Independent Developers Fight Piracy & Lose
An anonymous reader writes "The author of the Echelon decided to take his fight against software piracy to the next level and then threw in the towel. After someone began posting new serial numbers on a well known hacking site, the author took matters into his own hands. With version 1.0, entering a hacked serial number causes the software deleted the user's Home directory. Yes, you read it right, the software completely erases it (aka rm -rf ~). A variety of people have voiced some some strong opinions on this. While some argue that piracy is good for established companies, a few large companies are battling piracy and having limited success. Small, independent developers, however, are recognising this is a serious problem and are generally stumped by what to do about it."
Comment removed based on user account deletion
First a note/discliamer: I'm not the coder of note. I do however know exactly what happened. I know the guy, etc.
Some points/clarifications:
1. He's not evil, or an ass. Just young.
2. The code never actually deleted ~. it was a bit more clever, and used Social Engineering to get the user to do it instead.
3. The code was not in the original app; he re-released it with the code in question for 4 hours to target specific cases/individuals, then replaced the app with a version without it.
4. NO ONE who knows him knew about it beforehand; we would have stopped him if we did.
5. The code was constructed in a way that it would have NEVER, and could not POSSIBLY have run by "mistake'. I've seen it and have verified this myself.
After a short summary, I'll go over each of the above. There are some Mac specific things here that y'all might not be hip to, so for the lack of extra detail about them I apologize in advance :)
He'd worked on Echelon for about, oh, 6 months. He taught himself to code to write the thing, in fact, asking other small devs and folks he knew that did ObjC stuff for hints and help along the way. The kind of thing folks here talk about a lot, etc.
In the Mac world, there is a small, misguided group of folks that play the warez scene game and prop themselves up as 'heroes" helping the "little guy" by cracking, almost exclusively, small demoware and shareware apps. I've always thought this was a punk ass approach, out of fear of the Big Guys, but no matter.
Anyway, the day he released Ech, these fools made it their mission to get it cracked as soon as possible...and because of some OTHER idiocy on the part of Ech's coder (remember, he's inexperienced) were able to do so fairly quickly.
In the Mac Underground, the first place you go to look for these kinds of things is macserialjunkies. Folks have chased these clowns around the world, and they have found a home where they can operate with out getting their access cut, and thanks to the whores at NIC can better hide their identies as well...but thats an aside.
Anyway, the day he released Ech, "iDave" and friends rev-eng'd his serial scheme and posted a couple of reg/serial pairs in a thread on MSJ.
By the NEXT DAY, the coder's registrations ddropped to ZERO. NOTHING. NADA.
If folks do think this stuff matters...well, theirs yer sign right there.
Now...to our points from above:
1. Dude isn't a "bad guy" and he LOVES the Mac platform. He's in college as an art major, but likes (probably less so now) to code, and love video conversion to the largely out-of-fashion IMHO mpeg1/2 formats. Its a hobby of his that he's quite passionate about.
That said, he's impetuous...and a bit of a hothead sometimes. He'll most likely grow out of it.
2. What the code *actually* did was move the user's home dir into the user's sub directory inside of /tmp, in situ.
This REALLY pisses off MacOSX (as it should)..but more importantly, a scriptkid of farquad pirate would have no real way of knowing what was going on, because as soon as they switched back to the Finder, the World Around Them begins to crumble...mas rapido.
Of course, all one must do at this point is log in/drop to a term and move it back out of /tmp and all is well.
Guess what your average Mac User is gonna do? (I think the bright ones in the bunch see where this is going...)
When the user reboots, the system of course, flushes /tmp. Data's gone...he's dead, Jim...you get the idea.
3. The app originally was not released with code that did this. If an invalid serial was entered, it wouldn't work. When he found out about iDave's...help...he added a block of code that specifically and explicitedly looked for the name/code pairs off MSJ