Licensing, Obfuscation and Copy Protection Tools
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
From my experience, dongle-based safety is often a pain, and expensive. If it's .net obfuscation you're after, I'd go with Smart Assembly. It's easy to use, fairly well priced, and whenever I've come up against a problem the developers have been very responsive. http://www.smartassembly.com/
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
Resistance is futile. I didn't even try and I learned it. :(
So the creationist says: Everything must have a designer. God designed everything. I say: Why is God the only exception? Why not make the "designs" (like man) exceptions and make God a creation of man?
-
From my experience, dongle-based safety is often a pain, and expensive. If it's .net obfuscation you're after, I'd go with Smart Assembly. It's easy to use, fairly well priced, and whenever I've come up against a problem the developers have been very responsive. http://www.smartassembly.com/
Have you looked at .Net Reactor? http://www.eziriz.com/[^] I found this to be relatively inexpensive, and it seemed to do the job pretty well. I never had any issues with it. But then again, I don't know if anyone ever tried to crack the app I was using it with :-D
-
From my experience, dongle-based safety is often a pain, and expensive. If it's .net obfuscation you're after, I'd go with Smart Assembly. It's easy to use, fairly well priced, and whenever I've come up against a problem the developers have been very responsive. http://www.smartassembly.com/
Bristle_Ike wrote:
I'd go with Smart Assembly. It's easy to use, fairly well priced,
<choke>$500?</choke>
Best wishes, Hans
[CodeProject Forum Guidelines] [How To Ask A Question] [My Articles]
-
Bristle_Ike wrote:
I'd go with Smart Assembly. It's easy to use, fairly well priced,
<choke>$500?</choke>
Best wishes, Hans
[CodeProject Forum Guidelines] [How To Ask A Question] [My Articles]
well priced, that's like when you say a girl is "well built".
-
Bristle_Ike wrote:
I'd go with Smart Assembly. It's easy to use, fairly well priced,
<choke>$500?</choke>
Best wishes, Hans
[CodeProject Forum Guidelines] [How To Ask A Question] [My Articles]
if the technology works, then you'll very quickly make that $500 back because people will buy the software instead of copying it. Assuming your software is worth buying, that is. I'd say $500 for something like that is money well spent. No i don't work for the company.
-
Bristle_Ike wrote:
I'd go with Smart Assembly. It's easy to use, fairly well priced,
<choke>$500?</choke>
Best wishes, Hans
[CodeProject Forum Guidelines] [How To Ask A Question] [My Articles]
If you don't think the software is worth investing 500$ in protecting.... Then nobody will probably be interested in copying it anyway.
ASCII tables, HTML entities, types, string formats and more info for the nerdy coder at: www.codecharts.com
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
If some one want to copy your software then I believe you should let them to a degree. It can generate sales. The main project I was involved with used email service to send an activation and product options based upon the generated userid and payment receipt! UserID generate from hardware, receipts that are unique, and some simple mathematics and well placed calls. This worked well because the company was also the primary sales outlet. Even so, setting up a system to verify software based on UID is not to difficult with modern technologies. Making software that is good, and value for money is by far the best method of sales in comparison to overpriced, bloated bugware. I'd avoid any form of dongles, copy protected CD's etc as these do nothing but aggrevate the customer, and decrease the potential of sales. If you want to go with commercial systems then theres items like CopyMinder, CrypKey, Exe Lockdown, Logic Protect and ShareGuard are a few that were getting around. Personally, creating your own protection, licencing system would be the best and probably safest bet.
-
Bristle_Ike wrote:
I'd go with Smart Assembly. It's easy to use, fairly well priced,
<choke>$500?</choke>
Best wishes, Hans
[CodeProject Forum Guidelines] [How To Ask A Question] [My Articles]
I was comparing it against Preemptive Dotfuscator, which is over three times the price. Back when I bought it (c2006) there wasn't a lot else competing with it either in terms of price or functionality. Looking around now there are cheaper alternatives. I came across Deep Sea Obfuscator the other day [http://www.deepseaobfuscator.com/], which is cheaper, but I've not tried it out yet.
side lane digital development
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
Check out CopyMinder (www.copyminder.com).
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
Checkout my EZRSA article elsewhere on this site. It's a roll-your-own solution but it works for me. It works by having the client software contact a licensing server for an activation code. The activation code is tied to the client PC and is encrypted with our private key and so cannot be forged. The licensing server is just a code-behind (C#) script running on our webserver. Hope this helps.
Paul Sanders http://www.alpinesoft.co.uk
-
If some one want to copy your software then I believe you should let them to a degree. It can generate sales. The main project I was involved with used email service to send an activation and product options based upon the generated userid and payment receipt! UserID generate from hardware, receipts that are unique, and some simple mathematics and well placed calls. This worked well because the company was also the primary sales outlet. Even so, setting up a system to verify software based on UID is not to difficult with modern technologies. Making software that is good, and value for money is by far the best method of sales in comparison to overpriced, bloated bugware. I'd avoid any form of dongles, copy protected CD's etc as these do nothing but aggrevate the customer, and decrease the potential of sales. If you want to go with commercial systems then theres items like CopyMinder, CrypKey, Exe Lockdown, Logic Protect and ShareGuard are a few that were getting around. Personally, creating your own protection, licencing system would be the best and probably safest bet.
Programit wrote:
Personally, creating your own protection, licencing system would be the best and probably safest bet.
Man you are soooo far away from it, sooo far away. Google something about code reverce engeneering. And then read your post again. I use similar(to the one you described) system for our company software, but it is not secure. The only thing that protects our software applications is that they usually come with a pretty expensive peace of hardware equipment.
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
I've used Armadillo which at the time I bought it was inexpensive. Since then it's been acquired by Digital River and rebranded as SoftwarePassport. The price has also gone up, especially as the reduced feature version I bought is no longer available. They used to not support .NET so you'd need to check if they do now. I found it after doing a bit of research and noticed that a lot of people were talking about it. I'm confident that the developers really know what they're doing and the documentation is comprehensive so you can see exactly what you get for your money. It's packed with features and well supported. Some other products say they offer great protection but don't elaborate much on that. You build your app as normal then run Armadillo on your executable (and dlls) to provide a wrapped-up exe with page swapping, debug blocking, key based licensing etc built in. It comes with a library that allows you to check for key expiry etc from within your own code for added flexibility, or you can just use the Armadillo interface to determine how such events are handled. I prefer the old Armadillo interface which should still be available as an alternative to the "improved" SoftwarePassport one.
-
From my experience, dongle-based safety is often a pain, and expensive. If it's .net obfuscation you're after, I'd go with Smart Assembly. It's easy to use, fairly well priced, and whenever I've come up against a problem the developers have been very responsive. http://www.smartassembly.com/
From my experience dongles are not hard at all to program and VERY effective. Look at HASP by Aladdin. Also take a look at CrypKey as it is very effective too. I used both on the same project and it has yet to be cracked after several years of production use.
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
fingoo.net is pretty good. no set up fee and you only pay a tiny percentage of the licenses you actualy sell. Automated license purchasing is also provided where your users pay direct to your PayPal account. with a friendly free support service too :o) what is really needed is a decent site that reviews the variaous software activation services, like www.adslguide.org is for adsl. a lot of them have hidden charges and other such nasty surprises :o( keith
-
I've used Armadillo which at the time I bought it was inexpensive. Since then it's been acquired by Digital River and rebranded as SoftwarePassport. The price has also gone up, especially as the reduced feature version I bought is no longer available. They used to not support .NET so you'd need to check if they do now. I found it after doing a bit of research and noticed that a lot of people were talking about it. I'm confident that the developers really know what they're doing and the documentation is comprehensive so you can see exactly what you get for your money. It's packed with features and well supported. Some other products say they offer great protection but don't elaborate much on that. You build your app as normal then run Armadillo on your executable (and dlls) to provide a wrapped-up exe with page swapping, debug blocking, key based licensing etc built in. It comes with a library that allows you to check for key expiry etc from within your own code for added flexibility, or you can just use the Armadillo interface to determine how such events are handled. I prefer the old Armadillo interface which should still be available as an alternative to the "improved" SoftwarePassport one.
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=cgv&q=softwarepassport+armadillo+v6.0.0.600+crd&btnG=Search[^] do some research and find out which of the commercial copy protections are the hardest for reversers to reverse. nothing is safe to be realistic, if you can build it, it can be unbuilt, aside from actually leaving code out and truly limiting a shareware version, but then you have to worry about your truly registered users giving out their copy to friends etc. never ending circle eh ;)
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
User of Users Group wrote:
Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks
Well the ones on A list games typically get cracked in hours to days, but I suspect that's not what you want... :doh:
Today's lesson is brought to you by the word "niggardly". Remember kids, don't attribute to racism what can be explained by Scandinavian language roots. -- Robert Royall
-
http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=cgv&q=softwarepassport+armadillo+v6.0.0.600+crd&btnG=Search[^] do some research and find out which of the commercial copy protections are the hardest for reversers to reverse. nothing is safe to be realistic, if you can build it, it can be unbuilt, aside from actually leaving code out and truly limiting a shareware version, but then you have to worry about your truly registered users giving out their copy to friends etc. never ending circle eh ;)
You're right it's all a question of degree and if a vendor says their system is impossible for anyone to crack, it's either dishonest or they don't really know what they're doing. At least Armadillo tell you exactly what their product does and don't sell it as some kind of magic box. Whether there is a real crack for Armadillo I don't know, but I do know it was cracked in the past once for sure and they fixed the problem. Friends passing keys around is unavoidable unless you generate a key that is locked into the user's hardware so the program can't be used on another machine, but that is an admin nightmare and will probably put people off unless they really need your software. If the key contains the name of the person the software was sold to, at least if it appears on a website somewhere it's obvious who put it there. None of it's foolproof but if you provide software that you want people to pay for and it is easy to continue using it without paying, most people will. If it requires a bit more work, most people won't know how to break it. Armadillo can give you a custom build to help prevent generic crack tools from working on your app. So in general I think some decent protection is better than none.
-
I could swear I saw some recommendations here in the Lounge but the name escapes me.. With the usual caveat, 'determined can bla bla', 'put it behind the service' etc: Are there any decent products for licensing, protecting software, Internet activation, on-demand delivery/auto-updates etc that don't get broken by H20, OzOne and friends within few weeks? MS has recently pulled out from its idea that didn't live longer than few months, Dotfuscator guys are still charging silly money and so on.. Both native and managed hints would be welcome, and ideally without a 4 digit price for proprietary 'invention' that will be busted sooner or later, or not work with reflection and who knows what else... Dongles, drivers, PKI-based, anything would be acceptable.. Cheers
I know this is probably not what you want to hear... but the answer is mostly no. You're probably not going to find some OTS copy protection that crackers won't rip apart that isn't ridiculously expensive. Here's a bit of an overview of the different protections and why they're good/bad: Dongles - Generally you shouldn't bother with these. They are expensive, unwieldy, and a PITA for customers. Software developers that use them also rarely implement the protection properly. If you're just checking whether the dongle is there and that it's your dongle, you're doing it wrong. The one way you can make it effective is to put critical data or even code inside the dongle's memory, then handle the failure case as best you can without giving away too much information about what that critical data or code should be. As you can imagine, this isn't easy. Internet Activation - They can be relatively inexpensive and easy to use. However, as we've seen with some music DRM there is risk. Does your app require internet access? If not, why should your copy protection? And can you make sure your customers can still use your product even if your servers go down (or if you would go out of business)? These products can be good for keeping people honest, but will not keep out crackers because you still will most likely keep track of activation status on the client or you'll have to provide a non-internet alternative. Obfuscators/Encryptors - IMO obfuscators are pointless. They'll only slow down a cracker slightly because most of them are used to reverse engineering apps without any useful names anyway. Encryptors can be better, but of course there is the risk of compatability issues. Products like Armadillo, Execryptor, etc. can work, but only if you don't open a loophole by having a trial. If at any time the app can be run without the customer having paid you, the protection is worthless because the cracker can unwrap and save the code during the trial period. If the encryptor uses strong encryption and will not run without a valid serial number, then it can be effective. Serial Numbers - If strong encryption is used, you can prevent a key generator from being made. Of course this may result in the customer having to input very long license keys. This does not prevent someone from just modifying your app to always accept any serial number. You'll see a lot of products like this that claim to be easy to use and secure, but are really as secure as a wet napkin. CrypKey that some other posters have men
-
You're right it's all a question of degree and if a vendor says their system is impossible for anyone to crack, it's either dishonest or they don't really know what they're doing. At least Armadillo tell you exactly what their product does and don't sell it as some kind of magic box. Whether there is a real crack for Armadillo I don't know, but I do know it was cracked in the past once for sure and they fixed the problem. Friends passing keys around is unavoidable unless you generate a key that is locked into the user's hardware so the program can't be used on another machine, but that is an admin nightmare and will probably put people off unless they really need your software. If the key contains the name of the person the software was sold to, at least if it appears on a website somewhere it's obvious who put it there. None of it's foolproof but if you provide software that you want people to pay for and it is easy to continue using it without paying, most people will. If it requires a bit more work, most people won't know how to break it. Armadillo can give you a custom build to help prevent generic crack tools from working on your app. So in general I think some decent protection is better than none.
computer_nerd wrote:
some decent protection is better than none.
yup, agreed. I didn't post that link to try and give someone a crack to it, hopefully it didn't come across as such.. merely as an example that it had been cracked, and if folks can get the beast itself to study, it helps the chances of it being reversed easier. packers/crypters at a minimum help keep the run of the mill hobbyist cracker from getting into your stuff, which is definitely better than nothing. I believe a PE packer/crypter and obfuscation can be a really pain for folks to attack, so if you can use a combo of that, you could at least fend off the bad guys for some time.