Xref: utzoo comp.sys.mac:11693 comp.misc:1780 Path: utzoo!mnetor!uunet!husc6!sri-unix!quintus!ok From: ok@quintus.UUCP (Richard A. O'Keefe) Newsgroups: comp.sys.mac,comp.misc Subject: Re: Copy protection and the consumer Message-ID: <577@cresswell.quintus.UUCP> Date: 25 Jan 88 05:25:09 GMT References: <4663@watdragon.waterloo.edu> <3823@husc6.harvard.edu> <164@teak.athertn.Atherton.COM> Organization: Quintus Computer Systems, Mountain View, CA Lines: 39 In article <164@teak.athertn.Atherton.COM>, ericb@athertn.Atherton.COM (Eric Black) writes: > In article <556@cresswell.quintus.UUCP> ok@quintus.UUCP (Richard A. O'Keefe) writes: > >It *is* in the interest of the hardware vendor to prevent piracy > >of *their* software. So you are likely to see hardware serial numbers > >on machines whose manufacturers have a range of unbundled software. > Now, given that assumption (which is just that), why would the hardware > manufacturer care if you tried to run the same software on another of > his machines? He wouldn't. But consider the PC market. IBM would *love* it if software bought to run on one of their machines wouldn't run on a clone! > Unfortunately, short of providing decryption built-in to the CPU chip in > the instruction fetch path, the fact is that at some point in the program's > runtime existence, there MUST be a "cleartext" version of the code. This is just plain wrong. Or rather, it depends on what you mean by "the code". There need never be a cleartext version of the hardware serial number. > protection schemes, at some point in the program's execution it makes a > GO/NO-GO decision as to whether the execution is authorized. Both can be > defeated by a sufficiently-motivated pirate. There need not be a single point. For example, the program could contain several copies of the test, and every n*10 seconds for n some small random integer, execute a random copy of the test, and stop if it fails. The test need not be explicit. For example, a critical data structure could be decrypted using the serial number as encryption key, and the program could encrypt it at run time. (Yes, de- and en- are the right way around.) {The symbol table and error message table are the obvious choice, because one might want to supply language-specific versions anyway.} A sufficiently motivated pirate could break into our offices, or monitor the electrical signals from our keyboards, or do lots of other things. Is that a reason not to stop the pirates we CAN stop?