Re: Security analysis of licensed software
Date: Fri, 04 Jul 2003 00:26:31 GMT
On Thu, 3 Jul 2003 23:55:14 +0100, "Ant" <firstname.lastname@example.org> wrote:
>Have a look at the utilities on the Sysinternals site,
>Check out Filemon.
Well. That did it. That thing vetted out all the files opened by my
program, including all the in-process COM dll's it loads.
So, I used that, and got a list after two or three seconds of all the
startup DLL's loaded. Making the list would take five minutes. But it
was easy from there to see that this app used the VB6 runtime, and
opened several DLL's unrelated to the runtime.
Then, all I'd have to do is look over that list, and examine the
headers of each of the DLL's and other files loaded which were not
associated with the runtime, and examine their interfaces by for
crying out loud just looking in the registry.
Lo and behold, one of them was full of helpful descriptions like
"license file" and such. I ran the name of the DLL through Google and
got the name of the license vendor I was using. In seconds. And Oh,
Look! Free demo!
>From documentation on their website I found what I needed to know
about how the security operates.
Then, I kept Filemon on and went to the bit in the program which
generates license keys. Click. Up comes the name of the file in
Filemon. It's not obvious that that's the license file but there you
OK, so after 10 minutes I think I know the name of the security
vendor, his COM interface, and I have a copy of a license file.
Examining the COM interface and the free documenation identifies
several methods, including the correct order in which to call them.
Okay, now we watch the COM interface in action. Lucky us, Chris Sells
wrote a trace tool (found in seconds with a Google Search.)
This is where I decided all I have in my app is the appearance of
security. Using that trace tool will uncover the unlock information
needed for the license file. Then all any cracker will have to do is
write a small utility which makes a license file enabled for any
machine ID, etc. Zappo. 1 hour. No security left.
Thanks for the pointers, everyone.