO and protocol coupling. That'll F 'em up
re: "cryptic spagetti code works fairly decent"
>> put a gobbledegook section that makes little sense that places a file in a strange place and pops a stack every 24hrs removes one then removes the script when stack reaches zero.<<
That may not work since it is web software and writing files is something prohibited by the server settings. However, I suppose there are other tricks to try along the same line.
Thanks for the suggestions
________________ oop.ismad.com
|