Anti-pirating scheme
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
What if they do not have internet access? Why waste time learning when ignorance in instantaneous -Hobbes
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
Well, there is always a hole (not talking about necessary internet access, as Brian said) Your scheme looks like: App->Go Web->Check Registration->Confirm Registration->App Can't draw it in circle here :) but I guess you see where is the problem already. In the chain above, cracker should remove "Go Web->Check Registration" sequence and everything will work just fine, even without internet :) Well, right, you won't get updates.. and this is the subject to discuss. See for example Norton Antivirus. To stay up-to-dat you HAVE to get updates, but to get updates you have to pay... Philip Patrick Web-site: www.stpworks.com "Two beer or not two beer?" Shakesbeer
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
I would NEVER pay for a program that would not start if I was not online! - Anders Money talks, but all mine ever says is "Goodbye!"
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
Might be one flaw.. I dont have alot of network knowlege but here goes. What if the person has a router. The person mirrors his ip and mac address to the router. Now he has say 11 couputers hooked into the router. you application would only see just the 1 registered information would it not? If i am incorrect about this i am sorry. Like i said im just learning. you also posted that if the registration fails start deleting the application in the background. In a way your doing them a favor by removing something that doesnt work. I say make it non functional and leave it. It takes up hard drive space and is useless. Then they have to go through the hassle of removing it themselves.
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
Write an application that is so great your users believe you must be a coding god. Now, who would withhold a coin from god? :cool: The biggest loophole in all copyprot schemes are users you scare away. IMO 20 digit-or-letter serials, as they are common today, are an insulting discrespect of the user. Everybody who does more than casual software administration will aggree probably find stronger words. A good copyprot scheme starts with a look at the product to be protected. Each product has different users (if it's only beancounters, there's no use for a copyprot as you suggest), has different market and hazard exposure (e.g. beancounters just need a license agreement that looks scary), different distribution channels (who gets a hand on your final product anyway?), and "cracker attractiveness". and the skills of "good assembler programmers" are way overrated. Just because some companies make zillions with bogus protection schemes (if it comes in a DLL, forget it) doesn't mean you can keep a cracky busy for longer than he enjoys. They are good at certain things. bad at others.
skulls don't kiss a machito [sighist]
-
Well, there is always a hole (not talking about necessary internet access, as Brian said) Your scheme looks like: App->Go Web->Check Registration->Confirm Registration->App Can't draw it in circle here :) but I guess you see where is the problem already. In the chain above, cracker should remove "Go Web->Check Registration" sequence and everything will work just fine, even without internet :) Well, right, you won't get updates.. and this is the subject to discuss. See for example Norton Antivirus. To stay up-to-dat you HAVE to get updates, but to get updates you have to pay... Philip Patrick Web-site: www.stpworks.com "Two beer or not two beer?" Shakesbeer
Philip Patrick wrote: See for example Norton Antivirus. To stay up-to-dat you HAVE to get updates, but to get updates you have to pay... AFAIK you can still download the virus definitions without paying, but being a paying customer allows you to use their LiveUpdate system. DBHelper - SQL Stored Procedure Wrapper & Typed DataSet Generator for .NET
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
1. Please do not cross post. It is sufficient to post a question in one forum only. Everyone who feels like answering it will answer it. 2. This question is better suited for the General Discussions forum, since it relates to programming in a way, though it's not about any particular language (hence you'd be better off in the General Discussions forum instead of any language forum, you'll get a larger audience.) 3. If the registration fails it's better IMO to give a chance to buy and register the app. Don't delete it in the background. That's cheating! 4. Don't use checks like
if(IsRegistered()){...}. A cracker can easily change it toif(TRUE){...}. 5. Do the checks in as many different ways, at as many different times and in as many different locations as possible, even in places that have nothing to do with protection or "registered or trial/demo access", so that even if the cracker manages to patch it in some places, he will have to do a lot of work to patch them all, and even then he can't be sure he did them all (he thought he finished them when suddenly your app decides to check the registration status because it's 1st April).
Regards,Rohit Sinha
-
1. Please do not cross post. It is sufficient to post a question in one forum only. Everyone who feels like answering it will answer it. 2. This question is better suited for the General Discussions forum, since it relates to programming in a way, though it's not about any particular language (hence you'd be better off in the General Discussions forum instead of any language forum, you'll get a larger audience.) 3. If the registration fails it's better IMO to give a chance to buy and register the app. Don't delete it in the background. That's cheating! 4. Don't use checks like
if(IsRegistered()){...}. A cracker can easily change it toif(TRUE){...}. 5. Do the checks in as many different ways, at as many different times and in as many different locations as possible, even in places that have nothing to do with protection or "registered or trial/demo access", so that even if the cracker manages to patch it in some places, he will have to do a lot of work to patch them all, and even then he can't be sure he did them all (he thought he finished them when suddenly your app decides to check the registration status because it's 1st April).
Regards,Rohit Sinha
-
What if they do not have internet access? Why waste time learning when ignorance in instantaneous -Hobbes
Since my app is only distributed via the web they must have internet access.
-
Philip Patrick wrote: See for example Norton Antivirus. To stay up-to-dat you HAVE to get updates, but to get updates you have to pay... AFAIK you can still download the virus definitions without paying, but being a paying customer allows you to use their LiveUpdate system. DBHelper - SQL Stored Procedure Wrapper & Typed DataSet Generator for .NET
leppie wrote: but being a paying customer allows you to use their LiveUpdate system There are ways to deal with that too I'm afraid. There is no fool proof licensing enforcement scheme, and I doubt there ever will be. I think the best approach is to make it hard enough so that average joe won't break it. But perhaps, in the future with quantum computing, it will be possible to fool the crackers. -- If I had the ability to smooth talk like John Simmons, this post would be less sarcastic and more to the point.
-
I would NEVER pay for a program that would not start if I was not online! - Anders Money talks, but all mine ever says is "Goodbye!"
The app will only need to be online during initial install and also during any updates. I will then check to see when you are connected and use that to also call home. Also my app is designed to be run on a LAN so a always on connection will be the norm not the exception. Thanks for your opinion Darroll
-
Write an application that is so great your users believe you must be a coding god. Now, who would withhold a coin from god? :cool: The biggest loophole in all copyprot schemes are users you scare away. IMO 20 digit-or-letter serials, as they are common today, are an insulting discrespect of the user. Everybody who does more than casual software administration will aggree probably find stronger words. A good copyprot scheme starts with a look at the product to be protected. Each product has different users (if it's only beancounters, there's no use for a copyprot as you suggest), has different market and hazard exposure (e.g. beancounters just need a license agreement that looks scary), different distribution channels (who gets a hand on your final product anyway?), and "cracker attractiveness". and the skills of "good assembler programmers" are way overrated. Just because some companies make zillions with bogus protection schemes (if it comes in a DLL, forget it) doesn't mean you can keep a cracky busy for longer than he enjoys. They are good at certain things. bad at others.
skulls don't kiss a machito [sighist]
I was hoping by locking an app to a MAC address will keep me from developing a 200 digit 3,000,000 bit product key. Even the 20 digit codes are just passed around any ways. Darroll
-
1. Please do not cross post. It is sufficient to post a question in one forum only. Everyone who feels like answering it will answer it. 2. This question is better suited for the General Discussions forum, since it relates to programming in a way, though it's not about any particular language (hence you'd be better off in the General Discussions forum instead of any language forum, you'll get a larger audience.) 3. If the registration fails it's better IMO to give a chance to buy and register the app. Don't delete it in the background. That's cheating! 4. Don't use checks like
if(IsRegistered()){...}. A cracker can easily change it toif(TRUE){...}. 5. Do the checks in as many different ways, at as many different times and in as many different locations as possible, even in places that have nothing to do with protection or "registered or trial/demo access", so that even if the cracker manages to patch it in some places, he will have to do a lot of work to patch them all, and even then he can't be sure he did them all (he thought he finished them when suddenly your app decides to check the registration status because it's 1st April).
Regards,Rohit Sinha
1+2) if I only posted to General then no one would have responded. Even you decided to post here instead of the General forum. I think posting here was the best. IMO. 3) Even if they would like to buy it I would still get them to go back and download the latest version. I would definatly remove the key components to the app. 4) What do you suggest I use? 5)Good idea. My thought would be to have several dlls that always get updated even if not out of date that have checks in them. This way if they wanted to use a cracked version they could never go online while running my app, they will more than lickly be using an always on connections. Or just run checksums on everything. Thanks for your input Rohit! Darroll
-
Since my app is only distributed via the web they must have internet access.
Oh, and by the way why do you have two accounts? Why waste time learning when ignorance in instantaneous -Hobbes
-
Oh, and by the way why do you have two accounts? Why waste time learning when ignorance in instantaneous -Hobbes
2 accounts? is that possible?
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
-
What if someone doesn't have a network card? IE: they connect via a modem, or a USB DSL/Cable modem?
Good catch, I could hope that all of my customers would have a NIC. (I am targeting LANS) I will look into generating some other info Say the computer name and other rarely changed items. Even if they aren't used the majority of newer computers have LAN cards. Thanks! Darroll
-
I am trying to develop an anti-pirating scheme. Ok I know that a good assembler programmer can crack just about anything, but here is my thought. Have the installer only install a registration and update app. Upon registering, where you grab and record the MAC address and other info, you allow them to download the remaining files to their computer. Then every time they run the app you both check for updates and confirm their registration against their MAC address. If there are updates then you just download them. If there registration fails you start deleting their application in the background. If they replaced their NIC or simply get a new computer a quick reinstall of your app reregisters it to the new NIC. This would effectively only allow one copy of your program to function per registration. So what do you think? I am sure there is a hole in the process somewhere. But, imho, a little incontinence to the customer when they switch out a NIC is nothing compared to having only one working copy per registration. Please comment on this. I need feedback before I go about designing this. Thanks Darroll
- Mac addressed can be spoofed, and changed. What happens when someone upgrades their NIC, or their VPN / Dialup hands out new Mac addresses? "Incontinence" has to do with being unable to control themselves (this is what babies do) - you can *bet* the user will piss their pants when you delete stuff!! 2) Why stop with deleting the app, go ahead and delete the entire harddrive. After all, you've just equated someone who's connection failed with terrorism, so it's quite all right. 3) What happens when your web site is not reachable, for example, you forgot to pay your bill, the co-lo lost power, someone cut the trunk line, or maybe your DNS got hacked? 4) Re-installing with the orignal key just defeats your entire scheme, and at the same time, causes a complete denial-of-service to the orignal owner (quick, catch the license as it hops from system to system! NetBunny!!) 5) A cracker will simply block your program from connecting, or find the back door you put in. 6) Needless to say, the entire scheme can open you up to a wad of lawsuits if you start deleting things from a legit user who's machine was accessed by someone else (such as in the office) If you're that worried about someone swiping a shareware progam, I strongly suggest you not release it, since that way nobody will pirate it. Or you can do the smart thing and (gasp) *trust your users* by offering a good product at a fair price. I would just junk the entire concept of "all users are stealing from me" that your scheme's mental model has and go the much saner route that a lot of vendors have been using for years with great success - downloads of upgrades are only available for registered users (v1.00 is online for trialware, buy now and get the 1.02 upgrade). If the download is from say more than 5 ip addresses in a given 24 hour period, nuke the key and email the orignal buyer. This way you *REWARD* legit users.
Visual Studio Favorites - improve your development! GUIgui - skin your apps without XP
-
- Mac addressed can be spoofed, and changed. What happens when someone upgrades their NIC, or their VPN / Dialup hands out new Mac addresses? "Incontinence" has to do with being unable to control themselves (this is what babies do) - you can *bet* the user will piss their pants when you delete stuff!! 2) Why stop with deleting the app, go ahead and delete the entire harddrive. After all, you've just equated someone who's connection failed with terrorism, so it's quite all right. 3) What happens when your web site is not reachable, for example, you forgot to pay your bill, the co-lo lost power, someone cut the trunk line, or maybe your DNS got hacked? 4) Re-installing with the orignal key just defeats your entire scheme, and at the same time, causes a complete denial-of-service to the orignal owner (quick, catch the license as it hops from system to system! NetBunny!!) 5) A cracker will simply block your program from connecting, or find the back door you put in. 6) Needless to say, the entire scheme can open you up to a wad of lawsuits if you start deleting things from a legit user who's machine was accessed by someone else (such as in the office) If you're that worried about someone swiping a shareware progam, I strongly suggest you not release it, since that way nobody will pirate it. Or you can do the smart thing and (gasp) *trust your users* by offering a good product at a fair price. I would just junk the entire concept of "all users are stealing from me" that your scheme's mental model has and go the much saner route that a lot of vendors have been using for years with great success - downloads of upgrades are only available for registered users (v1.00 is online for trialware, buy now and get the 1.02 upgrade). If the download is from say more than 5 ip addresses in a given 24 hour period, nuke the key and email the orignal buyer. This way you *REWARD* legit users.
Visual Studio Favorites - improve your development! GUIgui - skin your apps without XP
First I am only batting around ideas. I have not even started coding yet. The problem with trusting users is that there is a crack for just about every APP. If you cannot find a crack you aren't looking hard enough. Cracked programs is a million dollar buisness in a mojority or eastern European countires. When I went to Bosnia there was a CD shop on every corner. Each cd was $5. So for $5 I would always have the latest software. The only non cracked software is one that no one wants. I am not saying I will come up with a better solution but not even trying means you don't care if someone steals from you. The upates will be released by the hackers in less than a week. This leads me to beleive that a web based checking utility is the least hackable solution out there. If you require your app to call home say once a quarter you can track how many copies are out there and which reg key has leaked. You could have the install program register the key to that computer and lock out any other installs. Then unregister during uninstall. Remember just thoughts. The idea is to trust your customers but to make it so that it is as difficult to pirate as possible. Darroll