[A83] Re: Making Commercial apps using the freeware key
[Prev][Next][Index][Thread]
[A83] Re: Making Commercial apps using the freeware key
The problem wouldn't be figuring out how to decrypt the key -- the problem
would be people simply bypassing the ID check. With a debugger it would be a
rather simple matter to figure out when the ID is checked (memory access
trap), isolate that code, and replace that area with NOP's. Think of all the
cracks of programs for PC, and these aren't necessarily quite so easy to
debug.
Notably there already exists a mechanism you can download for
non-applications that retrieves the calculator ID and matches it up. I ran
across it one time searching for information about the calc ID's, don't
remember how I ran across it...
As nearly as I can tell, TI isn't too interested in making a lot of money
selling apps in the future, and don't expect most other people to either.
I'm sure they knew what might happen if they released the freeware key,
before they released it.
-----Original Message-----
From: assembly-83-bounce@lists.ticalc.org
[mailto:assembly-83-bounce@lists.ticalc.org]On Behalf Of Hyperbyte
Sent: Tuesday, June 26, 2001 10:53 AM
To: assembly-83@lists.ticalc.org
Subject: [A83] Re: Making Commercial apps using the freeware key
> The unfortunate thing is that commercial apps can be resigned with the
> freeware key. Oops.
Ehmm, the apps I described would be signed with the freeware key.
You enter your calc ID on som online site,
probably afer some payment agreement.
Then the server-side program would encrypt the calculator id and put it at
the
end of the unsigned application (HEX format).
The server-side program would then sign the application with the freeware
key,
and send the signed app to the requester, who then has a custom application
with his own calculator id embedded inside.
If he runs it, some code inside the app, decrypts the embedded calc id,
and compares it to the actual calc id, after which it decides to continue,
or not. (actually, it could do much different things if the id doesn't
match,
think of memory or archive resets :-)
If one would remove the signing from the app, resulting in the pure hex
code,
the calculator ID would still be inside, and since it is encrypted,
he would have a very hard time changing it, so it's not a simple re-signing
to check the calc id. (Disassembling isn't very productive, if you code it
sneaky, [i suspect])
(same process could be used in normal programs)
Only problem is, how do you retrieve the calc ID of the calc that's
currently running it. (It shouldn't be too hard to retrieve, if I remember
correctly, there is even a romcall for).
>
> -----Original Message-----
> From: assembly-83-bounce@lists.ticalc.org
> [mailto:assembly-83-bounce@lists.ticalc.org]On Behalf Of Hyperbyte
> Sent: Tuesday, June 26, 2001 10:38 AM
> To: assembly-83@lists.ticalc.org
> Subject: [A83] Making Commercial apps using the freeware key
>
>
>
> I just got the following idea about making commercial apps with the
> free key. (It's just hypothetical)
>
> If you could check the calculator ID from within a program,
> (1st assumption)
>
> then you could make some online program add the calculator ID to the end
of
> the program, sign the program, and give it away.
>
> in the app, you could then compare the (possibly encrypted) calculator ID
at
> the end of the program to the calculator id of the running calc.
>
> --Peter Martijn
>
>
>
Follow-Ups:
References: