HACKER Q&A
📣 Archit3ch

How to handle desktop app security post-Mythos?


Recently, there are claims that security is a matter of spending more tokens than the other side: https://news.ycombinator.com/item?id=47769089

Regardless of validity, how would you handle copy protection for a modern desktop app? I'm especially concerned about the attacker being able to point a frontier LLM at a closed source binary and saying "crack it", when it used to be a months-long effort. Assumptions:

1) The app has to be native for latency reasons and cannot be a SaaS.

2) The attacker only has to win once.

3) The goal is machine-locked licenses that cannot be transferred without explicit deactivation.

4) Activation (e.g. during installation) can be online, but the app needs it's entire functionality available offline. This means no checks by phoning back to a server during runtime.

  👤 diavelguru Accepted Answer ✓
We shipped software in the late 90’s with a hasp protection key required for use to prevent copying. https://en.wikipedia.org/wiki/Software_protection_dongle part of the process was to run a hasp obfuscation exe against our newly compiled exe. It was most likely an encryption algorithm that had the key on the hardware dongle. This exe is what was put in the resulting floppy disks and burned onto cd’s for distribution. I fielded many calls regarding issues with this but it worked and kept the software limited (it was a niche market). I can see something like this foiling any LLM inspection of the resulting binary as the binary has been drastically modified from its original. What’s old is new again.
👤 functionmouse
Have you tried declaring war on Poseidon?