Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page how to force windows to report a false hard disk serial number?
Register Forum Rules FAQ Calendar

Notices

Reply
Page 2 of 2 1 2
 
Thread Tools Display Modes
  #16  
Old 01-17-2004, 06:28
JMI JMI is offline
Leader
  
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 98 Times in 96 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
Generally true, but not necessarily as to materials which do not exist on the client machine. We are now discussing something which runs only on the server, so there is no code for the user to "debug."

As part of a registration form completion process the code could read information from the user's HHD and/or BIOS and use it as part of the hash code for the security authentication. The issue here, I believe, is whether the user can see or get access to the part of the registration form which collects that information.

I certainly do not pretend to be well versed in the details of these issues, but I have read about and seen code which claims that it can prevent the end user from using the "view source" feature with which one can view the code behind a web page. For example, if one were to "view Code" on the Yahoo registration form or login page in their browser, you would find a GPL license md5 hash code you could install in your own registration/login page, but you won't see the code behind the page which imputs the results of the pages processing into their databases.

If you couldn't "view source" you wouldn't know about the javascript running in the background. You might have various blocks running to prevent access to some of this information, but that could simply provide an error message and alert the company that your machine is blocking the effort to retrieve this information and they could decide whether they want to complete the transaction without the information to properly authenticate that user's machine.

Regards,
__________________
JMI
Reply With Quote
  #17  
Old 01-27-2004, 03:26
Pozzy!
 
Posts: n/a
hxxp://www.yoursite.com/pagename.php?serialnumber=-


LoL spot the flaw

It seems it would not be that hard to fool your server into thinking I was a legit user

just by changing some info in the link.

Pozzy!
Reply With Quote
  #18  
Old 05-28-2004, 21:57
Lunar_Dust
 
Posts: n/a
Lol!

I will share with you a quote I myself came up with, and any cracker can also agree with:

"The largest weak link of any application is its communication with the outside world"

Anything a program does that has to communicate with another API, or another program, or anything outside of itself, makes that program easier to crack, because there are more inputs to play with.

-Lunar
Reply With Quote
Reply
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Safengine and Windows 10 false detection Asus General Discussion 2 02-09-2021 13:35


All times are GMT +8. The time now is 16:43.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )