Forgive my numbness, but how does this work? How do you know the right signature... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		muppetman on Jan 18, 2011 \| parent \| context \| favorite \| on: I Can Crack Your App With Just A Shell (And How To... Forgive my numbness, but how does this work? How do you know the right signature to be verifying against? It seems (to my not-much-of-a-programmer mind) that you've got a chicken and egg scenario here. But that's obviously not the case, so you can explain briefly how it works? Or just paste a link. Thanks!

jared314 on Jan 18, 2011 [–]

You move the UI messages into a separate resource file, as you would for language translation. The executable signature is unaffected by the changed UI messages.

stcredzero on Jan 18, 2011 | [–]

Alternatively, you could use a broken hash and modify an unneeded string so as to produce a collision with the key you decided ahead of time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact