[RC5] Hacked!

Jeff Lawson jlawson at bovine.net
Fri Aug 22 14:44:36 EDT 2003


The discussion in that Russian forum thread relates to patching the client
binaries to JMP over the computationally intensive portions of the
computational portions, for the purposes of getting fraudulent credit in
stats.

As pointed out at the bottom of:  http://www.distributed.net/source/

> Quite truthfully, releasing binary-only clients still does not
> completely eliminate the possibility of sabotage, since it is relatively
> easy for any knowledgeable person to disassemble or patch binaries. This
> is actually quite a trivial task, so we urge you not to try. Indeed,
> security through obscurity is actually not secure at all, and we do not
> claim it to be such.

Note that proposals such as adding self-checksumming to the client
binaries are not thorough solutions that would prevent these types of
attacks either (though it does make casual binary patching a little more
involved).  Discussion of some of the more complex issues and ideas
involved in client trust are in a document I wrote long ago:
http://www.distributed.net/source/specs/opcodeauth.html

We actually do have server-side techniques now (in both RC5-72 and OGR)
to detect and identify participants that appear to be operating fraudulent
clients by comparing incremental checks from successive results.  We are
not automatically discarding results as they come in currently since it
does incur some performance overhead, however we may investigate such
options if this is perceived to become a common problem.  People that we
identify who are doing these practices will naturally become disqualified,
blocked from stats, and their contributed results made available for
redistribution again.



On Fri, 22 Aug 2003, Dead J. Dona wrote:

> What's a pity....
>
> Somebody hacked client.
>
> http://tlo-netavist.narod.ru/
>
> http://bugtraq.ru/cgi-bin/forum.mcgi?type=sb&b=1&m=85852
>
>
> Can anybody tell me what happens?
>

-- 
Jeff Lawson   http://www.bovine.net/  http://www.distributed.net/~bovine/
Jeffrey_Lawson at alumni.hmc.edu  jlawson at bovine.net  bovine at distributed.net
Programmer, Developer, Mascot, Founder of the largest computer on earth!
Don't waste those cycles!  Put them to use!  http://www.distributed.net/




More information about the rc5 mailing list