Software licensing system
-
I am looking for a software licensing system. This is one of those systems where you register the product, and you get a key back, enter the key in a registration screen, and the product is enabled. In our case, we're interested in this primarily for controlling access to different "modules" of a large application. I have done some browsing, and it looks like there are a number of tools to do this kind of thing, including Protection Plus, Software Passport, and Encryptor. Anyone have any experience with these or similar products? Recommendations? Things to look out for? Thanks, Don
-
I am looking for a software licensing system. This is one of those systems where you register the product, and you get a key back, enter the key in a registration screen, and the product is enabled. In our case, we're interested in this primarily for controlling access to different "modules" of a large application. I have done some browsing, and it looks like there are a number of tools to do this kind of thing, including Protection Plus, Software Passport, and Encryptor. Anyone have any experience with these or similar products? Recommendations? Things to look out for? Thanks, Don
note that resorting to an existing protector can be bad, since most of them can be detourned using crack tools,hence so for your application security.
-
I am looking for a software licensing system. This is one of those systems where you register the product, and you get a key back, enter the key in a registration screen, and the product is enabled. In our case, we're interested in this primarily for controlling access to different "modules" of a large application. I have done some browsing, and it looks like there are a number of tools to do this kind of thing, including Protection Plus, Software Passport, and Encryptor. Anyone have any experience with these or similar products? Recommendations? Things to look out for? Thanks, Don
I am at the moment dealing with issues like that and have decided not to go down the road like that at all. I do not know how big or small your target market is, but mine is relatively small. If All small suppliers go to a big licencing house, it saves them money, and have the security of a Big House. Also, the Big House becomes a target, because it becomes worthwile for licence breakers in that one big efford will break thousands of licencing schemes. If everybody designs their own scheme, (and there is very good Public Domain (PGP etc) Software about that can be customised ), it will take thousands of individual effords to break the codes, and becomes economically not viable for the code breakers. The rules are: -Pick a Scheme, PGP, Blowfish, whatever. -Learn How it works. (Vitally Important) -Inspect for Backdoors -Customise -Inspect for Backdoors (again) -Implement Licence Tampering Detection -Inspect for Backdoors (again) -Hope for the best. -Sue. regards, and I know what You're going through. :rose::rose::rose:
Bram van Kampen
-
I am at the moment dealing with issues like that and have decided not to go down the road like that at all. I do not know how big or small your target market is, but mine is relatively small. If All small suppliers go to a big licencing house, it saves them money, and have the security of a Big House. Also, the Big House becomes a target, because it becomes worthwile for licence breakers in that one big efford will break thousands of licencing schemes. If everybody designs their own scheme, (and there is very good Public Domain (PGP etc) Software about that can be customised ), it will take thousands of individual effords to break the codes, and becomes economically not viable for the code breakers. The rules are: -Pick a Scheme, PGP, Blowfish, whatever. -Learn How it works. (Vitally Important) -Inspect for Backdoors -Customise -Inspect for Backdoors (again) -Implement Licence Tampering Detection -Inspect for Backdoors (again) -Hope for the best. -Sue. regards, and I know what You're going through. :rose::rose::rose:
Bram van Kampen
We're a very small company. I have considered rolling our own, but unless there's better information on how to do everything than I've found, I don't have time to do it. Not only do you have to learn about an encryption scheme, you also have to learn about how to tie things to the hardware (drive serial number, or whatever), how to block debuggers and decompilers from running, etc. And you have to write the UI components -- the registration dialogs, the app that you use to issue registration numbers, etc. Thanks for your thoughts. Don
-
We're a very small company. I have considered rolling our own, but unless there's better information on how to do everything than I've found, I don't have time to do it. Not only do you have to learn about an encryption scheme, you also have to learn about how to tie things to the hardware (drive serial number, or whatever), how to block debuggers and decompilers from running, etc. And you have to write the UI components -- the registration dialogs, the app that you use to issue registration numbers, etc. Thanks for your thoughts. Don
Well, You Cannot block Decompilers, because they attack the Raw Excecutable. Decompiling is not an easy task however, and it would not be the case in general that an afternoon spent with your exe and a decompiler would reveal your code. It is typically ManMonths of painstaking research before decompiling anything gives results. The question is one of economics. How many Licences, how much each. how desirable is your target market, etc. vs the cost of many manhours decompiling your code. It may well be easier for potential competitors to write their own (after having bought yours) than to try and de-compile. Debuggers are blocked by ensuring that your final EXE is stripped from all debugging info. Unfortunately you will need some UI Components to let the user know that they need to register, and a method to allow him(her) to enter salient details. If you bounce an e-mail to bramvankampen@aol.com, I'll forward you software I found somewhere to deal with DiskId's etc. Bottom Line.: If you think it's going to be big, and that you could become a Worldwide Target for Licence Decrytptors, your potential sales will be large, and invest in professionals to do this in a bespoke way. Regards :) :)
Bram van Kampen
-
Well, You Cannot block Decompilers, because they attack the Raw Excecutable. Decompiling is not an easy task however, and it would not be the case in general that an afternoon spent with your exe and a decompiler would reveal your code. It is typically ManMonths of painstaking research before decompiling anything gives results. The question is one of economics. How many Licences, how much each. how desirable is your target market, etc. vs the cost of many manhours decompiling your code. It may well be easier for potential competitors to write their own (after having bought yours) than to try and de-compile. Debuggers are blocked by ensuring that your final EXE is stripped from all debugging info. Unfortunately you will need some UI Components to let the user know that they need to register, and a method to allow him(her) to enter salient details. If you bounce an e-mail to bramvankampen@aol.com, I'll forward you software I found somewhere to deal with DiskId's etc. Bottom Line.: If you think it's going to be big, and that you could become a Worldwide Target for Licence Decrytptors, your potential sales will be large, and invest in professionals to do this in a bespoke way. Regards :) :)
Bram van Kampen
If anyone else is interested, Bram sent me some public sources that he didn't remember where they came from. But a quick google turned them up at http://www.winsim.com/diskid32/diskid32.html[^]. This is "DiskId32 (freeware): A Win32 Application and Source Code for Reading Hard Drive Manufacturing Information". Thanks, Bram. Don
-
If anyone else is interested, Bram sent me some public sources that he didn't remember where they came from. But a quick google turned them up at http://www.winsim.com/diskid32/diskid32.html[^]. This is "DiskId32 (freeware): A Win32 Application and Source Code for Reading Hard Drive Manufacturing Information". Thanks, Bram. Don
Hi Don Thanks for recovering the link where I found it. I found it quite usefull. The only thing one wonders is, will it survive the various Vista udates and upgrades in the future. It appears to me that it depends on a lot of undocumented features. By the way, one wonders why there is no Kernel API to do something like that. Regards,
Bram van Kampen