this post was submitted on 12 Sep 2023
1204 points (97.9% liked)

linuxmemes

20880 readers
4 users here now

I use Arch btw


Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 78 points 1 year ago (16 children)

Just change your user agent. Fuckers have no business knowing.

[–] [email protected] 46 points 1 year ago (14 children)

Won't work if you're using their test software. That shit is more invasive than anticheat

[–] [email protected] 29 points 1 year ago (2 children)
[–] [email protected] 15 points 1 year ago (2 children)

They can detect that too - at least, they can detect the common software. You might be able to do it with a custom QEMU setup but good luck guaranteeing that for your exam.

[–] [email protected] 30 points 1 year ago* (last edited 1 year ago)

I used to be a reseller of this highly specialized navigation software. The licensing was handled via hardware fingerprinting of the harddrive. I'm not 100% sure on how it worked, but it grabbed some raw data off of the boot device, and from that generated a fingerprint. This fingerprint was then sent to the guys who made the software, and they would then send us a license key and a hefty bill. The license key only worked with syatems running off of that particular harddrive. If a customer had a harddrive failure, we had to send them the actual harddrive for them to verify, so they would issue a free key to whichever replacement drive was used.

I did a lot of experimenting with that software. It was linux based and very tweakable, but the licensing part of it was a bit of a mystery. I managed to crack it through some surprisingly simple out-of-the-box thinking, but one limitation I could never figure out how to circumvent was its refusal to generate a fingerprint from virtual drives.

For starters, it only worked with drives registering as /dev/hdX or /dev/sdX. Anything outside of that and it wouldn't generate a fingerprint.

This was especially frustrating when a well-paying customer offered a nice bonus if we could install it on a macbook for him. After a few days of tweaking I managed to install and run it, only to discover that fingerprinting the drive couldn't be done due to the device node being/dev/nvmeSomething. And after avfew more days of hacking I managed to fake that too, and they outright refused to issue a license due to them not wanting to support our unofficial hacks.

Where was I going with this? Oh, right, vmware.. i never managed to get it to run in vmware. We had this other well paying customer who wanted the ability to alt-tab between the software and Windows. Unfortunately, any fingerprinting done from within vmware, regardless how I set up the storage, resulted in a fingerprint file with no data.

Fun fact: the software ui was written in raw xlib. I got to know the owner and lead dev fairly well, and he hinted that the codebase was a complete mess to the point where something as simple as an input dialog for a config option I recommended was A LOT of work.

[–] [email protected] 3 points 1 year ago (1 children)

I would love to know how that's possible.

[–] [email protected] 10 points 1 year ago (1 children)

The easy way involves looking at the devices and drivers you have installed. Things like a VirtualBox display or a SPICE guest driver are dead giveaways. next, they might look at your processor and see if it has as many cores as it should, but that's more involved.

[–] [email protected] 1 points 1 year ago (1 children)

Holy shit why is it even getting anywhere near that nosy? I didn't know it was anything like that. And I even worked for them for a little while.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Holy shit why is it even getting anywhere near that nosy?

Because it also serves as an anti-cheat...in the most literal sense. It is trying to make sure students can't cheat by having other things open like answer pages or Google.

[–] [email protected] 1 points 1 year ago (1 children)

Oh, duh. That seems a little obvious in retrospect. But damn, they go pretty harsh then.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

The qualifications industry is heavily reputation based. If they get a reputation for letting cheaters slide, their reputation tanks among employers and therefore no one will want that qualification.

And these qualifications are expensive as hell too.

[–] [email protected] -2 points 1 year ago

Unfortunately they probably have detection methods for that, so have fun trying to work around that.

load more comments (11 replies)
load more comments (12 replies)