Re: Relax permissions for reading hard drive serial number?

[Kyle Moffett]

On Dec 02, 2007, at 13:45:44, Matti Aarnio wrote:
> This lack of having stable(*) unique system identifier available to  
> applications is one of the small details that make node locked  
> commercial software delivery challenging thing in UNIX environments..
>
> *) "stable" as both stable data, and stable API to get it.

Well... There's that.  There's also the fact that anybody with a  
modicum of ASM programming skills can get clever with GDB and traces  
from "Correct HW serial" and "Incorrect HW serial" can write a 10- 
line GDB script to make it work regardless.  I did something similar  
with a popular FPS (which I legitimately own) on one of my Mac  
systems after having left the DVD behind when going to a LAN party.   
Addresses removed to protect the innocent^Wguilty, but they took  
maybe 15 minutes to acquire:

break *END_OF_CDKEY_CODE_DECRYPTION
run
delete 1
advance *JUST_AFTER_CDKEY_CHECK
set $r3 = 0
detach

At some point every such "locked" computer program has code like this:
> if (program_is_not_authorized()) {
>     display_nasty_dialog();
>     exit(1);
> }

All it takes for somebody with a debugger is to identify the last  
instruction of the "program_is_authorized()" function and change $r3  
(or whatever return register your system uses) from a 1 to a 0.  The  
fact remains that once the software is running on *THEIR* computer  
there is nothing you can practically do to forcibly prevent them from  
using it in whatever fashion they desire.  Typically if you price  
your software reasonably people will be willing to pay for multiple  
copies but there are no foolproof technical measures to enforce that  
they do so.

Cheers,
Kyle Moffett

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/