Mint 2.0: Pirate Version

Posted in Blogging, Counterfeit, Cracking, Hacking, Web 2.0 by Elliott Back on March 5th, 2007.

I came across the following code in a Mint installation today, and was pretty shocked. I’d never really considered that someone would want to pirate a $30 php product, but apparently I was quite wrong:

/* Code removed at the request of Shaun Inman, although technically it’s not his code anymore, just something someone (who knows who) hacked up around it… */

*the usual bypass authorization by modifying the function to always validate hack*

Mint Piracy is a well-known problem to Shaun Inman, so I emailed him a potential solution to the problem of having to release his source code to users, but still needing some control. Hopefully in the future, we can work to bring piracy of Mint to a quick end.

Update: Inman isn’t a fan of the technique (which I think is perfect):

There is a simple way for you to track the origin of Mint pirate releases, and that is to add information to downloads in a way that looks normal, but actually can be later used to authenticate the source.

Person x buys mint, and you assign them id 123456. In base 2 you have 011110001001000000. So, the trick is, you now need to find 18 places in the code where you can choose one thing over another. So for every person x, you generate a unique download, choosing different adjectives in the comments in different places, etc, depending on the id you want to steganografically encrypt. The key to this is that you don’t tell anyone you’re doing it, and they probably won’t notice.

What do you think? Would this cause more grief?

This entry was posted on Monday, March 5th, 2007 at 7:49 pm and is tagged with pirate version, 123456, potential solution, adjectives, different places, inman, piracy, mint, choose one, source code, hack. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.

Viewing 5 Comments

Computer Guru 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I personally have no use for a product whose developer refuses to make compatible with IIS. All it needs are a couple of changes here & a couple of changes there, but if he doesn't want to change it, Mint's not worthy of my money.

reply edit reblog flag

http://neosmart.net/blog/

Montoya 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

This makes me wonder if Inman is interested in doing anything to improve his code. He has a very "Apple" way of doing things that irks me a lot.

reply edit reblog flag

http://www.christianmontoya.net

TeesMyBody.com T-Shirts 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

It's like he's painting himself in a corner. Share the wealth.

Bob Hasko
www.TeesMyBody.com T-Shirts

reply edit reblog flag

http://www.teesmybody.com

Alister Cameron, Blog Coach 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

Steganographically - now there's a word you don't see every day!

I can say it but I sure have no idea what it means :)

- Alister

reply edit reblog flag

Jonathan 1 year ago 1 point
Please login to rate.

Do you already have an account? Log in and claim this comment.

I just bought a 30$ license of mint...

If this system where to be used... I would not only uninstall this product from my website, but also make another concurrent product, in GPL.

Also, I would make so much bad press to mint that his sales would drop...

Do you know why ? Because I think it's utterly wrong to track downloads like this.
Also, I work really hard to bring gpl-licensed javascript products to the masses, hundreds of hours of work.
To find what ? the "upper-cool" stats system out there is closed source, wanting to track me down if I ever want to crack it (which I won't do, I'm against it). Nah, too much for me.

reply edit reblog flag