Method of Protection software

BackupUser · Post by **BackupUser** » Wed Mar 12, 2003 2:12 am

Restored from previous forum. Originally posted by ricardo.

So when somebody what to buy you software, create a exe with a induvidual s/n. and save the S/N and the user name.

GPI,

For most shareware its not practical, you can't ask the user to wait until you craete and individual exe for them or yu gona have very low sales rate.
Most software are buyed using systems like RegNow, ShareIt, etc. and people want they software inmediatly. Thats why the Keys must be generated online automaticaly.
When the user buy your software they (in the order form) insert they serial number and the site (lets say RegNow) contact your server (cgi, asp, php) send the serial number, get the Key that your server generate and give it to the user in an automatic invoice e mail, in the same where they told him that the bank accept the credit card charge.

For masive distribution applications (price range: $15~$150 US) truing to work in another way is a suicide. Maye if you develop very specialized software work can be done in another way, but not with software distributed on download.com/magazines, etc. or the sales will be not many.

In the other hand, imagine that you have 4 or 6 or 10 or 20 customers everyday asking their fullversion inmediatly. If you told them that they have to wait one or 2 days... im sure you will have not many customers.

Sometimes the bank system takes more time to process the order and the customer are talking about chargeback or refund!! and it was THEIR bank who was slow!!

In my opinion the secret is to avoid keygens, its not THAT important if you use the serial or the size of the HD... the trick is to avoid the possibilitie of keygens... or make it so difficult and change the algorithm every 2 weeks, so any cracker dosent get the effort to make a keygen that just will work one week or less.

Best Regards

Ricardo

Dont cry for me Argentina...

BackupUser · Post by **BackupUser** » Wed Mar 12, 2003 9:22 am

Restored from previous forum. Originally posted by Julien Morel.

I do not know if it is very good.
I make many version 3.00 of my software, thus much of *.exe does not function because it checks the *.exe before cracker. It is thus necessary to have the good *.exe with the good exe

Forum in French
http://www.forumpurebasic.fr.st

BackupUser · Post by **BackupUser** » Wed Mar 12, 2003 2:13 pm

Restored from previous forum. Originally posted by Julien Morel.

I do not know if protection by the size of the hard disk and the good solution. Because two do hard disk of the same size and even mark have the same MO size
How to make to find KB?

Forum in French
http://www.forumpurebasic.fr.st

BackupUser · Post by **BackupUser** » Fri Mar 14, 2003 12:28 pm

Restored from previous forum. Originally posted by JoRo.

Just some questions:
If I comment out the events to the routines I want to disable, are those comments compiled within the exe?
Whats abaout this Idea:
Produce about 26 exes, and depending on the computername they have different serialnumber. This numbers are not generated but fix. It would not be immpossible to crack, thats clear, but you would need at least 26 Versions to make it free downloadeable. The computername is checked at every start and is able to find, if the key fits to the computername?

Johannes

BackupUser · Post by **BackupUser** » Fri Mar 14, 2003 12:37 pm

Restored from previous forum. Originally posted by freak.

> If I comment out the events to the routines I want to disable, are those comments compiled within the exe?

You mean like putting ';' in front of a procedure call?

The comment would not be compiled, but the Code of your procedure will be compiled, and a cracker could insert a new call to this Code into you Executable.

If you want to make a Demo Version with limited features, it is best to not compile
the disabled Code at all. The CompilerIf/CompilerEndIf Commands are very usefull here.

Timo

BackupUser · Post by **BackupUser** » Fri Mar 14, 2003 1:15 pm

Restored from previous forum. Originally posted by JoRo.

thanks freak, thats clear now

johannes

BackupUser · Post by **BackupUser** » Fri Mar 14, 2003 9:08 pm

Restored from previous forum. Originally posted by LJ.

I thought I'd weigh in on this one. I have a friend who is very skilled with SoftIce. He cracked a $5,000 algorithmic 128-bit key encryption generated on the fly by the name which you gave the company at the time in which you purchased it.
The method was setting a break point at HIMEM and tracking the contents of the register EAX. There is no known encryption scheme that can stop someone from hacking/copying your software at a lower level like assembly/machine language.
With this in mind, I simply don't use it. I've been selling software for over 4 years now and have developed another method. Instead I use a psychological encryption scheme such as: "WARNING: Before purchasing you agree to the terms in the license agreement and you understand that xxxx software will report back to the author of this software package each time you connect to the Internet to verify you are the registered user of xxxx software. Copying is illegal and those found guilty will be fined $10,000 face imprisonment or both. This program transmits your unique computer id, ISP number, and other confidential information and this information is not given to any other party except in cases of prosecution and is submitted to the FTC and other authorities. If the revealing of this information offends you, you may not purchase this software. By purchasing this software you agree to allow this private information to be sent to the publisher. If you agree to these conditions and terms, click the Order button below."

Of course non of this is actually true; however it's highly effective as a means of psychological encryption. Very intelligent hacker types are also known to have the common trait of paranoia and many will simply move on to another hack than to mess with yours. Also, someone is less likely to copy your software for their family members or friends when they see this warning because they do not want to get their family members or friends in trouble. Finally, many who purchase software don't really want to copy your software. Instead, they have been asked by someone close to them and they have trouble saying no. By putting such a blatant warning on your software, you give them a reason to say no because of this warning: "I'd really like to give you a free copy of this software I bought but it's protected by some sort of super advanced encryption that reports back to the author everytime I connect to the Internet, see, it says so here. It's all legal because I agreed to it before I purchased. So I'm sorry you will have to buy it. It's a very good program and I recommend that you do."

BackupUser · Post by **BackupUser** » Sat Mar 15, 2003 12:01 am

Restored from previous forum. Originally posted by Henrik.

>"Psychological encryption"

Hmm That dose'nt work either, a simple firewall like zonealarm could easy block your program
from connecting to the net, or block/allow your program from using certain ports, and you don't need to know how to use advanced programs like softice.

I think Freds way maybe the bedst "quality vs prise"

otherwise i don't know what to do about it, i don't think you can.

Regards
Henrik

BackupUser · Post by **BackupUser** » Sat Mar 15, 2003 6:31 pm

Restored from previous forum. Originally posted by ricardo.

Hi,

After talking with a friend with high experience in this stuff i think i have the best solution possible (everyone here has some reason!):

1.- As a trial distribute a version with some features not compiled.

2.- This trial have to generate a Serial number based on some Hardware fingertips.

3.- After some period of time the trial must stop working at all.

4.- When the user register he must give you the Serial Number and you give him a download link that points to the full version of your software and you provide him a Key that will work only on his PC. The download link must be temporary.

5.- Then he download your application and uses the Key to unlock it.

Of course the user can crack the trial version but get only a feature disabled (not compiled some functions) version.

Of course the user can make a keygen for your full version and distribute the fullversion with the keygen, but as my friend saids: distributing a keygen its not illegal (i dont understand why!) but distribute a full version is illegal AND who wants to pay bandwith for distributing a complete application???
Distributing a keygen (as the cracks sites does) its not prblem since every keygen has something like 10k b ut if you app is 1 MB then the bandwith could be hughe!!

The main problem in cracks are not the user who gives the application to his friend... this is almost impossible to stop it. The problem is if some hughe crack sites distribute the keygen of your application so its not 1 friend but maybe 5,000 or more guys using your app for free.

I hope i write the complete idea that my firend explains to me.

Best Regards

Ricardo

Dont cry for me Argentina...

BackupUser · Post by **BackupUser** » Sun Mar 16, 2003 9:59 pm

Restored from previous forum. Originally posted by Julien Morel.

Hello,
According to you what is the best method to count the days of use of a shareware ?
They must be recorded on the hard disk, in the register?, can one encrypt them ?

Forum in French
http://www.forumpurebasic.fr.st

BackupUser · Post by **BackupUser** » Sun Mar 16, 2003 10:45 pm

Restored from previous forum. Originally posted by LJ.

Hi Julien:

I'll never forget my friend who used a version of early FireWorks that had a 30 day trial period but was the full version. He simply changed his system date when he booted his computer to prevent the application from knowing the 30 day trial period was over.

All the posts here have just touched the surface of data encryption/protection. There is an entire computer software industry built up around protect files. Many companies simply buy a protection scheme from one of the many companies who specialize in this field rather than try and do it themselves.

I would liken it to the 3D graphics industry. You can either spend years and $$ learning to use expensive 3D authoring tools and still maybe you will never be able to create excellent 3D graphics, or you can buy 3D models from one of the many companies who make them.

My point is that you could spend the next 10 years studying the history of encryption/hacking/cracking and learning assembly code and SoftIce type programs. Once you got good at hacking, you then could try and write a program to stop someone from hacking the same way you did. But then someone always thinks of something you didn't think of.

If you wanted to make this your fortay, writing software protection schemes and selling them to companies you might make some good money.

But if you don't want to do this and you are writing a software program that has nothing to do with software protection and are hoping to find a "one size fits all" protection scheme that you can implement within a few weeks for the software you are writing, you can forget it. That is an unrealistic expectation to find in this message forum or any message forum.

If you are looking to sell something you have written, then check out RegSoft.com, or IBill.com. These companies provide e-commerce solutions which include protection schemes. Protection schemes are all possible to get around and that is why you see that even Fantasie Software with PureBasic doesn't really put alot of time and $$ into it.

One last thing to think about. If Maya 3D, or Microsoft who makes big $$ with their billions of dollars worth of sales annually can't stop people from copying/hacking their software, you think you can?

I don't want to discourage you and I don't mean to be rude. I know we have different cultures and this is a very multi-cultural message forum and so we have different ways of communication. I am just being very straight and plain, do not want to be rude so do not take this message in that way.

I am very interested in this message thread you have started and I like to read what everyone has to say, it is very entertaining.

BackupUser · Post by **BackupUser** » Mon Mar 17, 2003 9:19 am

Restored from previous forum. Originally posted by Julien Morel.

Hi LJ

I want simply to protect my application. As all can be cracker, I do not seek a great protection. I seek a protection able to
prevent from continuing the software for more the beginners in data
processing. I do not know if it is like that in the USA, but in
France, especially for me I try to do everything to protect my
applications.

My first applications were simply protected by a password and a name
of user. Very quickly serials were found on the crack and P2P sites.

Then I received a mail (anonymity) saying that my software was very
useful, effective, and that he had remotely-loaded the serials on a
crack site. What moreover demoralising than to receive this kind of
mail.
Then now, I make all I can to protect my application suitably.

The piracy is a fact, but it/he must be made the most difficult one
than possible.

I know that one cannot stop the piracy because all that is made can be
cracker, but I think that it/he must be slowed down

Sorry for my English, I think that has to be hard to read me!

Forum in French
http://www.forumpurebasic.fr.st