Re: [Full-Disclosure] Reverse Engineering thoughts

From: Blue Boar (BlueBoar_at_thievco.com)
Date: 01/06/04

  • Next message: Daniel B: "Re: [Full-Disclosure] Re: Linux kernel do_mremap() proof-of-concept exploit code" 
    To: n30 <n30_lists@hotmail.com>
Date: Tue, 06 Jan 2004 11:27:38 -0800

    n30 wrote:

    > Say I am pen-testing an application...It requires authentication credentials
    > to run. Also, the software has a demo mode & full version mode.
    >
    > Now using RE (Reverse engineering), I can change the ASM & create a small
    > patch file to bypass the auth & convert the demo mode to full version mode.
    >
    > Is this a security problem?? What should be my recommendation??

    Copy protection bypass is not a security problem per se... at least, not
    for the user of the app. Copy protection bypass is always possible if
    you are willing/able to modify the binaries.

    They may be interested to know how easy the bypass was (or wasn't).

    >
    > This is assuming that I work for a pen test firm & the company wants us to
    > test their product. So I should not be affected by DMCA?? Am i right??

    Probably. If they've given you permission, and you've got your get out
    of jail free card in order. A contract giving you permission would be
    huge evidence in your favor.

    Still, for the extraordinarily paranoid, note that Dmitry was still
    detained for prosecution even after Adobe dropped their complaint.
    Aparantly, the US Federal Goverment can prosecute crimes under the DMCA
    even without a victim.

                                            BB

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Daniel B: "Re: [Full-Disclosure] Re: Linux kernel do_mremap() proof-of-concept exploit code"

    Relevant Pages

    • Re: GPL V3 and Linux
      ... > I'm legally allowed to copy the copyrighted work (with or without the ... > owner's permission - this is one reason for a legal copy. ... Actually, in the US, it is in fact illegal to bypass a protection scheme ... controls access to a work protected under this title. ...
      (Linux-Kernel)
    • Re: WLM and Windows file protection
      ... files are being deleted without permission. ... Im my case it was an Mp3 ... song, but what if it was an important file from work? ... It would also be nice to have an easy way to bypass this completely - not ...
      (microsoft.public.windowsxp.messenger)
    • Re: How do I install IIS on XP Professional?
      ... >I am not going to bypass the restriction with out permission. ... > permission to by pass the restriction from desktop support. ... > still not do the installation for me. ...
      (microsoft.public.windowsxp.setup_deployment)
    • Re: How do I install IIS on XP Professional?
      ... I am not going to bypass the restriction with out permission. ... permission to by pass the restriction from desktop support. ... I have admin privileges on the machine and I can ...
      (microsoft.public.windowsxp.setup_deployment)