1
Developer's Corner / Re: Software Copy Protection Questions
« on: September 29, 2007, 11:51 AM »
Software protection programming is not a very well known field for most
programmers. Software protection techniques are not like "visible" features
that can be seen and compared. Because of this most software protection authors
could talk about impressive techniques that are included deep inside the
protection scheme, when many times most of these techniques hardly exist or
they are much simpler than what they seem.
Most software protectors reiterate a lot about using very strong cryptographic
algorithms like RSA, Elliptic curves and AES hoping that the final user will
believe that those protectors and the cryptic algorithms are unbreakable. This
if far from the truth as software protection is very different from data
protection. Even if a software protector encrypts the protected application
with the most robust cryptographic algorithm, sooner or later the protected
application needs to be decrypted in order to be run by the CPU. It is in this
phase when most attackers will start their work by dumping the decrypted
application from memory to disk thus not having to deal with the cryptographic
algorithm and reconstructing of the original application.
programmers. Software protection techniques are not like "visible" features
that can be seen and compared. Because of this most software protection authors
could talk about impressive techniques that are included deep inside the
protection scheme, when many times most of these techniques hardly exist or
they are much simpler than what they seem.
Most software protectors reiterate a lot about using very strong cryptographic
algorithms like RSA, Elliptic curves and AES hoping that the final user will
believe that those protectors and the cryptic algorithms are unbreakable. This
if far from the truth as software protection is very different from data
protection. Even if a software protector encrypts the protected application
with the most robust cryptographic algorithm, sooner or later the protected
application needs to be decrypted in order to be run by the CPU. It is in this
phase when most attackers will start their work by dumping the decrypted
application from memory to disk thus not having to deal with the cryptographic
algorithm and reconstructing of the original application.