Re: Commercial Copy Protection SDK?

From: Doug McIntyre (merlyn@visi.com)
Date: 05/21/02

  • Next message: Rob Slade, doting grandpa of Ryan and Trevor: "REVIEW: "Cyber Forensics", Albert J. Marcella/Robert S. Greenfield" 

    From: Doug McIntyre <merlyn@visi.com>
Date: Mon, 20 May 2002 23:26:37 GMT

    "Joshcali" <sara2b4me@blank.com> writes:
    >I'm writing a software program for windows 2000/xp
    >in visual c++ 6.0 that I'm going to release as a commercial
    >product, and I have no idea how to offer copy protection.

    > what's a good way to copy protect the software?
    >I'm a complete newbie to copy-protecting software
    >and I guess I'm looking for a commercially available piece of software
    >which can be used to copy protect my software...

    >can anyone give me a lead?
    >I can be e-mailed privately at sara2b4me2@xxx.com
    >(change the x's to yahoo for the e-mail to work)

    Whole books could be written about the subject, so what you're asking
    is pretty broad.

    The first truth to realize is that its going to inconvience your
    end-users. How much will your end-users put up for you to protect your
    program, you'll have to balance this factor with your level of
    protection (ie. who are you trying to protect against?). Trying to
    protect a game with a hardware dongle probably isn't going to work in
    the marketplace.

    The second truth to realize is that anything you put in, can be
    deciphered, disassembled, analyzed and patched around no matter what
    you do. How much effort you put in to protecting your software, as
    opposed to how much effort the crackers will expend to break your copy
    protection is another factor to consider. (ie. if you go all out for a
    $20 program, you probably are wasting vast ammount of resources). 

    ---

    That being said, look around at what current software programs are using.

    Most of them now-a-days require a serial number to put in while
installing, which usually isn't obvious to guess, but even bigger
companies like Adobe have had their entire scheme cracked wide open,
so they've switched from the mostly numbers with some letter scheme to
the all letter scheme now. The main motive for the serial-number is
that the user might not be willing to share his serial-number with a
copy for his friend for fear of you tracking a copy back to
them. Otherwise, pirates trade serial-numbers on any number of 1000's
of web sites right now.

    The next step up is a hardware dongle of some sort, either on parallel
port or USB is the most popular now-a-days. Dongles still have
negative connotations for users, especially with compatibility
problems with printing and their computers. Most of the dongle makers
have fixed the problems years ago, but that perception is out
there. Dongle's will take a little bit more than copying a
serial-number with a program for the software priate, but again,
software with dongle protection does get cracked all the time and
traded around on the pirate distribution channels. Also, they cost $$
per each dongle, and you have to supply one each to your customers.

    The next step after that in popularity seems to be the license manager
scheme (ie. Globetrotter's FlexLM solution, or Microsoft's software
Activation feature), which the license keys needed to run the program
are tied to somesort of hardware feature of the machine (ie. serial
number of the workstation (not applicable in PC's) or ethernet MAC
address, or hard drive serial-number of the label), and you have to
issue each user a unique license key based on the hardware of their
machine. If they change out hardware, you need to verify that they are
getting rid of the old hardware, and issue them new license keys again
based on the new hardware. 

    ---

    So, ultimately, you have to weigh how much you are trying to protect
against how much cost you have to spend. Most companies depend on just
the simple serial-number so that casual copying might be blocked by
users not willing to risk their serial# getting out, but overall, its
not that effective a deterrent. 

    -- 
Doug McIntyre						merlyn@visi.com
                   Network Engineer/Jack of All Trades
                      Vector Internet Services, Inc.

    Relevant Pages

    • Re: Commercial Copy Protection SDK?
      ... >which can be used to copy protect my software... ... The main motive for the serial-number is ... The next step up is a hardware dongle of some sort, ...
      (comp.security.misc)
    • Re: [PATCH RESEND 1/1] crypto API: RSA algorithm patch (kernel version 2.6.20.1)
      ... you need a whole lot and that also means hardware (cryptomemories e.t.c) ... You need to protect your kernel binary already, adding a key to that doesn't increase the ... so all that hardware safety is already in place. ...
      (Linux-Kernel)
    • Re: Program protection - can not be copied
      ... The only way to protect the program is doing with some unique ID or hardware-specific inforamtion. ... It's possibile to "download" the image from a device and run it on ... If you need to "lock" the image on a specific hardware you'll have to ... (l'indirizzo di reply di questo messaggio non ?valido) ...
      (microsoft.public.windowsce.platbuilder)
    • Re: Security risk on dual boot WinXP/Linux systems using Partition Magic 8.0?
      ... > Any time you have access to the hardware, you have full access to do what ... > with NTFS although writing to that file system can be a bit problematic. ... > protect the logical system if you want to be secure. ... just one thing to add -- filesystems with encryption can ...
      (comp.os.linux.security)
    • Re: Compiling TWO execurables
      ... > could copy this file and play it. ... I want to protect it with a dongle. ... About the only way I can think of to "embed" one exe inside another is to do ...
      (microsoft.public.vb.general.discussion)
    • Quantcast