Re: How do people write keygens?

Ludovic Joly wrote:
Verification schemes are subject to reverse-engineering attacks, that
include cracks and keygens.

Fine, but a good verification scheme (involving public key cryptography)
is not vulnerable to key generation even if reverse-engineered.

It is not possible to prevent them totally
because software tamper resistance techniques (like code obfuscation)
provide only weak security levels.

It's provably either impossible or impractical to create really tamper
resistant code.

With such a scheme you struggle against the motivation, time and money
of the attacker. The attack is technically possible, but is it worth
spending time and money to perform it?

So far yes. Code deobfuscation is in P.

Against cracks I imagine self inspection might work but I am not sure.

You can crack away the self inspection.

1. Server side programming. In this case the security will rely on the
network and server config, daemons implementations, blah blah blah

If you do it like that relevant code functionality is only implemented
on the server, then yes, this is a working scheme. But usually impractical.

2. Tamper resistant hardware. The level of security is much higher but
the price is also much much more expansive.

The hassles are too.
.