You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Re: mORMot 1 » Application Locking using Asymmetric Encryption » 2019-07-12 15:47:17
> ExtractFileName(Application.ExeName) can be a good idea
All your code can be changed. ;-)
Do not invent sec - rely on cryptography.
GUID here is something. It may be changed for Major releases etc.
There is no reason to prevent user from renaming executable. I think that relying on executable name is bad practice.
#2 Re: mORMot 1 » Application Locking using Asymmetric Encryption » 2017-03-18 21:40:35
The idea is that you supplied some needed information as aContent: TObject output, encrypted as JSON within the .unlock file.
If you let ECCAuthorize return 0, the system won't work. :)
Well, that changes everything: return 0 and {"godmode":"on"} in aContent =)
What is the difference with "strong" https request of the same content?
#3 Re: mORMot 1 » Application Locking using Asymmetric Encryption » 2017-03-18 20:45:18
From cracker point of view, no matter how cryptic or heuristic protection algorithm is, the weakest thing here is ECCAuthorize function:
it may be simply* patched to return 0 (TECCAuthorize.eaSuccess)
* depends on other protection measures
If it is used as only protection it will fail the job on first cracker.
I share opinion that soft must be pleasant enought for user to pay for it
Of course if user have some spare money for this =)
From author point of view there must be harmony of protection level vs your soft "real" cost.
Pages: 1