-2

Let's say I have designed s very important system, and this system costs thousands dollars. I want to protect my system with a serial number as I know crackers will try to edit the binary code to bypass the serial number.

I have read about using a checksum function and apply it over my binary code and check the value if changed, but again, we are talking about a condition a cracker can avoid by editing the code.

My question is: what's the most used technique to protect important programs?

Dinah
  • 52,922
  • 30
  • 133
  • 149
Hany
  • 1,146
  • 4
  • 18
  • 26
  • 12
    Spend your time getting sales, rather than worrying about the X% that will steal it. They likely would not have paid you anyway. – gahooa Oct 25 '09 at 18:57

4 Answers4

2

I have yet to see a "protected" digital product that had not been cracked pretty quickly after its publication (or in some cases, before its publication). Sorry, but it's the reality. You have to get the revenue by making a good product. Most of those who want to use it and can afford, will pay.

There will be a few dickheads, but that's life. You better be kind towards the legit users of your software and not bully them with weird copy protection attempts that don't work anyway.

Joonas Pulakka
  • 36,252
  • 29
  • 106
  • 169
  • Word. No program is fully protected. Any solution you come up with will have a counter-"Oh, but they can just...". Make it "uncrackable" enough that a totally casual user can't just delete one file on their hard drive to make the nags go away and be happy with that. Any further effort is wasted at best and harmful at worst. – Chuck Oct 25 '09 at 19:14
0

The most used technique is serial numbers. But your customers will have access to the code, so they will be able to bypass your serial number check, no matter how much work you put into obfuscating it.

However, if you can provide your software as a subscription-based or one-time-payment web application, then people will not be able to do this. Whether this is feasible or not depends on the type of application you're writing.

Kaleb Brasee
  • 51,193
  • 8
  • 108
  • 113
0

If your app is working offline, whatever checks you do (check sums, serial code validity, etc), do them often, repeating verification code, in many routines of your software. Obfuscate your code, to make reverse engineering a more difficult task, and, if you have the possibility, implement an online check, part of the core functionality of your app residing on your server, and being serviced only to those installations that you have checked server-side for valid license key. Associate the license key to some form of unique identifier of the hardware the app is running on, and if you check online, have statistics concerning the IPs that make the verification request: if you encounter more IPs trying to verify the same license key, contact the buyer and approve a list of IPs they usually log on from, whilst blacklisting any other until specific request from them, either by mail or by phone.

luvieere
  • 37,065
  • 18
  • 127
  • 179
  • 1
    If I had to use software that requires me to be online all the time from a restricted set of IPs and to answer some stupid calls/mails concerning a license that I have paid for -- I would probably get hold on a cracked, usable version of it. Shouldn't the vendor badger the crackers, not the legit users? – Joonas Pulakka Oct 26 '09 at 04:17
  • It depends what your main concerns are as a customer. I'd rather as a customer see myself as a partner in securing it if I've paid money on it, than fuss about the steps I have to take to ensure that the system is not breached. Trust me, if you convince me to pay money for your software, it'll be something I'll be making damn sure nobody's using for free, and I'd be just as paranoid in protecting it as the person who sold it to me. – luvieere Oct 26 '09 at 05:19
  • You have an interesting viewpoint, but I'm afraid that 99 percent of people don't think that way. They may want to use the software and are ready to pay for it, but piracy issues should be the vendor's headache. The fact that MS Windows is being widely pirated doesn't bother me, even though I own a legit copy of it. Well, maybe it should bother me!:) – Joonas Pulakka Oct 27 '09 at 13:29
  • I'm addressing a vertical market, so nor can I account for, nor do I target 99 percent of people. Me and my team install, configure and mentain the hardware and software necessary to each instalation, so it's not likely that there are a lot of chances that I get my system pirated. However we and our customers see the ownership of our product as a privilege rather than a consumer commodity, so they are co-interested not to have this quite expensive system breached. The potential implications of the system being hacked would exceed by far the simple scenario of unauthorized and "free" usage. – luvieere Oct 27 '09 at 14:04
0

I would always recommend to build a custom software protection before applying any kind of commercial protector such as a Packer. In any case just a serial validation and a checksum check are not going to keep crackers away. I would recommend you to visit my new blog www.anti-reversing.com and take a quick look at the anti-piracy tips & tricks page just to have an idea about what I am talking about.

Economou Kyriakos
  • 161
  • 1
  • 5