Testers Needed for Code Snippet

[Zach]

I would not buy a license for software that worked like this; I would rather run a cracked version.

That may be hard to swallow, but that is how a lot of people feel. Because what happens if Internet is down for a pro-longed amount of time? What happens if you are no longer in business?

This argument has been long going on within the PC gaming community with regards to DRM and copy protection that is pointlessly insane and punishes legit users more than pirates because the legit users always end up with the technical problems preventing their app/game/etc from running properly, while the pirates just crack around it and remove the protection..

I have struggled with this in my own thoughts as well, as to how I would license software and try to sell it, while protecting my work; if I ever released a paid-for product..

I would just have basic serial validation and get it over with. Or adopt the model PB and others use, and have a login system where users can download the product, managed by myself or a third party company.

If Gog.com is any indication to how people feel about iron-fisted DRM and Internet Activations, the people do not want, or respect software that uses those sorts of protections.

[xorc1zt]

you should use the windows api functions like this code

Code: Select all

; retrieve the mac address

; xorc1zt
; 2011

#MAX_ADAPTER_NAME_LENGTH = 260
#MAX_ADAPTER_ADDRESS_LENGTH = 8
#MAX_ADAPTER_DESCRIPTION_LENGTH = 132

Structure IP_ADDR_STRING
            Next.l
            IpAddress.s{16}
            IpMask.s{16}
            Context.l
EndStructure

Structure IP_ADAPTER_INFO
            Next.l
            ComboIndex.l
            AdapterName.s{#MAX_ADAPTER_NAME_LENGTH}
            Description.s{#MAX_ADAPTER_DESCRIPTION_LENGTH}
            AddressLength.l
            Address.c[#MAX_ADAPTER_ADDRESS_LENGTH]
            Index.l
            Type.l
            DhcpEnabled.l
            CurrentIpAddress.l
            IpAddressList.IP_ADDR_STRING
            GatewayList.IP_ADDR_STRING
            DhcpServer.IP_ADDR_STRING
            HaveWins.b
            PrimaryWinsServer.IP_ADDR_STRING
            SecondaryWinsServer.IP_ADDR_STRING
            LeaseObtained.Long
            LeaseExpires.Long
EndStructure

;********** main **********

*AdapterInfo.IP_ADAPTER_INFO
AdapterInfoSize.l = 0
GetAdaptersInfo_(NULL, @AdapterInfoSize)
*AdapterBuffer = AllocateMemory(AdapterInfoSize)
GetAdaptersInfo_(*AdapterBuffer, @AdapterInfoSize)
*AdapterInfo = *AdapterBuffer
textbuffer.s=""

While *AdapterInfo
  textbuffer=Hex(*AdapterInfo\Address[0])+"-"
  textbuffer+Hex(*AdapterInfo\Address[1])+"-"
  textbuffer+Hex(*AdapterInfo\Address[2])+"-"
  textbuffer+Hex(*AdapterInfo\Address[3])+"-"
  textbuffer+Hex(*AdapterInfo\Address[4])+"-"
  textbuffer+Hex(*AdapterInfo\Address[5])
  
  Debug textbuffer
  
  *AdapterInfo = *AdapterInfo\Next
Wend

edit :

GetAdaptersInfo : http://msdn.microsoft.com/en-us/library ... 85%29.aspx

[Kuron]

I don't know what kind of product you are offering, but my work computers are never connected to the internet.

Same here and this is something that will never change for me. I routinely do NOT buy software because it requires online activation. The irony is his test code does not work on the one computer that is connected to the Internet.

[em_uk]

This will not be a fool proof method. What happens if I change my NIC? What happens if I replace my machine? Are you always going to be around to give a new license key?

MAC addresses can be easily spoofed. http://www.techrepublic.com/blog/securi ... ddress/395

The only inconvenience is going to be for the people who actually bought your software, if someone is determine to "crack" it, they would load it up in OlyDbg, wait to find the relevant code and create patch to skip the checking routine.

[Slyvnr]

I find it telling how so many of those in this discussion would rather HACK and CRACK versus supporting software developers. As most of us here are using PureBasic for software developed, it is interesting that you do not value your own work.

Further, I think all of you are looking at this from a "hacker/cracker" perspective and not the 90% of typical PC users in the world. The typical user is not going to worry about trying to "hack/crack" software, especially low cost software that is of value to them. They will pay the low cost licensing fee and go on with life.

Yes, there are some out there who will attempt to hack or crack the software to get the "extended" features for free. They may even release it out to hacker forums for all to use. The number of illegal copies will increase, but as a function of the total user base, will be relatively low since typical PC users do not visit or utilize such sites.

How many of us who have worked customer support in the past can recall stories of "I can't find the Any Key" calls or PC Users using the CD-Tray as a Cup Holder? The normal, everyday PC user is typically non-technical (I would add clueless and simpleminded but those are to generic of a sterotype and is only a subset of the total PC user community). I will say that end users want simplistic, straightforward, quick to respond, easy to use software. They want it to install, run, and get on with life. The software I currently have develop basically fits this mold. The licensing issue is where I am trying to make it as "transparent" to the end user as possible but maintain the ability to make some dollars for my efforts.

The typical end user is not going to be spoofing MAC Addresses or be doing any "hardware" related changes with the exception of hardware failures. I have already addressed that issue in previous posts. While I understand there are end-users who will rather Hack and Crack and that anything I do will not prevent that from happening if the person is a hardcore Hacker/Cracker. I am looking at the steps to prevent the "casual"(?) hacker.

Given the extensive use of "Licensing" and "Authorization" codes in most software, there is a legitimate business need from Software Developers to use it AND the end-users have accepted it as a necessary requirement for their use of the licensed software. Payment is not for the software, but for the licensed right to use it. As a Software Developer you have the right to define the "right of use" as being anything you want. You could theoretically limit your software to use on any day that has an even number of letters in the name and that falls on an odd day of the month. Of course, you wouldn't want to but you could.

The mentality that all software should be free and readily available to anyone and everyone reduces the value of creative programmers. It is akin to trying to replacing a novelist with a gang of Shakespearean-Typing Monkeys. I personally believe that programmers who have taken the time to come up with an idea, develop that idea into a working solution including taking the time to test, debug get end-user feedback, modify and improve the end product based on the feedback should be rewarded for their efforts.

I would guess from the way most people talk about this issue in these forums y'all would rather read book reviews and watch movie trailers instead of paying for the entire novel or paying to go to a movie, rent or buy a DVD.

My software has reached a point in it's life cycle where asking for payment for the end product is reasonable. In order to insure that takes place I am trying to find a solution that meets my needs (getting paid) with the needs of the end user (install, run, go on). Anyway, I have the data I need from private messages and direct contacts and am still investigating different solutions for this problem.

Thanks for all of the input, really appreciate it.

Slyvnr

[Kuron]

The typical user is not going to worry about trying to "hack/crack" software, especially low cost software that is of value to them. They will pay the low cost licensing fee and go on with life.

Yet, you don't really believe this because you are implementing DRM that is a direct contradiction to the belief you just expressed.

My software has reached a point in it's life cycle where asking for payment for the end product is reasonable.

That is very reasonable. What is unreasonable is implementing crippling DRM that is so severe it prevents the user from using the software they paid for. Luckily, the DMCA includes protections for the user in these cases and allows them to take the steps necessary to bypass any DRM which prevents them from using the software.

[Zach]

To the contrary, I find your response to our legitimate criticisms of your method of protection, as you put it, "very telling". You appear to have a certain level of contempt for your own user base, which I as a customer relying on your software, would find very disturbing.

So instead of responding to our valid criticisms of the potential problems your DRM will pose for your 90% average "simpleton" user base, you try to inject the red herring of software piracy into the debate? We don't value our own work? What Rubbish...

You talk about how the average user won't be trying to crack your software - then why do you need such convoluted protection?
You talk about how the average user just wants simple, easy to use software, that just works - so why cripple it with such convoluted protection?

Having a serial code mailed to the user, and/or additionally requiring them to login to a protected download section, should be more than sufficient protection while allowing you to make a buck, if that is what you are truly concerned about. It is just as simple for the user as validating online and it comes with none of the pitfalls.

I have seen complaint after complaint about online activation systems since they were created, even problems with major retail products being un-usable by legitimate PAYING customers on launch day - because the online validation servers were down/messed up/ etc.. This is exactly what people mean when they talk about the end-user being the one punished by DRM, while the pirates who crack around it don't have to deal with any of that, and go on their merry way using the product for free.

Nobody said you don't have a right to profit from your work, or that all software should be free.. You will not find a bigger opponent of the "free" software model (from a commercial/continued development perspective) than myself, on this forum. It is not about getting something for free, it is about the freedom to use a piece of software I paid money for without having to worry about having to connect to the Internet, the Internet validation system being messed up/down, or without having to worry that you will still be in business 10 years from now when I am still potentially using your software.

On the contrary, we did not respond from the perspective of a cracker. We responded from the perspective of developers who understand the frustrations that users have with overreaching, draconian DRM measures; as we have often been on the user-end of these problems ourselves with our own software purchases. Another thing I hate as a "user" is this stupid business model "assumption" that I am not being sold a copy of the software, but only the licensed right to use it.. What hogwash. Licenses can be revoked, superceded by other licenses, and made invalid by legal actions. I don't buy my right to use anyones software, I buy a copy of software whose "right to use" automatically comes with it by the simple act of purchasing it from the vendor as goods and services in exchange for money; and I will continue to take that stance until a court of law actually rules on a case involving the validity of EULA's in favor of companies.


You can blame who you want, and toss around lables if you wish. But from this side of the lake, your view seems to be more in line with the standard big corporate interest as opposed to the unwashed masses you want to sell to.

[Slyvnr]

Trying to steer things back to topic. All points of this and that are taken into consideration. I am not trying to justify anything to anyone nor does anyone need to justify anything to me. We can stop the discussion of legitimacy of licensing, crippling DRM etc and take that to another topic for those who wish to continue that discussion. (Most of the points only being regurgitation of previously posted opinions, which I have already read when I originally searched the forums on this topic, and why I originally posted

O.K. not really wanting to bring up an old topic but here I go.

knowing full well that the breakdown that has occurred would). I apologize for allowing it to continue.

BACK TO TOPIC:

I have looked into various software licensing "plug-ins" and "dlls" but am not ready to pay $400+ plus monthly fees for this.

In fact, I have found solutions ranging from $400 to $6,000 which is not appropriate for a small independent developer. Therefore, I am looking for either 1) A method to Serial Code/Activate based on a computer fingerprint/end user data/"other" that can be self-coded or 2) a lead to a "plug-in" or "dll" that is reasonably priced for small software developers (< $100 or % of sales or whatever).

The code I posted was an attempt at a method to get a potential fingerprint of end user machines that did not rely on Windows API. (Yes, the Ethernet MAC Address could change based on various factors, I have considered that and the effect of the change and do not see that as being as prevalent as everyone here thinks it is, If I am wrong then I am busy with end users changing licensing keys and change my method at that point). The flaw with using IPCONFIG is localization, etc.

I REALLY APPRECIATE the COMate sample from Kiffi (had already thought about using this, but just the same you were trying to provide useful alternatives) and the more simple and direct Windows API posting from xorc1zt.

While I really want to be able to use more generic code for when I want to migrate to Mac and Linux distributions, I may not be able to do so. If anyone has any other coding suggestions for getting MAC Address and or other hardware Fingerprinting methods that does not rely on Windows API, please post them. If anyone has used any Serial Code/Activation "Plug-ins" or "Dlls" please post your experience and link information to the products.

Slyvnr

[Bisonte]

I prefer personalized serials, but however here another solution (x86/x64/unicode/ascii)

Code: Select all

EnableExplicit
Procedure.s GetMacAdress()
  Protected HostName.s, Size = 32, IP.s, n = 6, i, MAC$ = ""
  Protected wsa.WSADATA, Computername.s
  Protected *host.HOSTENT  
  Protected Dim MacAddr.b(n)
  Hostname = Space(Size)
  GetComputerName_(@Hostname, @Size)
  If HostName
    If WSAStartup_((1<<8|1), wsa.WSADATA) = #NOERROR
      *host.HOSTENT = gethostbyname_(ComputerName)
      WSACleanup_()
      If *host
        IP = PeekS(inet_ntoa_(PeekL(PeekL(*host\h_addr_list))))
      EndIf
    EndIf
  EndIf
  If SendARP_(inet_addr_(IP), 0, @MacAddr(0), @n) = #NO_ERROR
    For i = 0 To n - 2
      MAC$ + RSet(Hex(MacAddr(i)&255),2,"0") + ":"
    Next
    MAC$ + RSet(Hex(MacAddr(i)&255),2,"0")
  EndIf
  ProcedureReturn MAC$
EndProcedure
Debug GetMacAdress()

This is tested on Win7x64

[Kuron]

While I really want to be able to use more generic code for when I want to migrate to Mac and Linux distributions, I may not be able to do so. If anyone has any other coding suggestions for getting MAC Address and or other hardware Fingerprinting methods that does not rely on Windows API, please post them. If anyone has used any Serial Code/Activation "Plug-ins" or "Dlls" please post your experience and link information to the products.

Hardware locking is a major no-no and will cost you customers. Once you lose a customer, you don't get them back and word of mouth from a disgruntled customer, will cost you even more.

If you don't want to use different trial and registered versions, go with an old fashioned serial number registration system. There are likely hundreds of examples at Planet Source Code that will more than meet your needs.

[Slyvnr]

I prefer personalized serials, but however here another solution (x86/x64/unicode/ascii)

(code removed) - no reason to repost it.

Very nice. 25 lines of code versus 51 lines. Of course the 51 lines gets the MAC for each Adapter. Your code returns the first listed Adapter. Either should work.

There are likely hundreds of examples at Planet Source Code that will more than meet your needs.

Will check them out. Had looked at Hot Scripts and other Web-based coding sites. Never used Planet Source Code before. Thanks for the lead.
THANKS!

Slyvnr

[Kuron]

Will check them out. Had looked at Hot Scripts and other Web-based coding sites. Never used Planet Source Code before. Thanks for the lead.
THANKS!

The VB 6 examples would probably be easy to convert. If you go here: http://planetsourcecode.com/vb/default.asp?lngWId=1 and scroll to the bottom you can search of simply click on a category and browse. I have gotten the daily code of the day mailing list since its existence, there are always new registration examples being posted ranging from simple to very complex.

There is also a very simple Blitz example here: http://blitzbasic.co.nz/codearcs/codearcs.php?code=992 I will warn you in advance that visiting that link will make you sad as there are some really old Rook Zimbabwe posts.

[Trond]

The code I posted was an attempt at a method to get a potential fingerprint of end user machines that did not rely on Windows API. (Yes, the Ethernet MAC Address could change based on various factors, I have considered that and the effect of the change and do not see that as being as prevalent as everyone here thinks it is, If I am wrong then I am busy with end users changing licensing keys and change my method at that point). The flaw with using IPCONFIG is localization, etc.

Your solution will be OS-specific no matter what you do. ipconfig isn't the same on linux. Using ipconfig is just like using API, except you're accessing it indirectly and are left with the issue of parsing the textual output.

[Danilo]

Hardware locking is a major no-no and will cost you customers. Once you lose a customer, you don't get them back and word of mouth from a disgruntled customer, will cost you even more.

Many products use this method. If you change some hardware parts, you have to re-activate.
Even Windows uses this. It works and it is quite common.

I have some products installed that use hardware checks too, and it is no problem.
If you get a problem with it or change some hardware, just contact support.
No problem as a registered user.

I also have 2 dongles in my USB Hub for many products. 1 dongle for 1 product
and the 2nd dongle holds licenses for many products of one company.

If the product is worth it, it is no problem at all and as a registered user you
get support if you need it.

[IdeasVacuum]

until a court of law actually rules on a case involving the validity of EULA's in favor of companies

That has already happened in the USA, Vernor v. Autodesk Inc.