S/W Copy Protection & Time Crippling?
-
I looking to *protect* ( laugh ) my software before I release it as shareware. Whats the best software protection, ie. request a unique reg. number. and time crippling (30day trial stuff). Is it worth developing my own? Normski. - Professional Windows Programmer
Simple thing to do: if the user enters a key, sleep a second before checking it. Raw key generators will have lots of fun... New and improved: kwakkelflap.com
-
I looking to *protect* ( laugh ) my software before I release it as shareware. Whats the best software protection, ie. request a unique reg. number. and time crippling (30day trial stuff). Is it worth developing my own? Normski. - Professional Windows Programmer
Don't protect it! Piracy is a great form of free advertising. People will steal it, pass it around to others, and your name will get out, eventually resulting in some who will actually pay you for it because they like it. I mean, that's the theory with Napster sites & mp3s. Why wouldn't it apply to software? Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
-
depends on how much protection you expect, who are your users, and if you have a few clues of how crackers work. No chance to prevent everything, the game is to require more work than the cracker is willing to do. - Never use functions like bool IsRegistered(), unless you're sure they are inlined (rather use macros that expand to reall weird code) - never display an "Registration failed" message bo immediately after doing the check (unless there are other checks) - store the "is registered" flag at different locations, evaluate differnet ones on different places - protect both the UI options, and the actual execution of the "registered users only" features - Interlace protection checks with some in-program operations if possible - use "two layers" : one user friendly, that uses very simple checks, and does all the "normal" UI handling (like "Your blah has expired. Please contact us for blah options..". Use a second better hidden layer to double-check the registration, perform additional checks that are not in the "friendly layer", and that acts _lazily_ (i.e. no immediate warning, etc.) - Do NOT get destructive when you believe someone cracked your app (or tries to). You will loose more customers than you win. - interlace "dummy checks" (check for debugger, for Boundschecker) at places that don't have to do anything with your protection. It is very easy for a cracker to: - find the place where a message box is called, and go a few steps back in code (even if it's a function return) - change a if (registered) into a if (!registered) or if (true) - find the place where a single variable is referenced - "crack" binary encoding like rot, xor... Modulo 23 is much more tiresome In general, forget your good coding manners. Use globals where you would use locals, use heap variables and multiple indirections, use macros, etc. Have fun!
We are ugly but we have the music Leonhard Cohen [sighist]
-
Norm Almond wrote: Whats the best software protection Get sponsored by hells angels. :) /Magnus
Magnus H wrote: Get sponsored by hells angels. :laugh: :laugh: :laugh: The only dependable form of copy protection out there! Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
-
Don't protect it! Piracy is a great form of free advertising. People will steal it, pass it around to others, and your name will get out, eventually resulting in some who will actually pay you for it because they like it. I mean, that's the theory with Napster sites & mp3s. Why wouldn't it apply to software? Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
Christopher Duncan wrote: I mean, that's the theory with Napster sites & mp3s. Why wouldn't it apply to software? And WinAmp! It always cost $10 (but didn't have restrictions) until AOL bought it for just a mere $8 million because everyone uses it. Jeremy L. Falcon Homepage : Sonork = 100.16311
"Half the reason people switch away from VB is to find out what actually goes on.. and then like me they find out that they weren't quite as good as they thought - they've been nannied." - Alex, 13 June 2002 -
I agree with Tim. However, at that point, is it really worth the hassle of trying to com up with your own unbreakable system. Anyone that tries hard enough can spoof anything you might come up with. "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001 "Half the reason people switch away from VB is to find out what actually goes on.. and then like me they find out that they weren't quite as good as they thought - they've been nannied." - Alex, 13 June 2002 Please review the Legal Disclaimer in my bio.
I agree with John. :) Our CP system is like a lock on a house. I prevents honest people from entering your house. IMHO, very facny CP system aren't worth the trouble. Because it is a never ending cycle of updating systems as they are broken. You wouldn't believe the simple method we use for file encryption. My goal when I created it was to just prevent the casual hacker from breaking it. So I spent 5 minutes writing the code. Tim Smith I know what you're thinking punk, you're thinking did he spell check this document? Well, to tell you the truth I kinda forgot myself in all this excitement. But being this here's CodeProject, the most powerful forums in the world and would blow your head clean off, you've got to ask yourself one question, Do I feel lucky? Well do ya punk?
-
Don't protect it! Piracy is a great form of free advertising. People will steal it, pass it around to others, and your name will get out, eventually resulting in some who will actually pay you for it because they like it. I mean, that's the theory with Napster sites & mp3s. Why wouldn't it apply to software? Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
Chris, I forwarded your message to Bill Gates. Maybe he will try this with his new OS. :) Tim Smith I know what you're thinking punk, you're thinking did he spell check this document? Well, to tell you the truth I kinda forgot myself in all this excitement. But being this here's CodeProject, the most powerful forums in the world and would blow your head clean off, you've got to ask yourself one question, Do I feel lucky? Well do ya punk?
-
Christopher Duncan wrote: I mean, that's the theory with Napster sites & mp3s. Why wouldn't it apply to software? And WinAmp! It always cost $10 (but didn't have restrictions) until AOL bought it for just a mere $8 million because everyone uses it. Jeremy L. Falcon Homepage : Sonork = 100.16311
"Half the reason people switch away from VB is to find out what actually goes on.. and then like me they find out that they weren't quite as good as they thought - they've been nannied." - Alex, 13 June 2002So what does it cost now? Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
-
So what does it cost now? Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
It's free, but in another situation you could leave it costing an amount and the ones that would pay will and the ones that won't wouldn't anyway. So, you're not loosing that much money. Jeremy L. Falcon Homepage : Sonork = 100.16311
"Half the reason people switch away from VB is to find out what actually goes on.. and then like me they find out that they weren't quite as good as they thought - they've been nannied." - Alex, 13 June 2002 -
I looking to *protect* ( laugh ) my software before I release it as shareware. Whats the best software protection, ie. request a unique reg. number. and time crippling (30day trial stuff). Is it worth developing my own? Normski. - Professional Windows Programmer
-
It's free, but in another situation you could leave it costing an amount and the ones that would pay will and the ones that won't wouldn't anyway. So, you're not loosing that much money. Jeremy L. Falcon Homepage : Sonork = 100.16311
"Half the reason people switch away from VB is to find out what actually goes on.. and then like me they find out that they weren't quite as good as they thought - they've been nannied." - Alex, 13 June 2002Jeremy Falcon wrote: ones that would pay will and the ones that won't wouldn't anyway. Absolutely. I'm fortunate in that the software I plan on releasing early next year is for controlling concert stage lighting. You have to have a hardware interface between the computer and the lighting rig, without it the software doesn't do you any good. So, I'll be able to put the full version up for download and let people play around with the UI and explore the functionality as much as they like, and then order the full package only if they like it. Although frankly, if it didn't have a hardware gadget, I probably wouldn't copy protect it anyway. That stuff just irritates the crap out of me when I've already paid for the software. Besides, it's impossible to completely protect an app. My time is better spent elsewhere. Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
-
I looking to *protect* ( laugh ) my software before I release it as shareware. Whats the best software protection, ie. request a unique reg. number. and time crippling (30day trial stuff). Is it worth developing my own? Normski. - Professional Windows Programmer
If you are not gonna implement your own protection system, I recommend you to try Armadillo,ASProtect and ProActivate I have not tried the last one but heard its name in many forums... Mustafa Demirhan http://www.macroangel.com
-
If you are not gonna implement your own protection system, I recommend you to try Armadillo,ASProtect and ProActivate I have not tried the last one but heard its name in many forums... Mustafa Demirhan http://www.macroangel.com
-
no problem :) Mustafa Demirhan http://www.macroangel.com Sonork ID 100.9935:zoltrix
-
IMHO, it is worth the trouble to develop your own stuff. Pratically all common systems have been broken. Tim Smith I know what you're thinking punk, you're thinking did he spell check this document? Well, to tell you the truth I kinda forgot myself in all this excitement. But being this here's CodeProject, the most powerful forums in the world and would blow your head clean off, you've got to ask yourself one question, Do I feel lucky? Well do ya punk?
Tim Smith wrote: Pratically all common systems have been broken. I agree with this 100%. The problem with common systems is that since they are widely used there are many more hackers tyring to crack the system. Once they figure out how to break the CP system it is usually easy to break all programs that use that system. John
-
Chris, I forwarded your message to Bill Gates. Maybe he will try this with his new OS. :) Tim Smith I know what you're thinking punk, you're thinking did he spell check this document? Well, to tell you the truth I kinda forgot myself in all this excitement. But being this here's CodeProject, the most powerful forums in the world and would blow your head clean off, you've got to ask yourself one question, Do I feel lucky? Well do ya punk?
Tim Smith wrote: Chris, I forwarded your message to Bill Gates. Maybe he will try this with his new OS. Oh, great. Thanks, Tim, for putting me in the line of - wait - what's that knock on my door, and who are those people in the full length black leather trenchcoats? No! Wait!! Microsoft Gestapo! Aaaggggghhhhh!!! Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
-
Looks like good points all of them, but i agree with john that it's not worth spending to much time because it will evidently get cracked. All points above will not do anyhing good if they do a key generator instead. /Magnus
Saying "SW Protection is pointless" is the same as leaving your front door wide open because every lock can be picked. Do you? Of course releasing a SW application that is useful _only_ to the cracker community, is pointless. Protecting a beancounter application makes sense. If you do something beyond "check the Software\Normski\BeanCounterApp registry key", you can even counter most of the jobbing student that are a bit more clever and nosy. It's just a battle of will. Crackers are good at what they are good at, but they are no uebergods with mythical skills. They get their good name mostly from commercial packages that spend money more on convincing the customer is safe, than a single white hat hacker who makes design decisions and core implementation. Application security doesn't come at the .lib or .dll level, and certainly not at bulk. The questions are: - how many people receive your software, and how? - are the people that typically use it able to crack it? - is a cracker getting it's hands on interested in cracking it? - will your potential customers want to use a copy from a "doubtful" source? The internet gives the illusion that one skilled cracker can take away your entire customer base overnight. That's silly. If the distribution channels are not interested, or the customers don't have very close contact to the distribution channel, some will buy. And maybe, just maybe, there are some retards that say "this app is worth the money". The bottom line is: Don't worry about crackers, worry about those who might be willing to pay. Don't leave the front door open, but give those who pay a warm welcome. This doesn't come for free. Customer service (limited as it may be for a shareware app), frequent updates (that can incorporate the build date into the protection algorithm) can make any app successful. Popular products like WinZip are pirated like hell, still they employ some basic teasers with some basic protection. Probably 90% of the WinZip's out there are "free", cracked or not. But those who pay still seem to get some money in. :rose: Peter
We are ugly but we have the music Leonhard Cohen [sighist]
-
Norm Almond wrote: Whats the best software protection Get sponsored by hells angels. :) /Magnus
There is a Hells angles gang by my city, I heard they were in a decent sized brawl during motorcycle week!
-
depends on how much protection you expect, who are your users, and if you have a few clues of how crackers work. No chance to prevent everything, the game is to require more work than the cracker is willing to do. - Never use functions like bool IsRegistered(), unless you're sure they are inlined (rather use macros that expand to reall weird code) - never display an "Registration failed" message bo immediately after doing the check (unless there are other checks) - store the "is registered" flag at different locations, evaluate differnet ones on different places - protect both the UI options, and the actual execution of the "registered users only" features - Interlace protection checks with some in-program operations if possible - use "two layers" : one user friendly, that uses very simple checks, and does all the "normal" UI handling (like "Your blah has expired. Please contact us for blah options..". Use a second better hidden layer to double-check the registration, perform additional checks that are not in the "friendly layer", and that acts _lazily_ (i.e. no immediate warning, etc.) - Do NOT get destructive when you believe someone cracked your app (or tries to). You will loose more customers than you win. - interlace "dummy checks" (check for debugger, for Boundschecker) at places that don't have to do anything with your protection. It is very easy for a cracker to: - find the place where a message box is called, and go a few steps back in code (even if it's a function return) - change a if (registered) into a if (!registered) or if (true) - find the place where a single variable is referenced - "crack" binary encoding like rot, xor... Modulo 23 is much more tiresome In general, forget your good coding manners. Use globals where you would use locals, use heap variables and multiple indirections, use macros, etc. Have fun!
We are ugly but we have the music Leonhard Cohen [sighist]
peterchen wrote: - interlace "dummy checks" (check for debugger, for Boundschecker) at places that don't have to do anything with your protection. very good advice. :-) Regardz Colin J Davies
Sonork ID 100.9197:Colin
More about me :-)
-
Tim Smith wrote: Chris, I forwarded your message to Bill Gates. Maybe he will try this with his new OS. Oh, great. Thanks, Tim, for putting me in the line of - wait - what's that knock on my door, and who are those people in the full length black leather trenchcoats? No! Wait!! Microsoft Gestapo! Aaaggggghhhhh!!! Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
Oh, you mean the BSA. Tim Smith I know what you're thinking punk, you're thinking did he spell check this document? Well, to tell you the truth I kinda forgot myself in all this excitement. But being this here's CodeProject, the most powerful forums in the world and would blow your head clean off, you've got to ask yourself one question, Do I feel lucky? Well do ya punk?
