software copy protection

[kunjachan]

Hi

I need a source code for software copy protection. We want to make sure our software is installed in only one machine, also it should not be allowed to copy from CD. Theoretically one CD - one installation. Is this possible?

Thank you!

[Deniz]

you find an answer to that, you've solved the question of the millenium.

This has been discussed so much under so many different titles in these forums its not funny.

Try a search on: dongles, machine ID's, how to read motherboard serial no. etc etc , I come across this sort of stuff all the time in the VC++ forum.

Theres no answer that will be foolproof. Or at least difficult to crack and cost effective at the same time. Its a catch 22.

If you use a dongle, its going to cost money and they are never 100% safe.

If you use special key's and ID numbers and read machine ID's, encrypt and store those in a db that would still not be %100 safe and too much effort depending on how many of your software your planning to sell.

To make it plain and simple, theres no easy way of doing it. You'll need to accept that if your software is that good and you think its going to be in demand, it is going to be pirated. Simple as that. Even a company of Microsofts status cant stop it with their offices all around the world.

Good luck!

[mikedershowitz]

Deniz is right. You're goign to want to evaluate the cost/benefit of some of these measure and decide where to spend your time accordingly. In reality, in our business, a cost of doing business are unfortunately revenues lost to piracy.

If you're in the corporate arena, most corporations are very good about this becuase they don't want the fines, so this is too big of a problem. If you're in the consumer arena, back to Deniz' point, forghettaboutit!!

[Deniz]

so far, out of aaaaaall the so called solutions to this problem, the best I've seen are dongles but they arent worth the money if your product is something which sells for, say, $200 a copy. The dongles themselves are in the vicinity of $40-$80 each.

You can try the hologram sticker or certificate approach but that means you need to enforce it somehow. Pointless.

Best thing to do in my opinion is try not to think about it too much. That way at least you'll save stress and concentrate on 'paying customers'.

[Mick]

unless your coding under a secure OS (don't worry it's not out there) then there is nothing you can do...and even then..there's still nothing you can do...other than not turning on the power...

[Deniz]

still, theres a few approaches until the magnificent salvation of the IT industry, the next generation, the God of the Gods, the wonderful secure OS "longhorn" comes out

Some incentives for paying customers is what I did in the past, they'd be registered, of course, to benefit from these little perks. What they would be is up to you, free upgrades for a period of time or tech service or tech support over the phone are a couple of ideas.

Merry X-mas! :wave

[mikedershowitz]

Wait, you mean Longhorn's supposed to be secure? i mean actually secure, not MS claims of security that aren't really true. For some interesting reading, check out this article:

http://abcnews.go.com/sections/scite...ag_031211.html

It's talks about some of the holes in Mac OSX and how Windows is most vulnerable becuase it's such a widely used system. Same theory as why terrorists use planes, etc.

[Deniz]

Originally posted by mikedershowitz
Wait, you mean Longhorn's supposed to be secure? i mean actually secure, not MS claims of security that aren't really true. For some interesting reading, check out this article:

http://abcnews.go.com/sections/scite...ag_031211.html

It's talks about some of the holes in Mac OSX and how Windows is most vulnerable becuase it's such a widely used system. Same theory as why terrorists use planes, etc.

I was being sarcastic

[alfredolinguini]

You should check out software_DNA at www.softworkz.com

It's a client-server solution and is extremely robust, cost-effective and scaleable.

There's a demo you can try out to see if you can crack it.

[galathaea]

There are a few mathematical theorems which show you can make a program O(f(n)) complex to crack for various functions f and code sizes n, usually using complex nested encryptions keyed to a series of checksums which reflect back upon the state of the program (where complexity is measured as number of code instructions to check multiplied by number of primitive operations in the calculation per instruction to solve for a crack instruction change). Unfortunately, there is no way to completely relieve the possibility of crack instruction changes (ie. instructions, often branch-if comparisons, which can be changed by a cracker to produce a program that improperly verifies a condition - like ownership), due to a classical theorem. And worse, you can always execute a program on a virtual processor / debugger / alternate logic that reads the instructions one machine code at a time and yet either improperly evaluates them or in some other way (like breakpoint and register change) alters the logic of the execution without changing the machine code itself, making it impossible to securely introspect.

The funny thing is:

Despite this, we will almost certainly still one day be attaching our brains up to these things.

[alfredolinguini]

I'm afraid I don't quite follow what you are saying. Can you crack the clock demo at www.softworkz.com? It comes with only 2 files and looks pretty straightforward, however I've been testing it for a while and it's been rock solid.

Please let me know if it can be defeated!

Thanks