Activation/licensing techniques?

[pthien]

I have a little utility that I think may have some appeal to a very niche market.

I would like to distribute a demo version that can be converted to a full version by saving a registration or "key" file to the working folder.

Has anyone thought of this registration feature? I would like to encode a license name into a key and save those to a file, so the program can read the file and run some kind of checksum to make sure the name/key match, which will make it work as a full version.

But I'm not sure where to start.

[Zach]

Well, just an off the top of my head idea but I would use something like the AES or other encryption PB supports.

You can use the Name of the user as the encryption/decryption key. On your end you have a program that will generate a serial and then encrypt it using the user's name as the encryption key.
On the users machine, the utility has a function built in to check for, and if present open/read the registration file. The file would have the users name on one line, and then a long encrypted string on the other.

Then the program just runs a decrypt on that string using the name in the file as the decryption key.


Probably the simplest of methods you could use, but it would work for this purpose I suppose.

As far as algorithmically generating unique serials and verifying them, that is more advanced than I can speak about.

[luis]

I would like to distribute a demo version that can be converted to a full version

You are actually saying you want to distribute the full version.

If you do what you propose then the logic in your program is:

IF [very_complex_operation_rocket_science_grade = OK]
GOING FULL MODE
ELSE
DEMO
ENDIF

Then is sufficient to replace one instruction in the exe to execute the FULL MODE when the test fail.

If your market is really a niche (not many people interested in your program) maybe would be better to release a demo non containing the code of the full version, and release the full version only when the program is actually bought. Then you can hope the fact 99% of the people is not interested in it will prevent/limit its diffusion.

[pthien]

I had thought about that, Luis. But I had also thought I'd make it a little more difficult my compressing/encrypting the executable file, and maybe check for the license in more than one area of the code.

I realize that anything can be hacked. If I make it hard enough, and keep my price low enough, then hopefully people will just pay.

[pthien]

Well, just an off the top of my head idea but I would use something like the AES or other encryption PB supports.

You can use the Name of the user as the encryption/decryption key. On your end you have a program that will generate a serial and then encrypt it using the user's name as the encryption key.
On the users machine, the utility has a function built in to check for, and if present open/read the registration file. The file would have the users name on one line, and then a long encrypted string on the other.

Then the program just runs a decrypt on that string using the name in the file as the decryption key.


Probably the simplest of methods you could use, but it would work for this purpose I suppose.

As far as algorithmically generating unique serials and verifying them, that is more advanced than I can speak about.

I think if I use the purchaser's name as the encryption key, then someone will be easily able to create their own unlock codes. Perhaps I should use a secret "password" only I know to encrypt their name, and use that as the unlock code. It looks like some of the software I have purchase do something similar.

So I will look into the PB encryption/decryption functions.

Thank you for your help

[luis]

I realize that anything can be hacked. If I make it hard enough, and keep my price low enough, then hopefully people will just pay.

OK then. Oh another thing. In my experience one good way to make people more inclined to pay are frequent updates.
Even if they can get their hands on a cracked copy, it's usually less likely they will continue to easily find one for every update.
And sometimes the price asked makes the effort not worth it.
Not all programs are meant to be expanded or updated tough, so as always ... it depends.

[Zach]

Well even if you use a secret password the encrypt the info, the encryption/decyption key can still be found if you are compiling it with the program anyway.. so keep that in mind.
It doesn't matter which way you do it really, I guess.

But I guess from my point of view, using the users name might cost someone a little more time, or I Could be completely wrong. I don't know how cracking works, or how to read the outputs from the kind of code viewing tools those people would be using anyway

[pthien]

Well even if you use a secret password the encrypt the info, the encryption/decyption key can still be found if you are compiling it with the program anyway.. so keep that in mind.

Oh that is a good point.

[skywalk]

I guess to be the most crack proof, you have to phone home randomly and keep statistics on access times,system info,checksums of your exe., etc.
This requires being connected, but isn't that the way most users check/get upgrades anyway?
Every click to check for updates would also spawn the license checker and re issuer(new code).
For very expensive design software, companies use license servers which will shut down valid users quite often.

[Tenaja]

By putting in an intermittent bug that only shows itself if cracked, you might expose and frustrate the thieves. (Just don't advertise it.) When they post the problem, just announce that an update is available through "legal" update means and make a non-changing update for the legal users.

[jesperbrannmark]

Encrypting the exe can make some antiviruses go nuts.
First thing to do is to have seperate EXE files for demo version and real version. Dont let them download the full version until its paid for.
Second thing is to have some function relying on something on your server - and that this function gets its information with the serial number or part of it or fingerprint of it.

[jesperbrannmark]

Encrypting the exe can make some antiviruses go nuts.
First thing to do is to have seperate EXE files for demo version and real version. Dont let them download the full version until its paid for.
Second thing is to have some function relying on something on your server - and that this function gets its information with the serial number or part of it or fingerprint of it.

[IdeasVacuum]

Before releasing your app, upload it to VirusTotal, which will check for viruses with a huge list of AV apps. If any of the AVs give a false positive, contact the developers via their website, they will test your app and update their engine. In my experience, that whole process takes around 2 days.

Server dependency is good security, but take care not to annoy your customers - if their internet is down, they need to be able to continue using your app. For many businesses it is simply not an option because the staff do not have an internet connection.

[Trond]

I realize that anything can be hacked. If I make it hard enough, and keep my price low enough, then hopefully people will just pay.

Remember, the harder you make it, the more of a motivation for a cracker who cracks for fun. Which applies to most cracked software which can be found for free.

One of my ideas is to customize each paying customer's download with a watermarked executable. Both hidden watermarks and a visible watermark in the about box and also shown the first time the program is ran. ("This program is registered to Barack Obama. Thank you for buying this program. We trust you to be one of our many honest customers.
Some bad apples think that putting this program on the internet is legal. Sharing this program on the internet is illegal, and will exclude you from future updates.") Don't make the consequences too severe (like "legal measures will be taken"), then people will just block them out and deny it applies to them.

And maybe add a button that says "I'm not Barack Obama" that leads to a purchase page.

Pay attention to how the social proof is used in your message. People are like sheep, they always follow everyone else. So if your message starts with "many people thought it's fun to pirate this program...", then you're basically making piracy legitimate.

Best of all, this can be combined with almost any other technique.

[X]

Use CompilerIfs ... don't distro the full version, only the demo. The full version could be locked to a computer (or set of computers) via serial hash or a HD guid somewhere. That will black out most of the criminals.