Registration Code

[Fuzzyman]

Dave Mandelin wrote:
> Ken Seehart wrote:
> > Math wrote:
> > > Hello,
> > I encypted the bytecode of a few important functions with a key based on
> > information required from the user.  Without the key, these functions
> > can't be decrypted.  This is somewhat more secure than just testing the
> > key with an "if" statement since the latter could easily be bypassed by
> > a hacker.
>
> That's a really good idea. I have a couple more questions, if you don't
> mind: I am going to distribute an app using py2exe. Is it reasonably
> easy to apply this technique to bytecode stored inside the library.zip
> file, or should I just include the encrypted Python files as separate
> files?
>
> Second, I hear that in general it is very difficult to make a
> time-limited demo, because the code has to be all there, so all a
> cracker has to do is bypass the "if". It seems that even this method
> won't work for that. Do you know of any way to make time limiting
> secure?
>

If an attacker is determined to 'decompile' your application then it
will be possible.

Although decompiling python byte-code (even from py2exe wrapped
programs) is easy, it's probably a less practised art than breaking C
code. (Although I guess such dissasembly is usually done on an
assembler level).

The obvious way to make it more secure is to include several checks.
Unless you are going to be writing a program used by tens of thousands
of users, it is likely that it is not worth the effort of the hackers
to bother.

I'd release the early versions using simple protection mechanisms, and
develop your protectionas your userbase grows.

Again - there are commercial tools available that will handle this for
you, if you want a higher degree of protectoin (although by no means
infallible) immediately.

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml

> Thanks.
>
> --
> Want to play tabletop RPGs online?
>       Check out RPZen:        http://koboldsoft.com