mala::home Davide “+mala” Eynard’s website

30Jan/135

On Cracking

Some time ago I cracked my first Mac app. Overall it was a nice experience and reminded me of good old times. Here are some comments about it:

  • it was the first commercial app (without considering MATLAB which I use for work) that I actually found useful after 1 year of Mac. I think that is good, because it means opensource software still satisfies most of my needs (or is it bad, because it means I am becoming a lazy hipster now?)
  • the tutorial by fG! has been precious to me, especially to quickly find the tools of the trade. I suggest it to anyone willing to start reversing on Mac
  • I am not half bad, after all: I managed to do that with the trial version of Hopper, so only deadlisting + time limit, and that added some spice to the game (I know everyone is thinking about Swordfish now... but no, there was no bj in the meanwhile ;-))
  • cracking is still pure fun, especially when you find that the protection is hidden in functions with names purposely chosen to mislead you (no, I won't tell more details, see below)
  • I have immediately bought the app: it was cheaper than going to a cinema and cracking it was more entertaining than the average blockbuster movie, plus I am left with a great program to use... That's what I call a bargain!

I still do not agree with Daniel Jalkut, the developer of MarsEdit: I think he wasted time on a trivial protection to sell some closed-source code he should have shared freely (as in freedom). But don't misunderstand me... Who am I to judge what somebody should or should not do? The only reason why I say this is that MarsEdit is a cool program (which btw I am using right now) and, while it is worth all the money I payed, not being able to see it open sourced is a real pity. But I respect Daniel's thought and I think his work deserved to be supported.

I know not all of you think about it this way, and probably I might have thought about it differently too, years ago. One thing, however, never changed: cracking/reversing is so much more than getting software for free, and if you stop there you are missing most of the fun ;-)

Comments (5) Trackbacks (0)
  1. Mac lacks interesting protections IMHO. It feels like attacking shareware from the 90s hehe. Objective-C is somehow interesting given the different approach of how the program flow works.

    Anyways, glad to see a reversing post here :) I think current reversing research actually has more to do with machine learning, clustering and semantic analysis that with the old days of finding badboys, maybe you could write something about that ;)

    Nice post!

    • Thanx a lot :-)

      It is great to see some privacy-aware users around here, this also reminds me of good old times (well, yes, my reversing experience dates back exactly to that decade, call me lucky). Or maybe you did not pass through Gtranslate and are an actual employee, which makes it even more interesting ;-)

      I also have the feeling that reversing/security has moved to “intelligent” approaches, and I would be glad to experiment in that field too. I am following the AI/ML/Semantic side more than reversing now, but if I find someone to collaborate with be sure I will write about that here!

  2. Hi Davide – first of all thank you for linking to MarsEdit and for choosing to purchase a copy of the app even though you are philosophically opposed to its closed-source nature.

    As it happens I am philosophically opposed to the GPL license, not because I don’t value and enjoy open source. I object to the limitations GPL imposes on developers because to me freedom includes the freedom to hide and protect one’s own novel innovations. For this reason when I share source code I prefer to do so using a BSD/MIT style license so that others may use the code as freely as possible.

    As far as cracking MarsEdit is concerned, I’m glad you were able to have some fun with that. I have not gone out of my way to harden the app against reverse-engineering, because I would prefer to spend my time investing effort in improvement the functionality of the app for all my customers. I too, appreciate the fun and spirit of exploration that reverse-engineering entails, and that it doesn’t always have to be (nor should it be, in my opinion) in the aim of depriving a business of compensation for their labor.

    If you are interested here is a post I wrote some time ago about my criticisms of the GPL:

    http://www.red-sweater.com/blog/825/getting-pretty-lonely

    And here is a post I wrote that demonstrates my relatively low-key attitude towards cracking and piracy:

    http://www.red-sweater.com/blog/332/pirates-are-future-customers

    Thanks again for linking to MarsEdit, and I hope some of your readers will decide it’s worth it to support my work by purchasing it as well.

    Daniel

    • Hi Daniel, and thanks for the great reply. I am always interested in people who have ideas different from mine and support them with good motivations, and I perfectly understand your point against GPL: it deprives developers of the freedom to make their softwares closed-source and that is definitely a huge limitation, especially for an independent developer or a small company.

      As a final user and a tinkerer, however, I prefer to have more control of what runs on my computer, and the more new devices are equipped with firmware/software, the more I would like their manufacturers to be bound by a viral license to release it as open source, or be free to develop it from scratch. I think this is especially important now that our private life is often interwined with our public one, within applications we seldom have the control of: I gave MarsEdit the credentials to access my blog and post in my stead; I allow my Mac to connect to Apple every time I switch on my WiFi, just to check whether the network is up; and I give my Android phone’s apps a lot of privileges they probably don’t need just to be able to install them. I am neither a hermit nor a paranoid (well, sometimes ;-)), so I compromise a lot, but I feel much better when I don’t need to.

      What I think would be great is the possibility of having something like CCPlus for GPL… If I understood well, CCPlus allows you to extend a CC license with commercial agreements tailored for specific uses. This way I could release my libraries as GPL for anyone to use them, then allow just a few to use the same code differently after they agreed on some contract. Do you know if this is something that exists already? How would you, as an independent developer, like this solution?

      Thanks again for your time, take care!

      • LGPL wouldn’t work? I’ve heard GPLv3 is even “worst” (but I don’t get respect to which points); and what about dual licensing?


Leave a comment

Trackbacks are disabled.