Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #91  
Old 04-25-2013, 19:19
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
Quote:
Originally Posted by mcp View Post
That's obviously not true.
LOL
Yes it is.
For me the argue is over.
Reply With Quote
  #92  
Old 04-25-2013, 21:39
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
Quote:
LOL
Yes it is.
Is that supposed to be an argument? Since you disagree with my statement

Quote:
By your logic you should be able to break any instance of it. That's obviously not true.
you must be able to break any problem instance in that domain. How about I give you a RSA4096 public key and you factor it for me?
Quite obviously, you won't be able to do so, and I don't think anyone can arguably disagree with that (without trolling).

Last edited by mcp; 04-25-2013 at 21:44.
Reply With Quote
  #93  
Old 04-25-2013, 21:49
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
@mcp
You can not proof it because nobody knows which attacks appear tomorrow. Just suppose in 10 years quantum computers appear. And almost all current crypto would be trash.
Years ago DES looks uncrackable. Nowadays it is weak.
The same to RSA. Ten years ago RSA-512 was strong. Now it is weak.
Could you make the RSA less or equal to 512 bits which we can not crack? Sure, you cant. Most algos add more rounds to be stronger or increase key sizes or other params.

HE libraries are very rough. Limited in the operations to Add and Mul in most. Also, it is hard to imagine the use cases which help to protect applications. Could you describe any?
To operate in HE you need both numbers encrypted with private key. To decrypt result you need also public key. Would you store both keys in the software? Or how do you plan to make protection?
Reply With Quote
  #94  
Old 04-25-2013, 22:11
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
Quote:
You can not proof it because nobody knows which attacks appear tomorrow. Just suppose in 10 years quantum computers appear. And almost all current crypto would be trash.
Years ago DES looks uncrackable. Nowadays it is weak.
The same to RSA. Ten years ago RSA-512 was strong. Now it is weak.
Could you make the RSA less or equal to 512 bits which we can not crack? Sure, you cant. Most algos add more rounds to be stronger or increase key sizes or other params.
Of course there is exactly one crypto scheme which is provably secure against any attack (OTP) but I was just arguing against the claim of being able to break any instance of those problems. And that's obviously not true.

Quote:
HE libraries are very rough. Limited in the operations to Add and Mul in most. Also, it is hard to imagine the use cases which help to protect applications. Could you describe any?
To operate in HE you need both numbers encrypted with private key. To decrypt result you need also public key. Would you store both keys in the software? Or how do you plan to make protection?
Yap, there's a reason why not "everything" just simply switches to (F)HE schemes. There are multiple reasons: a) it is slow as hell b) full HE isn't trivial, most libraries limit themselves to addition and/or multiplication as you said.
Take for example the use case that you want to compute something which must not be revealed to the public, still the computation has to be made on every consumer's device, and the consumers must not know how the computations inner workings look like.
Then again, the weak points of FHE are the input and output values: if these are to be used in other non-HE parts of the program, these clearly must be decrypted.

As always in security, you have to be aware of the "attacker model": FHE per se cannot be used to create any kind of "unbreakable" protection, and no sane person would ever claim that. On the other hand, I strongly disagree with the statement that "everything made by man can be broken". That's too broad of a statement and is simply not true in general.
Reply With Quote
  #95  
Old 04-25-2013, 22:51
Syoma Syoma is offline
reverse engineer
 
Join Date: May 2009
Posts: 338
Rept. Given: 35
Rept. Rcvd 77 Times in 50 Posts
Thanks Given: 15
Thanks Rcvd at 78 Times in 51 Posts
Syoma Reputation: 77
Lightbulb

Quote:
Originally Posted by mcp View Post
I strongly disagree with the statement that "everything made by man can be broken".
Sure, it can be. But nobody guarantees it will work after that or even be valid.
Reply With Quote
  #96  
Old 05-08-2013, 20:08
Squidge's Avatar
Squidge Squidge is offline
Drunken Squirrel
 
Join Date: Oct 2002
Posts: 412
Rept. Given: 4
Rept. Rcvd 9 Times in 4 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 6 Posts
Squidge Reputation: 9
Quote:
Originally Posted by mcp View Post
How about I give you a RSA4096 public key and you factor it for me? Quite obviously, you won't be able to do so, and I don't think anyone can arguably disagree with that (without trolling).
Whilst I agree, I don't see how that is relevant to software protection. Your analogy is like saying I let anyone download the fully registered version and say its uncrackable as the executable is encrypted by a 4096-bit RSA private key. Sure, it will take many years (maybe longer) to 'crack'.

However, make a piece of software runnable only with a license file, protect the license file with an RSA 4096-bit private key and I guarantee you it will be broken and fully registered versions available within 24 hours.

Same goes for if the license checking is built into a dongle. If you have access to the dongle, the software be made to work without it. I have done this many times for people who worry about the security of their software dongles.
Reply With Quote
  #97  
Old 05-09-2013, 14:35
WRP WRP is offline
Family
 
Join Date: Nov 2010
Posts: 184
Rept. Given: 32
Rept. Rcvd 52 Times in 33 Posts
Thanks Given: 200
Thanks Rcvd at 231 Times in 105 Posts
WRP Reputation: 52
Quote:
Originally Posted by Squidge View Post
If you have access to the dongle, the software be made to work without it. I have done this many times for people who worry about the security of their software dongles.
How about Senselock and other dongles which are built on smart card technology?
Reply With Quote
  #98  
Old 05-12-2013, 20:36
mcp mcp is offline
Friend
 
Join Date: Dec 2011
Posts: 73
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 7
Thanks Rcvd at 47 Times in 35 Posts
mcp Reputation: 12
Quote:
Originally Posted by Squidge View Post
Whilst I agree, I don't see how that is relevant to software protection. Your analogy is like saying I let anyone download the fully registered version and say its uncrackable as the executable is encrypted by a 4096-bit RSA private key. Sure, it will take many years (maybe longer) to 'crack'.
If you read my answer in the context of the original claim that "anything made by man can be broken by man", then my answer makes sense again. It was simply a counter example to that claim, not necessarily related to copy protections in generl.
Reply With Quote
  #99  
Old 10-06-2023, 16:22
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 919
Rept. Given: 60
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 68
Thanks Rcvd at 328 Times in 100 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
Hi mates,
How would you rank latest SolidShield? Thanks!
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #100  
Old 10-22-2023, 04:37
isdebuggerpresent isdebuggerpresent is offline
Friend
 
Join Date: Nov 2017
Posts: 15
Rept. Given: 0
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 2
Thanks Rcvd at 30 Times in 7 Posts
isdebuggerpresent Reputation: 4
Quote:
Originally Posted by Shub-Nigurrath View Post
Hi mates,
How would you rank latest SolidShield? Thanks!
What's some modern software that uses it? It pretty much faded into obscurity after AAA games dropped it sometime over a decade ago
Did they develop an x64 protection? Sometimes it's a huge step back
Reply With Quote
  #101  
Old 10-22-2023, 11:39
Gregory Morse Gregory Morse is offline
Friend
 
Join Date: Sep 2023
Location: Cleveland, Ohio
Posts: 54
Rept. Given: 3
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 31
Thanks Rcvd at 18 Times in 13 Posts
Gregory Morse Reputation: 2
Quote:
Originally Posted by Shub-Nigurrath View Post
Hi mates,
How would you rank latest SolidShield? Thanks!
It's pretty lame protection compared to today's standards. Can be cracked quite easily.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
When use "vendor defined encryption routines", how to set daemon related part? bridgeic General Discussion 6 01-22-2015 11:35
Wlscgen: Are "Vendor Id" and "Developer Id" different ? Numega Softice General Discussion 6 02-12-2007 18:12


All times are GMT +8. The time now is 21:31.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )