问题
I am creating a binary file for registered users of my application. The user already knows what information is stored in the file because he is providing me with that information while registering. Every time my application is launched the registration file is read and compared with the information obtained from hardware. So I am concerned whether "power users" would be able to understand the logic in which the information is stored in the file.
Long story short, is it possible to reverse engineer the contents of a binary file? If yes, then what would be a better approach to check for registered applications?
回答1:
Binary will be no hindrance to anyone with experience in reverse engineering. "Back in my day" (the 90's) binary was the default choice in general.
Hackers are going to be able to defeat your registration process, not by faking the registration file but by altering the instructions that check for it. (Instructions are also binary, incidentally.) Encryption is no use because everything is on one machine and the hacker can read the cleartext in RAM with a debugger inside the program. Not that they probably care, because they'll instead be going after the "business logic" that sets a flag to display an error and quit.
Tying registration to specific machines will also frustrate legitimate users when they upgrade or switch computers.
A good approach in this online age is to have machines phone home, but it's a bit obtrusive.
Just off the top of my head, you could access a server at irregular intervals based on a registration hash code and a real-time clock (be sure to handle time zones properly). Since it's not done at app launch, hackers will have a hard time finding it. If two different IP addresses phone home with the same hash code at about the same time, instruct them all to delete the registration files and prompt the user to re-register.
来源:https://stackoverflow.com/questions/20041442/reverse-engineer-contents-of-a-binary-file