I'm mildly interested in this as a concept, but I don't think I have any use for it.
C++
The center for all discussion and news regarding C++.
Rules
- Respect instance rules.
- Don't be a jerk.
- Please keep all posts related to C++.
Think of password protected access to something, anything. Instead of checking if(password == some_constant){...}
or if(hash(password) == precomputed_hash){...}
you encrypt that something. The first variant has disadvantage that some_constant
is stored inside your binary, thus password visible to anybody. The second variant ... the same, hash of the password is stored inside the binary and could be brute-forced or rainbow-tabled. Both variants have the disadvantage, that there is a run-time check refusing access to some data, but those data are available in the binary anyway. Just open the program in debugger or in hex editor and NOP
the if
out. With my approach the data is unreadable without the correct password. The app could not be convinced / persuaded to provide the data in any way without the password.
Think of advanced features of WinRAR not being accessible without valid licence key. Ehm, WinRAR distributes the same binary for both licensed and unlicensed users, unlocking the features with license key or with a crack (equivalent of NOPing
the if
). What if instead WinRAR distributed different binary for each licensed user, advanced features encrypted by per-user key. Crack or keygen would need to use some particular user's binary with theirs license. Easily trackable. Or crack would need need to be applied once and then distribute the un-encrypted features / code.