[jemfinch]

I once really enjoyed a shareware game on my MacBook pro named "Galcon". I enjoyed this game so much I was considering buying the complete version, but it was a bit pricey and I really wanted to know whether the unlocked content would be worth the $20 for an unlock key.

I realized the game was written in Python and dug into the .app directory. It was mostly binary data, but there was one python script with two lines, essentially "import game" and "game.start()". I inserted a pdb checkpoint between those two lines and started the game, dropping into a terminal with the game module loaded. I started peering around with "dir" and ended up finding the function which validated purchase keys, so I replaced it with "return true" and I was able to see the unlockable content.

Unsatisfied with just that, next I used the "dis" module to disassemble the key validation function, decompiled it by hand into python code, and inverted it to make a function which could generate arbitrary keys.

Then I revealed all this to the author and he never got back to me.