hngopher.com

       [HN Gopher] A Silly Anti-Disassembly Trick
       ___________________________________________________________________
        
       A Silly Anti-Disassembly Trick
        
       Author : diimdeep
       Score  : 78 points
       Date   : 2021-04-24 17:55 UTC (5 hours ago)
        
 (HTM) web link (alexomara.com)
 (TXT) w3m dump (alexomara.com)
        
       | [deleted]
        
       | comex wrote:
       | This _is_ only a limitation of the demo version of Hopper. The
       | full version can disassemble itself, and it 's not even
       | prohibited by the EULA, unlike most software EULAs which have
       | boilerplate no-reverse-engineering clauses.
       | 
       | This behavior, both the technical and legal aspects, originated
       | with IDA. In fact, IDA's EULA has a clause explicitly permitting
       | you to reverse engineer it (whereas Hopper's just doesn't mention
       | reverse engineering).
        
         | saagarjha wrote:
         | Of course, if you point Hopper at itself it gives you a lot of
         | lorem ipsum selectors and dummy code as part of its amusing
         | anti-reversing.
        
         | userbinator wrote:
         | _In fact, IDA 's EULA has a clause explicitly permitting you to
         | reverse engineer it_
         | 
         | That's funny. I guess they realised that trying to prevent that
         | would both be ironic and not particularly enforceable.
         | 
         | (I remember that in the cracking scene, many years ago, it was
         | considered a "rite of passage" to crack your own tools like
         | SoftICE, IDA, etc.)
        
       | theginger wrote:
       | I'm interested what precautions people take when searching for
       | something like this they find in a binary. Seems like the sort of
       | thing that could easily be a unique string that could drive you
       | towards a particular website, or even the act of someone
       | searching for it could have been enough to trigger a result in
       | Google search manager.
        
       | woodruffw wrote:
       | Reminds me of the "Don't Steal Mac OS X" kext[1].
       | 
       | [1]: https://www.lightbulbone.com/posts/2016/10/dsmos-kext/
        
       | brucehoult wrote:
       | Oh, I thought it was going to be something sneaky. Like .. oh I
       | don't know ... sprinkling in a lot of conditional branches that
       | actually can never fall through, and following them by a (never
       | executed) instruction with a 64 bit literal, with the literal
       | containing code that actually _is_ jumped into from elsewhere.
       | Possibly by using a runtime-calculated indirect jump that a
       | disassembler won 't be able to figure out because
       | Entscheidungsproblem.
        
       | mcphage wrote:
       | I wonder what the actual Cryptic Lab's response to this is.
        
         | breakingcups wrote:
         | A giggle, I'd imagine.
        
       ___________________________________________________________________
       (page generated 2021-04-24 23:00 UTC)