[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] Re: Reverse Engineering thoughts
- To: "n30" <n30_lists@hotmail.com>, <pen-test@securityfocus.com>, <full-disclosure@lists.netsys.com>
- Subject: [Full-Disclosure] Re: Reverse Engineering thoughts
- From: "Adam Tuliper" <amt@gecko-software.com>
- Date: Wed, 07 Jan 2004 12:43:41 -0500
Some companies consider reverse engineering to be a
violation of their product licensing, so doing this may be
going against their rules to begin with. I believe there
have been several legal cases relating to items like this
(decss being one of them in a sense of reverse
engineering). Considering with enough thought almost any
application can be cracked Im not sure I would include that
as a recommendation. However if their demo to full mode is
something even a novice user could do then I may recommend
it.
On Tue, 6 Jan 2004 10:36:37 -0800
"n30" <n30_lists@hotmail.com> wrote:
> Hello Folks,
>
> Just wanted your opinion.
>
> Say I am pen-testing an application...It requires
> authentication credentials
> to run. Also, the software has a demo mode & full version
> mode.
>
> Now using RE (Reverse engineering), I can change the ASM
> & create a small
> patch file to bypass the auth & convert the demo mode to
> full version mode.
>
> Is this a security problem?? What should be my
> recommendation??
>
> This is assuming that I work for a pen test firm & the
> company wants us to
> test their product. So I should not be affected by DMCA??
> Am i right??
>
> Thanks in advance
> -N
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html