[A83] Re: Making Commercial apps using the freeware key


[Prev][Next][Index][Thread]

[A83] Re: Making Commercial apps using the freeware key




Well, I'm glad it doesn't work, I'm not really pro-commercial...

Well, I really hope TI make all of their future apps free.

 
> The problem wouldn't be figuring out how to decrypt the key -- the problem
> would be people simply bypassing the ID check. With a debugger it would be a
> rather simple matter to figure out when the ID is checked (memory access
> trap), isolate that code, and replace that area with NOP's. Think of all the
> cracks of programs for PC, and these aren't necessarily quite so easy to
> debug.
> Notably there already exists a mechanism you can download for
> non-applications that retrieves the calculator ID and matches it up. I ran
> across it one time searching for information about the calc ID's, don't
> remember how I ran across it...
> 
> As nearly as I can tell, TI isn't too interested in making a lot of money
> selling apps in the future, and don't expect most other people to either.
> I'm sure they knew what might happen if they released the freeware key,
> before they released it.
> 
> -----Original Message-----
> From: assembly-83-bounce@lists.ticalc.org
> [mailto:assembly-83-bounce@lists.ticalc.org]On Behalf Of Hyperbyte
> Sent: Tuesday, June 26, 2001 10:53 AM
> To: assembly-83@lists.ticalc.org
> Subject: [A83] Re: Making Commercial apps using the freeware key
> 
> 
> 
> > The unfortunate thing is that commercial apps can be resigned with the
> > freeware key. Oops.
> 
> Ehmm, the apps I described would be signed with the freeware key.
> 
> You enter your calc ID on som online site,
> probably afer some payment agreement.
> 
> Then the server-side program would encrypt the calculator id and put it at
> the
> end of the unsigned application (HEX format).
> 
> The server-side program would then sign the application with the freeware
> key,
> and send the signed app to the requester, who then has a custom application
> with his own calculator id embedded inside.
> 
> If he runs it, some code inside the app, decrypts the embedded calc id,
> and compares it to the actual calc id, after which it decides to continue,
> or not. (actually, it could do much different things if the id doesn't
> match,
> think of memory or archive resets :-)
> 
> If one would remove the signing from the app, resulting in the pure hex
> code,
> the calculator ID would still be inside, and since it is encrypted,
> he would have a very hard time changing it, so it's not a simple re-signing
> to check the calc id. (Disassembling isn't very productive, if you code it
> sneaky, [i suspect])
> 
> (same process could be used in normal programs)
> 
> Only problem is, how do you retrieve the calc ID of the calc that's
> currently running it. (It shouldn't be too hard to retrieve, if I remember
> correctly, there is even a romcall for).
> 
> 
> 
> 
> 
> 
> 
> >
> > -----Original Message-----
> > From: assembly-83-bounce@lists.ticalc.org
> > [mailto:assembly-83-bounce@lists.ticalc.org]On Behalf Of Hyperbyte
> > Sent: Tuesday, June 26, 2001 10:38 AM
> > To: assembly-83@lists.ticalc.org
> > Subject: [A83] Making Commercial apps using the freeware key
> >
> >
> >
> > I just got the following idea about making commercial apps with the
> > free key. (It's just hypothetical)
> >
> > If you could check the calculator ID from within a program,
> > (1st assumption)
> >
> > then you could make some online program add the calculator ID to the end
> of
> > the program, sign the program, and give it away.
> >
> > in the app, you could then compare the (possibly encrypted) calculator ID
> at
> > the end of the program to the calculator id of the running calc.
> >
> > --Peter Martijn
> >
> >
> >
> 
> 
> 
> 




References: