Re: application licensing scheme?
- From: "Grant" <grant@xxxxxxxxxxxxxxx>
- Date: 15 Jan 2007 00:09:05 -0800
I didn't say that software using our licensing system could not be
cracked. That would be a stupid claim for the reasons you outlined.
I said a cracker could not reverse engineer a valid key by inspecting
the software alone (even if they had the complete source code). This
is because the keys are validated using public key encryption. In fact
if you take a look at our website (www.infralution.com/licensing.html)
you will see we are very upfront about the fact that any licensing
scheme can be cracked. Some licensing system vendors would like you
to believe that if you purchase their system you will never be cracked.
We are not one of them. If your software is worth cracking it will
be cracked. However cracked keys which work in the genuine (unpatched)
software are more of a problem then patched versions of your
application.
Regards
Grant Frisken
Infralution
Valery Pryamikov wrote:
Grant wrote:
Hi Ben,
You could take a look at Infralutions Licensing System. It generates
short license keys that are validated using a public key encryption
algorithm, making it virtually impossible for a cracker to reverse
engineer them by simply inspecting your code using ildasm.
This is a stupid claim. Cracker with disassembler can crack any
licensing scheme! and licensing schemes that use cryptography are
actually the easiest to crack! (when you use wrong tool for doing the
job, the job is usually purely done)
Btw. rigorous mathematical proof that uncracable licensing scheme is
impossible could be found in "On (Im)possibility of Obfuscation"
So, you are telling that they use signature of something as license,
cracker can:
- obtain valid signature from someone else; (no disassembler required -
just reuse someone's else license).
- or use method that will always work: trivial jump correction
technique (i.e. replacing of conditional jump with unconditional);
for the C# it could look like if you previously had
"if (!IsLicenseValid()) exit();", after jump correction it will be
analogous to
"if (false && !IsLicenseValid())) exit();" that leads that the exit()
due to invalid license will never be executed.
Cryptography and Obfuscation and License protection have completely
deferent goals!
cryptography tries to reduce the large secret (plain text) to the small
secret (encryption key), while as License protection and Obfuscation
(here I mean real obfuscation - not what you get with dotfuscator)
tries to take a little secret (license) and spread it over whole
program body so that almost whole program code depends on a valid
license.
I wrote several blog posts about obfuscation and license protection
that you can read here:
http://www.harper.no/valery/PermaLink,guid,24c827f1-50a9-4bd5-82fa-4af09f81e849.aspx
http://www.harper.no/valery/PermaLink,guid,0f90cf89-2689-4b7f-8d50-84c964795f3e.aspx
http://www.harper.no/valery/PermaLink,guid,dc60e595-cd94-4273-8054-e12d871b8f48.aspx
Its very
reasonably priced and provides a "License Tracker" application for
managing your customers, sales and license keys. You can get more
information and download an evaluation version from:
www.infralution.com/licensing.html
Regards
Grant Frisken
Infralution
-Valery.
http://www.harper.no/valery
.
- Follow-Ups:
- Re: application licensing scheme?
- From: Valery Pryamikov
- Re: application licensing scheme?
- References:
- Re: application licensing scheme?
- From: Valery Pryamikov
- Re: application licensing scheme?
- From: Valery Pryamikov
- Re: application licensing scheme?
- From: Grant
- Re: application licensing scheme?
- From: Valery Pryamikov
- Re: application licensing scheme?
- Prev by Date: Re: DECRYPT with PUBLIC key (how to?)
- Next by Date: Re: application licensing scheme?
- Previous by thread: Re: application licensing scheme?
- Next by thread: Re: application licensing scheme?
- Index(es):
Relevant Pages
|
