Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Reverse Engineering thoughts
From: "Adam Tuliper" <amt () gecko-software com>
Date: Wed, 07 Jan 2004 12:43:41 -0500

Some companies consider reverse engineering to be a
violation of their product licensing, so doing this may be
going against their rules to begin with. I believe there
have been several legal cases relating to items like this
(decss being one of them in a sense of reverse
engineering). Considering with enough thought almost any
application can be cracked Im not sure I would include that
as a recommendation. However if their demo to full mode is
something even a novice user could do then I may recommend
it.



On Tue, 6 Jan 2004 10:36:37 -0800
 "n30" <n30_lists () hotmail com> wrote:
Hello Folks,

Just wanted your opinion.

Say I am pen-testing an application...It requires
authentication credentials
to run. Also, the software has a demo mode & full version
mode.

Now using RE (Reverse engineering), I can change the ASM
& create a small
patch file to bypass the auth & convert the demo mode to
full version mode.

Is this a security problem?? What should be my
recommendation??

This is assuming that I work for a pen test firm & the
company wants us to
test their product. So I should not be affected by DMCA??
Am i right??

Thanks in advance
-N


---------------------------------------------------------------------------

----------------------------------------------------------------------------


---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]