Follow us on Twitter!
Don't judge the unknown - Grindordie
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 26
Members Online: 3

Registered Members: 82815
Newest Member: medjiking
Latest Articles
View Thread

HellBound Hackers | Computer General | Programming

Author

Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-09 13:49
I've built a prototype of a trial-period system for a shareware.
It refers to a certain hidden file to check its valid range of date.

Here's the problem:
Is there any way for regular users to track down to the hidden file by analyzing the file access behavior of the program?
If so, where can I find/how can I build a PoC for it?
My project is for Mac OS Xs.

By the way, I Googled these combinations:
"mac file access debug"
"mac monitor application behavior"
"mac file access monitor"
"mac program track file access"

I don't know any debuggers other than gdb. If you can introduce me some other good debuggers, I'd appreciate it.

Thanks in advance.


Author

RE: Anti-anti-trial-period

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 19-11-09 14:04
Using a hidden file to track validity is not the way to go. you need to hard code in a variable that carries the installation date and the expiration period. The "hidden file" can be easily modified. Then again, the shareware date bit can be as well. However, this is far more secure than a simple file.
That is just my opinion, lets see what others have to say.


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 19-11-09 18:07
quiet interesting thoughts, storing them online would mean someone could access it too perhaps set up a hosts file and run a local validater.

In unix( mac is unix like) lsof shows all open files, not to mention someone could just do a directory listing showing hidden files?

This seems ott maybe, but how about using RSA to encrypt the information from a server, then it couldn't be simulated offline. Unless you changed the programs public key.... idk I'm not very good at this.




Edited by on 19-11-09 18:09
Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 20-11-09 08:14
Thank you all for the replies.
I guess I'll stop going after the system time as MoshBat mentioned - it's way too simple.

Validating via the network is deceivable, like always.

I might try to hardcore it into the program.

Case closed, but any more thoughts are welcome.



Oh, and Wolfmankurd, thank you very much pointing out the "lsof" command. it was VEEERY helpful.




Edited by on 20-11-09 08:16
Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 07:41
could you have them submit their zip code and have it feed off of a live streaming clock for where they reside?

or have a count down sequence for X amount of hours in Y amount of days?

sorry of those are stupid ideas, just thoughts.


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 14:57
Surely it would be easier and better to allow the program to be started a certain number of times?

Failing that, the hidden file idea could work, just as long as you use a hash function to validate integrity. You could use a unique, hardcoded variable, along with some other program data and the expiration date, and hash them. Put that value in the file, and check it on launch. You can even make it visible, it doesnt matter if a 'hacker' can see it, what matters is that they can't change it without corrupting the hash check. If a hash doesnt check out you can just exit the program. Job done Smile


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 15:04
The checks you guys are suggesting all translate to address jumps :+, debug a couple of programs and you'll understand.

Safest, I think, is contacting a database, do a check (server-side) and require the program to download a few strings required for the program to run out of trial.
Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 15:28
Of course, bypassing most protections is possible with apps, but it's not like a network solution is any safer, or easier to implement, what it the user wants to use a program when they're not connected to the internet?

The effort should only justify the value, theres no point building mad security for a $20 program.


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 15:32
jjbutler88 wrote:
Of course, bypassing most protections is possible with apps, but it's not like a network solution is any safer, or easier to implement, what it the user wants to use a program when they're not connected to the internet?


Activation via telephone.


The effort should only justify the value, theres no point building mad security for a $20 program.


There is. Code is reusable, recyclable. You're not building "mad" security for a twenty dollar program, you're just building "mad" security that can be implemented with any number of programs.
Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 16:24
So you would have users of a $20 program call a number every time they start a program?? That's lunacy, plus the cost of keeping something like that running. It makes no sense, and costs loads of cash. Back to the drawing board mate.

If you are building something modular and reusable, then perhaps using asymmetric encryption is the best way, just include a signed certificate in the program.

However, I suspect you will not want to set up a PKI, and will opt for a local mechanism. If it were for widespread commercial use, then the asymmetric option becomes more feasible.


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 16:25
jjbutler88 wrote:
Surely it would be easier and better to allow the program to be started a certain number of times?


I believe if it was as suggested then people would just keep it open. At least it's what I used to do when I came across those. :happy:


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 16:28
True, but its a good 'bang for your buck' scenario. Other options are either insecure or hopelessly unworkable.


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 16:38
Oh come on jj, quit being such a pessimist. Pfft


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 16:39
Pessimist or Realist? :happy:


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 17:04
Jj you're a crackhead. haha


Author

RE: Anti-anti-trial-period


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 22-11-09 17:24
Wait, I just realized, what the hell serials.

OPEN-SOURCE YOUR SHIT. Sell support and custom plug-ins.