Subscribe:
|
Categories:
ASP.NET
ast_mono
Asterisk
Code
FreeSWITCH
FSharp
Guatemala
Humour
IL
Korean
Mei
Misc
Misc. Technology
Personal
Photography
Security
Spammers
VoIP
Sign In
[Giagnocavo]Michael::Write()
Saturday, November 08, 2008
Software protection
I've been meaning to write about this for a while. It's a very simple topic, but developers get all emotional and stop being rational as soon as the magic "code protection" and "piracy" words get invoked. I'd like to say I'm not promoting copyright infringement nor saying developers don't deserve to be compensated for their work. Now that that's out of the way...
The two things most developers want to stop are unauthorized installing (license enforcement) and "code protection". Code protection is a very weak concept, mainly revolving around thinking people are gonna steal your precious algorithms. Protection is easy to deal with, so I'm going to cover that now.
Before VMs like .NET were popular, most of the code protection I've seen revolved around the code that implements the license enforcement. Developers would write all sorts of nasty-clever-clever code to make things hard for the crackers. You see this sometimes when you run an application and it complains about a debugger being installed or running. With Java and .NET, disassembly got easier. This made it extra easy to patch any license code, since the dissassembled code was in a high level language like IL. The response, and our first enemy of the day, was obfuscation.
Obfuscation takes your assembly and screws up all the metadata. On top of that, it might go and rewrite sections of your code to obfuscate the flow of the program, or perhaps indirectly load strings. The downside of course is that debugging gets really hard cause all your method names are now unreadable, reflection is broken, etc. Depending on the techniques an obfuscator uses, you can run into some other troubles. For instance, whatever obfuscator VistaDB uses is really broken, as it generates bad IL that just happens to work on MS CLR, but crashes (rightly so) on Mono. Not to mention that certain IL tricks are not verifiable, hence you can't use the code in lower-trust scenarios.
But what does obfuscation accomplish? Crackers ALWAYS win. Even the "most difficult" license system with hardware dongles and activation get cracked. The response I usually hear is "well it raises the bar". So. What. "Raising the bar" is totally pointless. Bruce Schneier talked about this.
For physical security, raising the bar is good in general. For example, if you buy a safe, it'll prevent a lot of thieves from getting to the valuables. Sure, there are higher level thieves, but you've weeded out a lot of the population around you, and the benefit is very real. Now some punk kids can't just go in and vandalize and "casually steal" your valuables.
But for computerized tech, the "bar" is the highest level attacker. If your valuable is "cracking my serial verification code", as soon as the "high level theif" cracks it, he can go write a simple program anyone can download. So the REAL bar is "user googles for a crack". That's what needs to sink past all the emotional nonsense developers go through when protecting their code. No matter what kind of complex protection schemes you put in, then obfuscate it on top of that, if the product has value, _someone_ will crack it, and all your users can just download the crack.
This isn't a maybe, this isn't a "possibly", this isn't theoretic, this is the exact reality. There is *nothing* you as a developer can do to prevent this (apart from make your product suck so much no one cares). [If there is, I'd love to hear it.]
So, obfuscation has zero value in preventing cracks, serials from getting out. And it has downsides. Just read the VistaDB blogs/forums to see real world problems only because they use an obfuscator.
What about "protecting special algorithms"? From who? If your competitors are good, they'll figure things out regardless. If they suck, they won't be able to do much with it anyways. I think the biggest threat is some overseas group disassembling your code, slapping their logos on it, and reselling it. That's a clear and obvious loss if they are making sales. But, obfuscation isn't really going to stop it, just raise the bar a tiny bit. In this case, since you're dealing with a limited number of "pirate companies" that exist for profit, perhaps obfuscating has a bit of value. But think: If someone can not know your source code, not be able to provide support, etc. etc., but can still outsell you and your marketing, perhaps you have business issues.
The one other place I hear people using obfuscation is to protect an app from "casual hacking". WTF does that mean? You mean you're afraid your sales clerk might decompile the PoS application, but give up quickly? You think it means you can safely store passwords in the binary? I'm not sure what such developers are thinking, but I'm guessing they did a poor security analysis of the situation.
As a side note, this is not particular to VM platforms like Java and .NET. Check out
Hex Rays
. They do a fine job *decompiling* optimized native code. I've seen it in action; it makes it easy to take any native app, decompile it, figure it out, then work with the assembly code. So these .NET devs thinking they are so leet cause Reflector messes up and hence no one can figure it out... sigh.
Finally, a nice real-live demo. Look at Spore and other games using heavy DRM and protection mechanisms. Obviously Eletronic Arts has an unlimited budget for getting the "best" type of protection. Yet the protection proved utterly useless against piracy. Just goto ThePirateBay.org and search. Yet they certainly introduced more bugs and user hate. (Of course, the REAL motive behind such DRM is killing the used games market. For this, all they need is stuff that honest users won't break.)
P.S. The reason I finally wrote all this is because VistaDB just took the silliness to the next level. I got their 3.4 Trial, but it crashes on Mono because the obfuscator emits totally invalid IL code. Their official response was that Trials arent tested on Mono. I bought the product and the "stable" builds still have the same busted IL code. Awesome protection; stopping paying users from using the software rocks!
I suppose I could understand IF they had some awesome trade secrets. BUT, they provide a source code license. So an evil VistaDB competitor just buys a source code license to get all the details. How is obfuscation helping ANYONE here? (Note the runtime has no licensing; only the developer install.)
Code
|
Security
Saturday, November 08, 2008 12:06:00 AM UTC
Comments [4]
|
Trackback
Saturday, November 08, 2008 10:15:31 AM UTC
You can fully protect your code without obfuscation. Check out the link.
Dmitry Leskov
|
dleskovAT NOSPAMexcelsior-usa dot com
Saturday, November 08, 2008 11:20:59 AM UTC
Wow, that's pretty cool. But only if you're willing to ship hardware and take the performance and support hit.
Michael Giagnocavo
|
mggAT NOSPAMatrevido dot net
Saturday, November 08, 2008 6:28:19 PM UTC
I agree with you that the VistaDB one is broken. It is part of the license system and it obfuscates all in one. I don't think the developer had actually deployed it into a LOT of locations like VistaDB goes. We actually don't do any protection on the VistaDB runtime, only the designers. We think that is a fair trade off to ensure we get paid, but make sure you NEVER have a problem deploying your app based upon our engine.
Now why is the runtime engine having problems on Mono? I think it is the settings in the third party tool. The reason we actually obfuscate the runtime at all it to shorten the XML and stack traces. Believe it or not obfuscation can shrink the runtime DLL by over 250KB! It is due to the large number of internal classes we have that never need to be exposed, but the default compiler leaves their complete names, etc in the runtime. By stripping them and shrinking their names we end up with a much smaller runtime, and it actually JITs a lot faster as well. So the runtime obfuscation has nothing to do with code protection (and includes no licensing in it anyway), it actually helps the product. We're not perfect, but we listen to users and are continuing to improve the product.
Hey we are developers too. We want to make cool technology and get paid in the process. The forum posts you see are a very small vocal minority (<10 out of over 5,000 installations). It will happen no matter what. Go research any software that uses any scheme of protection and some people will complain on general spite or philosophy that it should all be free.
Jason Short
|
jsAT NOSPAMvistadb dot net
Saturday, November 08, 2008 9:37:34 PM UTC
I've got no problems with the license system. And for the most part, I don't care about obfuscation (I'm not interested in bypassing the licensing system). But, when it rears its head up and blocks me, sure I'm gonna be annoyed. I don't think it's fair to compare legitimate customer complaints due to real problems (such as this one) to "freetard" type complaining that it should all be free. It's not about the licensing; it's about problems in the runtime itself, due to (not necesarily VistaDB's fault) overzealous obfuscation.
You can definitely shrink down a DLL; no questions there. But, it's obviously re-writing IL as well, as no compiler would generate such a sequence. [As a side note, the obfuscator on the runtime generates long names for each item; I'm pretty sure you could shrink it better with a tool designed for the task.]
And like I said, I think it's great software, and I'm more than happy to pay for it (already did for myself). I'm hoping it's just a setting you guys can switch so I can get to testing 3.4 on Mono!
Michael Giagnocavo
|
mggAT NOSPAMatrevido dot net
Name
E-mail
Home page
Remember Me
Comment (HTML not allowed)
Enter the code shown (prevents robots):
Live Comment Preview