Defeating Little Snitch and thinking about piracy...

I have managed to bypass Little Snitch 3 hour limit with a one or two bytes patch (can’t remember and too lazy to check it now) three days after I had access to kernel debugging. A very well designed protection (at least it’s a pain to analyse) was defeated because there was a weak element (there is always at least one weak element) and I easily found it.

I have emailed OBDev about this and asked if they would allow me to publish details. They replied asking me not to publish my finding because that could hurt their product sales. I will respect their decision (else I wouldn’t ask for it) and not publish any details regarding this finding. The only thing I can say is that the weak element is into the kernel driver they install. So have fun doing some kernel debugging. If you manage to bypass it, please don’t publish it, I think they deserve it.

This takes me to something I wanted to write about a long time ago, piracy ! Check these posts:

http://landonf.bikemonkey.org/code/iphone/iPhone_Piracy.20090106.html
http://jrtb.com/blog/a-conversation-with-an-iphone-pirate
http://kellogsosx.blogspot.com/2008/09/why-i-dont-pay-for-software-and-why.html

The second link has a lengthy discussion about this subject. Keep in mind that most of it is related to iPhone apps, these having some specifics like lack of demos but we can generalize the discussion. There are a few arguments but I think most of them aren’t strong enough, be in pro-piracy or against it. It’s a common mistake to say that a pirated copy is a lost sale because most people wouldn’t even use the program if it wasn’t pirated. Saying piracy allows you to try and buy is another mistake in most cases (most software has decent demos that allow you to fully evaluate it). Lack of monetary resources and need to use that specific piece of software could be a better argument. If people start by using pirated software and then buy it, then it seems a good deal. But we all know that humans are greedy and most will not do this because that would mean less money in the pocket. There are companies with terrible support and not buying their software is a way to tell them something is wrong…

I don’t think there is a consensus into the effects of piracy. Most studies are from the side who have interest in reducing piracy and so they are skewed in favour of their arguments. Just look at the RIAA/MPAA bullshit!

I know very well the warez world. Most people there don’t have an economic purpose, meaning to earn money with it. Most do it because they can, because it’s fun and because you learn lots of things. Groups release because it’s a competition to see who can spit out more stuff, who can win the title of best and most respected group. This is the side I identify with. I do it for fun and for learning. Publishing details has a side effect, but the discussion of full disclosure is a long one. The benefits from full disclosure are bigger than its costs.

What to do with the information I publish here is a personal choice. But it’s a big mistake to think that censorship will remove the problem. Years ago, before the Internet, information was a privilege of a few, today it’s available to everyone. You can’t stop information flow and that’s why I think full disclosure is better than no disclosure. Copy protections can be beaten with more or less effort. Years ago, stack overflows were easy to take profit from. Today technology advanced (because there was a big incentive to it) and exploit coding is a much harder task. I hope this blog can give a little contribution for advances in Mac OS X copyright protections. Piracy is a side effect I can live with. Someone else out there can do it, I’m not the only one with such knowledge. Again, it’s a personal choice.

Conclusion: buy Little Snitch or other software, if you really use it, can afford to buy it and company/author supports the product!

fG!