Can Symbian signed crack proof an application?

[alammi]

... but in combination with symbian signed? I made the assumption that restricted apis are used and symbian signed dev certs are not misused.

[Paul.Todd]

There was interesting post on Symbian yesterday....

http://developer.symbian.com/forum/t...tstart=0#59603

[cdavies]

Do you reckon they don't realise they are doing anything wrong, or are they just so stupid that they think people who make their money by selling software are going to help them with piracy?

[stichbury]

I think it's the former case. Isn't it true that, in some regions, Microsoft accept that their software is pirated and don't chase pirates because they know that those using it for free wouldn't buy it otherwise? So they're not losing financially and that software becomes the de facto standard. Or is this urban myth?

I'm not condoning the originators of the thread Paul links to, or a similar one I spotted about signing cracked copies of QuickOffice. But perhaps some people in those regions are so used to being able to use pirated software that it's accepted and acceptable. No stupidity or malice, just a different value set.

[mayur_24]

Presently,the only limitation is that these crackers cannot do runtime analysis of the code.
So the only effective strategy is to pack the .exe code and as well as create the authentication lib dynamically and load them on the run and once the authentication routine is done,just delete the code.
Do you think this can be done in Symbian?
--Mayur.

[cdavies]

The thing is, it's a problem Symbian Signed could trivially solve. As I noted earlier in the thread all they need do is hand out VIDs to people and demand they use them. There are several billion possible VIDs to play with, so it seems damned stingy to limit them to only a few select companies.

The problem then becomes not only do you have to sign up to symbian signed, get a dev cert and sign the pirated SIS file with it, but also you have to modify the header of every executable the SIS file contains to change the VID and update the CRC. Still technically possible, but it raises the barrier beyond what the average end user is able to achieve.

It should also have some nice side effects, like reducing the number of people signing up to Symbian Signed just so they can pirate software (which seems to be at least part of their present woes...) and it also lets software vendors police APIs by VID, which is always a bonus.

[wizard_hu_]

Presently,the only limitation is that these crackers cannot do runtime analysis of the code.

CDavies-Nokia also writes this in #27.

Although I have not used it, but I would be rather surprised if on-device debugging could not be applied for cracking.

[cdavies]

They'd have to seriously patch both carbide and the TRK to debug release binaries.

[rob_savageminds]

and TRK needs capability ALL or ALL-TCB because it uses a device driver so they'd be unable to sign it after patching it.

One small tip to make it harder to reverse engineer your code - when you build release code, make sure that any logging code like this:

Code:

iLogger->LOG(_L8("entered CMyClass::DoSomethingSneakyL"));
<snip>
iLogger->LOG(_L8("exit CMyClass::DoSomethingSneakyL"));

is really really not included in the release binary. Even if your definitition of LOG doesn't do anything for release builds, unless you're careful you will provide many handy pointers for crackers. If you are paranoid, download IDA and run it over your code - you will be surprised how much you can find out, but you will also learn what to change to hide it.

[rahul.shalik.makode]

hi,

i want to implement RSA Algo

plz any body give me right way to implement

[wizard_hu_]

You have probably searched for RSA in order to find this thread. Consider repeating that search in the Wiki.