From: johnny cyberpunk (johncybpk@gmx.net)
Date: Wed Jan 07 2004 - 12:52:52 EST
hi n30,
what you are doing is not reversing the tool for security bugs, it's
traditional cracking stuff.
my opinion is, that this can't be reported directly as a security problem,
but you can point out that
they should improve there software with a harder copy protection, such as
runtime binary
encryption, anti-debugging stuff and so on.
cheers,
johnny cyberpunk / thc
+++ no cock is as hard as life +++
public key: http://www.thc.org/keys/jcyberpunk.pub
fingerprint: CB59 19F9 ABF2 781A 4E6C 0A43 F773 9106 BADA BF8C
----- Original Message -----
From: "n30" <n30_lists@hotmail.com>
To: <pen-test@securityfocus.com>; <full-disclosure@lists.netsys.com>
Sent: Tuesday, January 06, 2004 7:36 PM
Subject: Reverse Engineering thoughts
> Hello Folks,
>
> Just wanted your opinion.
>
> Say I am pen-testing an application...It requires authentication
credentials
> to run. Also, the software has a demo mode & full version mode.
>
> Now using RE (Reverse engineering), I can change the ASM & create a small
> patch file to bypass the auth & convert the demo mode to full version
mode.
>
> Is this a security problem?? What should be my recommendation??
>
> This is assuming that I work for a pen test firm & the company wants us to
> test their product. So I should not be affected by DMCA?? Am i right??
>
> Thanks in advance
> -N
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT