notes@iuvax.UUCP (04/14/84)
#N:iuvax:400012:000:1431 iuvax!apratt Apr 13 21:53:00 1984 One poster on the subject of software protection suggested that a serial number could be associated with each computer or company, and that programs could be written to check that serial number and autodial the police if it didn't match (that last is a joke...). This would be a good scheme except for two things: the fact that the hardware with the code in it could be copied and installed in another machine, and the fact that somebody could modify the program in such a way that the check were not made. Don't say that the program can checksum itself to prevent tampering: that check, too, can be circumvented. Any software protection scheme can be prevented if the user (read: potentially determined pirate) can see and modify the instructions, and in Von Neumann machines, the whole POINT is that the code can be read and modified. One protection scheme which, I am told, the US Government employs is to PHYSICALLY seperate the code (text) and data busses WITHIN THE PROCESSOR. In this way, no user has access to the programs which are running, and so cannot read or change any of the programs that are in "program text" memory. As long as a user can get his hands on the program code, he can circumvent and software protection scheme simply by inserting a "jump" over the protective code, like a burglar cutting the door away from the lock and swinging it open. -- Allan Pratt ...ihnp4!inuxc!iuvax!apratt
phil@amd70.UUCP (Phil Ngai) (04/15/84)
You seem to be assuming the code only checks once for serial numbers.
And that you can find that section of code.
I think it would be very easy to do the check in several places (200 or so).
And instead of bombing out, set a flag which causes slightly incorrect
answers to be produced.
In addition, the serial number could be stored in weird ways in many
places. If you let a friend copy your disk and he was caught, you (the
original purchaser) could be identified and would share the guilt.
--
Phil Ngai (408) 988-7777 {ucbvax,decwrl,ihnp4,allegra,intelca}!amd70!philnotes@iuvax.UUCP (04/18/84)
#R:amd70:-453900:iuvax:400014:000:827 iuvax!apratt Apr 17 13:50:00 1984 Sorry, but as long as there are people with disassemblers who can get read/write access to the code, there is NO safe protection scheme which depends on the software to implement it. One padlock on a door can be picked. So can twenty. It may take longer, but a determined locksmith (pun intended) can do it. With the right debugger, it could even be automated. Just check for differences in behavior between a legitimate program and one running on the "wrong" machine (at the program-trace level, not the user-interface level). Such checks (padlocks) can ALWAYS be circumvented, as can any safeguards which check to make sure the padlocks are in place. Like I said, under a Von Neumann architecture, you just can't do it. ---- -- Allan Pratt ...ihnp4!inuxc!iuvax!apratt (please do not respond to iuvax!notes)