Why cracking the vast majority of Mac apps isn’t that sexy…

I shouldn’t be posting this because the guy doesn’t deserve any traffic he might get by writing this. But it’s so funny that I cannot resist (yes, I’m weak!!!).

The blog post is called “I Can Crack Your App With Just A Shell (And How To Stop Me)” and it’s available here. I especially like his advice because it shows he doesn’t know nothing about protecting apps and I have the feeling on that second article he links being a complete ripoff from one or two articles around the web. Just cut the crap and publish tutorials on interesting stuff or create some cool packers and that sort of things so we can have fun targets to reverse! Yes, this post is also crap 😉

Ok, back to Dtrace User guide! Almost reaching the juicy parts. I still have to find a way to make dtrace useful in reversing protections (by this I mean faster and easier than disassembling the binaries) but it will help me with this exit(173) thing (learning some stuff about OS X that I never bothered to).

Have fun,

P.S.: Just found out two interesting links (from root labs rdist blog), one book and one article.

Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection

Advanced Software Protection Now (it’s from 2003 and I haven’t read it yet but it looks interesting!)

6 thoughts on “Why cracking the vast majority of Mac apps isn’t that sexy…

  1. That locking your payload thing looks interesting…
    I saw that post a few days ago, and yes, it’s very basic and he makes it look like he is almighty smart by pointing that out. But the truth is that most of Mac/iOS developers don’t have any information on this matter, very talented people with great software released but they aren’t used to piracy (I remember you saying that Mac OS is in the golden age of cracking, something like that). I just think the guy wrote it to wake up somebody, alarming title and very introductory post.

    1. Hum… I’ve been thinking about writing a series regarding how to better protect mac software. It could help to raise the bar and make things more interesting in this world 🙂

  2. I won’t comment on the post you mentioned because even the title makes me laugh.

    I’ve read the first part of the article you linked (don’t have much time, exams this week 🙁 ), and since I don’t have a lot of experience in this field, in particular encryption it was a great reading.
    I just finished the part in which it talks about watermarking, how to identify the traitor. But i asked myself, is this stuff really affordable for the average developer?
    I don’t have time to write down all my points but think about it, first you have to buy a powerful server to “dynamically” compile your program based on the license id or other informations and also hope that nothing will break your script on the server.

    The fact is the average developer doesn’t know anything about software protection, and doesn’t mind it. An example is the Mac App Store, a developer wrote down some example licensing code and everyone copied it.

    The best way to improve the actual situations is blog like yours to help developers become conscious, so they can implement new security measures that we can study to gain more knowledge.

    1. Yes, I’m not sure if it’s affordable for the average developer or makes sense in economic terms. That’s one of the reasons that why Apple’s app stores are so successful, they have reduced prices and created the concept of impulse purchases in software (it wasn’t so easy before this!). The vast majority of people don’t even care about jailbreaking (because they want their devices to just work) and so they will buy the apps, which is good. From a point of view of a reverser I was disappointed with Mac App Store but from a point of view of an economist I understand Apple’s decisions.

      I checked a few apps and all of them used that same example licensing code. I know resources are limited but damn, that’s not a smart decision. I always thought that spreading knowledge was the best way to help developers but the impact on protections of expensive software (read pace and others) is too big. And on small developers it could be even worst.
      I’m thinking about creating a series of how to better protect mac software – that would be an interesting project. If anyone wants to contribute feel free to mail me 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *