Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Reverse Engineering thoughts
From: "johnny cyberpunk" <johncybpk () gmx net>
Date: Wed, 7 Jan 2004 18:52:52 +0100

hi n30,

what you are doing is not reversing the tool for security bugs, it's
traditional cracking stuff.
my opinion is, that this can't be reported directly as a security problem,
but you can point out that
they should improve there software with a harder copy protection, such as
runtime binary
encryption, anti-debugging stuff and so on.

cheers,
johnny cyberpunk / thc
+++ no cock is as hard as life +++
public key: http://www.thc.org/keys/jcyberpunk.pub
fingerprint: CB59 19F9 ABF2 781A 4E6C  0A43 F773 9106 BADA BF8C


----- Original Message ----- 
From: "n30" <n30_lists () hotmail com>
To: <pen-test () securityfocus com>; <full-disclosure () lists netsys com>
Sent: Tuesday, January 06, 2004 7:36 PM
Subject: Reverse Engineering thoughts


Hello Folks,

Just wanted your opinion.

Say I am pen-testing an application...It requires authentication
credentials
to run. Also, the software has a demo mode & full version mode.

Now using RE (Reverse engineering), I can change the ASM & create a small
patch file to bypass the auth & convert the demo mode to full version
mode.

Is this a security problem?? What should be my recommendation??

This is assuming that I work for a pen test firm & the company wants us to
test their product. So I should not be affected by DMCA?? Am i right??

Thanks in advance
-N

--------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]