Homegrown protector system, bad idea?

thefool · Post by **thefool** » Tue Apr 25, 2006 10:25 pm

yup it does

like a "hammering" protection.
though im not sure if that would be enough. i mean if he only distributed to a few friends etc etc

what about 10 different ip's a week and he gets a warning with email, a kind one, where it states him to explain WHY there is this much access. If he can, then no block there anymore. if he cant, boom.

techjunkie · Post by **techjunkie** » Tue Apr 25, 2006 10:44 pm

thefool wrote:yup it does
like a "hammering" protection.
though im not sure if that would be enough. i mean if he only distributed to a few friends etc etc

Yes, but if it is a popular program spread on a p2p site, I'll guess the account will be turned off quickly!

And you have a side effect - I think registration online "scare" people to "share" the program. Especially if you have to register to get access of a online database or something.

utopiomania · Post by **utopiomania** » Tue Apr 25, 2006 10:52 pm

I agree with netmaestro on the issue of customer relations if a user copies his program around.

Just send him a 'nice' mail and cut him off. He can't be shure what will happen anyway, so will
probably try to behave.

If the scheme is any tighter than this, like locking to hardware or need to phone home to run,
it will be in the users face in an unacceptable way.

This is ok for an operationg system, or some types of programs, but not for small and fast apps
that can be run from a removable drive for example.

I use plain old Notepad a lot, but if it needed to connect to the net every once in a while I
would certainly use something else.

I use a simple program from time to time that prints Welcome:My Name in the statusbar when It
starts up, and Registered to:My Name in the about box, and I wouldn't dream of letting others
use a copy of it for a second.

Thats just the way humans think.

SFSxOI · Post by **SFSxOI** » Wed Apr 26, 2006 1:13 am

The problem with producing any type of file, no matter if its compiled and branded on the fly or branded and delivered in some fashion either by download or on a CD ROM in the mail; the problem is that once its in someone elses hands there is not much you can do to control how its further distributed and changed (hacked - cracked - reverse engineered -whatever...).

Thats kinda why I like my idea the best

at least if you no longer control the 'further distribution' at least you control the functionality. Yeah, it would probably drive a legit customer nuts (it would drive me nuts too).

Wev'e all at one time or another possibly violated a EULA, or 'accidently' pirated a product by letting a good friend install it, we have all sinned

.

Anyway, how about this....uniquely brand each copy of the product on the fly at compile time (like already suggested) but have some self modifying code built in that calculates and embeds the computer GUID in the installed product after installtion. Then have the user activate the product on line before it will function (just like MS does for winXP). After its activated the unique brand is now tied to a specific computer GUID, the software operates, gets updates, etc....and no further connection to the net needed (unless you re-installed it and needed to re-activate it). You wouldn't need to carry out any further checking or activation, just that one time activation. Then if that unique brand shows up again and tries to activate again, refuse activation until the user proves he/she is the one that purchased the product. For activation also have the purchaser supply a unique code that is supplied by you to them at time of purchase. This way at least once the product has been activated once, that particular file will never work again for anyone else even if the uniqe code is passed around because its tied to a particular computer. This may not stop someone from cracking or redistributing your product completly but it would surely limit it.

Besides, even if you did track down someone who pirated your product, unless you caught them in the actual act of using the product, d/l or distributing the product, etc...in other words they would have to be caught setting in front of the computer actually doing the act at the moment you caught them; unless these things happen you can scream and yell all you want and the law is not going to really prevail in your favor. If it was eaisier then that then all the people in the world who ever pirated a piece of software would be in prison today. Why do you think it was so hard to shut down Napster a few years back - because they had to prove beyond a shadow of a doubt that the Napster folks knew what was going on, they eventually prevailed not by law but by driving Napster into bankruptcy just about.

sverson · Post by **sverson** » Wed Jun 14, 2006 2:40 am

Hi,
my »homegrown protection« system works like this:

a. I add some hooks to the PB code to mark some functions hidden.
b. I create a software key.
c. I use a little PB program to encrypt parts of the exe using the software key.
d. Now the software is protected. You need a valid customer key + valid name and e-mail to run it.

1. After downloading and testing the shareware the customer pays via PayPal.
2. After successful payment he gets a PHP generated customer key (including name, e-mail and software key) via e-mail.
3. On the reg screen the customer is asked for his name and e-mail.
4. If there is a valid customer key file the program decrypts the non freeware functions at runtime.
5. The customer has access to all functions.

Try to crack the crackme it uses this way of protection. It's hard to crack because there is no if/then! The protrcted function is called but it just does not exist...
It also uses hidden text. You won't find any readable menu or message text.

sverson