Xref: utzoo comp.sys.mac.programmer:21048 comp.protocols.appletalk:5157 Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!orion.oac.uci.edu!teri.bio.uci.edu!bdugan From: bdugan@teri.bio.uci.edu (Bill Dugan) Newsgroups: comp.sys.mac.programmer,comp.protocols.appletalk Subject: Re: Idea for painless copy protection Summary: Appletalk copy protection = easiest to crack Message-ID: <27A3555F.13566@orion.oac.uci.edu> Date: 27 Jan 91 22:34:07 GMT References: <1991Jan27.144523.20674@phri.nyu.edu> <1991Jan27.214310.3870@agate.berkeley.edu> Reply-To: Bill Dugan Organization: University of California, Irvine Lines: 30 Nntp-Posting-Host: teri.bio.uci.edu In article <1991Jan27.214310.3870@agate.berkeley.edu> lippin@math.berkeley.edu writes: >Recently roy@alanine.phri.nyu.edu (Roy Smith) wrote: >> When the program starts up, it installs something which listens for >>broadcast packets to a specific port (my knowledge of appletalk is sketchy, >>but this is easy to do in IP and I'm assuming AT has some similar >>mechanism). The program then sends out a broadcast packet to that port and >>listens for any responses. The responses it would get back would contain >>the serial number of other copies of the program installed elsewhere on the >>same AT network. If any S/N matched that of this copy, it would refuse to >>run. > >[...] >There are problems, however. A legitimate user may be unable to start >the program because someone else is running with his serial number. >On a large network, it may be difficult to track down the offender. > >Network managers must keep track of where all the serial numbers are >being used -- if one copy is destroyed, they have to reinstall it with >the right serial number. Another problem, of course, is that this type of copy protection is very easy to crack. All you have to do is write an INIT that patches the AppleTalk send calls; just kludge it to search for search string n that is made by the copy-protected application, and change a couple chars, and suddenly you have a request that nobody will respond to. As a network manager, if I were confronted with the necessity of keeping track of 400 copies of a program with all the serial numbers, I would seriously consider investing time in such a hack. bill