Protecting our work from unauthorised distribution

[Tenaja]

As someone who learned from Hardcore Computist, modern tools make cracking trivial protection a trivial exercise. Even multiple points become an exercise of repeated trivial edits.

When I was considering this, I thought about introducing various bugs that would appear inconsistently and randomly if the file was tampered with. That way, there was not a single test point, and either an inconsistent pattern, or a shifting pattern based on the cracked version so every crack introduces a new bug. But this is still a game to crackers.
OTOH, if you have a program that does not require consistent tech support where you can merely tell them to update to the latest version, the bad actors could give bad reviews based on the cracked version. One of my engineering programs requires a screenshot of the About box before offering tech support. I don't know if this identifies the licensee, or if they have a checksum test result hidden in it. But these techniques are not for mainstream users, like a game would be.

[Oso]

As someone who learned from Hardcore Computist, modern tools make cracking trivial protection a trivial exercise. Even multiple points become an exercise of repeated trivial edits.

I had to look up Hardcore Computist, as that was a new one for me. It seems that dates back to removing the copy protection from Apple II software, to enable customers to make legitimate backups.

Yes, I'm beginning to understand that cracking software is probably quite trivial to those who become skilled and thus the difficulty becomes part of the attraction of doing it — the harder the better. I've been looking at some software we bought a few years ago and the vendor's business has since closed. I see that they have used a complex method, in which they use shared memory between the components of the system. One routine doesn't work unless the other routine first puts the necessary codes into the shared memory. It takes a long time to understand it and I don't really follow assembly language.

[tj1010]

TheMida, Code Virtualizer, and WinLicense have PB support... They are all inline-VM based PE protectors; nobody here is going to suggest a harder-to-defeat solution. Just use the xpacker features, so automated unpacker scripts don't work on your binary, and maybe the HWID lock features of WinLicense..

Signing installers and binaries and allowing downloads behind a paywall works too(PB uses this). Ban accounts that leak binaries..

My Credintials: 35 years of unpacking and keygenning commercial and malware protections... I have a IDA database of Denuvo VM handlers and instruction sets(the hardest-to-defeat protector ever created in the private sector) to keep an edge. VMprotect and Oreans products are the hardest 'shareware' protectors to defeat that money can buy... As long as you defeat public debugger scripts so the procrastinators can't just run a script... Real talent won't hit you till you get a market segment...

Honorable Mentions: Intel TXT, and USB dongle protectors; anything else is too easy...

[Oso]

Honorable Mentions: Intel TXT, and USB dongle protectors; anything else is too easy...

If it's easy to hack the assembler object in general, isn't it equally easy to just bypass the code that looks for the dongle?

[Caronte3D]

When you use a program protector that virtualize and encrypted code and only decrypt it at the moment of execution, it is more difficult to crack (not imposible, but...)

[netmaestro]

The software protection system I created 20 years ago remains undefeated. I just don't write anything worth stealing.

[Paul]

The software protection system I created 20 years ago remains undefeated. I just don't write anything worth stealing.

LOL

[tj1010]

Honorable Mentions: Intel TXT, and USB dongle protectors; anything else is too easy...

If it's easy to hack the assembler object in general, isn't it equally easy to just bypass the code that looks for the dongle?

Not decryption dongles... Dongles that execute VM code internally and shape stack and heap with return data... There was one company that did this last I looked for x86 hosts.. The cracker has to log traffic and rebuild entire binary with hand witten assembly that doesn't break stack frames or heap-setup; which is extremely expensive...

Intel TXT executes inside of MMU isolated enclaves and are decrypted internally using PKI schemes... PowerDVD AACS 2.0 and 2.1(UHD BluRay) protection has been undefeated since 2017 when it was released, and it's been under the scope by a lot of warez groups that have no problem devirtualizing and keygenning a modern protector....

Slowing attackers down with de-virtualization(Denuvo, Oreans, StarForce, Tages, VMProtect, Uplay etc..) is the bleeding edge in DRM if you don't have custom silicon for signed bootloaders, isolation etc...

Intel TXT is the only thing that gives x86 debugging and static-analysis protection to-date... Even when used on popular binaries...

Another Solution: SaaS... Nothing to crack... Lots of overhead cost, though...

[tored]

I think that Sublime Text editor uses a good solution. Sublime Text is nagware without a license, now and then you get a popup asking you to register a license, apart from that you are free to use it and you have access to all features. If you buy a license the nagware stops. This reduces the incentive to crack the program, but at the same time the nagware reminds people to support the program. This also means there is only one set of binaries that can be publicly downloadable.

The license itself also includes the name of the license owner together with a key. This means that if someones spreads a license key their own name will also be exposed. This reduces the chance that someone will spread their own key on the internet.