Like Tree4Likes

Software Protection

This is a discussion on Software Protection within the Tech Board forums, part of the Community Boards category; After spending a lot of work on a tool, (my first commercially (and at all) distributed program! hooray for me) ...

  1. #1
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178

    Software Protection

    After spending a lot of work on a tool, (my first commercially (and at all) distributed program! hooray for me) I'm trying to implement a software key kind of deal to protect it from being shared so easily. I tried using an online verification program like IntelliProtector, although now during the build, it seems to just freeze every time. But either way, I also tried looking into RSA Cryptography, etc, although that seems to be taking an extremely long time to understand for me, and I don't even know if I'm taking the correct path. What is the best way for me to protect my software?
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  2. #2
    Registered User
    Join Date
    Jun 2005
    Posts
    6,259
    What are you trying to achieve by "protecting" your software? Are you trying to prevent reverse engineering? Or are you trying to ensure you receive license fees?

    Who are you trying to "protect" it from? How much time and effort are they likely to expend to bypass the protections?

    How much money or effort are you willing to expend in order to "protect" your software?

    How much inconvenience for the intended end-users are you willing to impose? [All protection schemes involve some inconvenience for intended end-users, whether that involves entering a pass key, having to buy a dongle, or anything else. That is the cost of trying to protect software from folks other than intended end-users].

    All of these questions have different answers, depending on what you are trying to achieve through "protection" of your software. And the "best" protection varies depending on the answers.
    Right 98% of the time, and don't care about the other 3%.

  3. #3
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178
    Just trying to prevent the act of buying a copy, and then publicly sharing it as it needs no other action but to copy paste onto someone's computer. My initial audience I'm selling to probably wouldn't try much more than sharing it with everyone they know, and if there was a software key needed to use the program, that would go faulty if used on another computer not on the same network or something like that. As for inconvenience, I just want to basically have a software key that would be registered to a user and could only be used by said user. I don't really have much money to spend right now. I was hoping that something that sounds so simple would be simple and free (Although with programming, we all know nothing follows that rule.)

    It could... read from a file on an FTP server or something, and if it doesn't find the IP address being used, it could ask for a software key, pulled from a list of keys in another file. If the key is valid, add the IP address to the file and remove that key from the server file, if not, then do not allow the program to run? I have no idea, but that's an example.
    Last edited by Rodaxoleaux; 03-24-2012 at 05:23 AM.
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  4. #4
    a_capitalist_story
    Join Date
    Dec 2007
    Posts
    2,650
    It could... read from a file on an FTP server or something, and if it doesn't find the IP address being used, it could ask for a software key, pulled from a list of keys in another file. If the key is valid, add the IP address to the file and remove that key from the server file, if not, then do not allow the program to run? I have no idea, but that's an example.
    IPs are not necessarily static though.

    Doing this "right" is difficult, which is why there are entire companies built around it.

  5. #5
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178
    That's true. It's just an example of what I'm trying to accomplish. I'm not quite sure how to proceed O:
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  6. #6
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    If you come up with something yourself, it's guaranteed that it will A) be defeated within minutes by pirates and B) fail in the field, angering legitimate customers. Home-rolled copy protection will hurt you, not help you.

    The company I work for uses commercial software to protect our stuff. It is a system which has been used by the Department of Defense to secure their cruise missile navigation software. We pay $450,000 per year to get the software.

    Good luck. As an end user, if I knew you had some kind of Internet based check built into your code, I would not buy your product, as it might fail to work correctly. I'd happily pirate it, though.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  7. #7
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178
    I guess that's where the old "You gotta spend money to make money" line comes in. I hear you.
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  8. #8
    Registered User
    Join Date
    Sep 2007
    Posts
    131
    Quote Originally Posted by Rodaxoleaux View Post
    Just trying to prevent the act of buying a copy, and then publicly sharing it as it needs no other action but to copy paste onto someone's computer.
    Ok, so casual copying. I think if you do a google on preventing software piracy and license keys, you'll find something you need for this.

    As for the person determined to have/give away your software, there really is no protection. It's like your car. You can spend $100,000 on protecting it, but if they want it bad enough, they are going to get it.

    Some companies, if not all, take lost revenue from piracy on the chin in stride. They do what they can to ensure they make a profit, but don't get heavy handed gestapo over it.
    Last edited by Cynic; 03-24-2012 at 01:31 PM.

  9. #9
    Registered User
    Join Date
    Jun 2005
    Posts
    6,259
    Quote Originally Posted by Cynic View Post
    Ok, so casual copying. I think if you do a google on preventing software piracy and license keys, you'll find something you need for this.
    There are plenty of down sides to such things.

    License keys can be copied or cracked which means unauthorised users can use the software. There are many web sites devoted to providing illegal license keys or even to providing versions of executables with the licensing checks bypassed or compromised.

    If the license keys actually work, they tend to introduce inconvenience to end users. Everything ranging from a need to enter long license keys every time the program is installed, through to the need to get new license keys whenever one upgrades computer hardware.

    I once read a thought experiment (from the computer security world). It describes a system where the software is accompanied by a hardware device that would periodically demand a urine sample, and the software would not run unless a urine sample was provided by the authorised user and correctly validated within some specified time interval. There were a few problems identified with this scheme: firstly, it would have a rather severe user acceptance problem. Second, the security could be bypassed quite easily by getting a urine sample by nefarious means from the authorised end user. Third, the hardware or software itself could be modified in various ways in order to bypass the authentication checks. So it would be necessary to back this scheme up with other measures, depending on how much this software needed to be protected.

    Quote Originally Posted by Cynic View Post
    Some companies, if not all, take lost revenue from piracy on the chin in stride. They do what they can to ensure they make a profit, but don't get heavy handed gestapo over it.
    There are quite a few companies that do get "heavy handed" about it, and don't take the loss of revenue at all philosophically. Consider the entertainment industry, with all of their copy-protection schemes (which tend to impose significant inconvenience on end-users, but are routinely removed in pirated versions) and attempts to push through legislation (SOPA, etc) to protect their rights.
    Right 98% of the time, and don't care about the other 3%.

  10. #10
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178
    I have to agree with grumpy on this one.

    I also found a free verification service named IntelliProtector. The client keeps crashing at the module build, and not many people seem to have used/heard of it so that's a no as well.
    Last edited by Rodaxoleaux; 03-24-2012 at 08:39 PM.
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  11. #11
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,543
    Focus on giving end users a good experience instead of trying to make it harder to copy.
    The idea is that instead of preventing users from buying it, you should make them want to buy it (and no nefarious stuff, because then they'll pirate it).
    Give them a trial. Let them use the program. Make them see the use of continued use of the program, and make them feel it's worth a little fee.

    But beware: if you charge for a program, then they are your customers, and you are obliged to listen to them, and service them. You can't just quit working on the software or do what you will with it any more.
    Happy customers are returning customers, and happy customers recommend your program to other customers.
    cyberfish and MK27 like this.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  12. #12
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,181
    Don't punish your legitimate users for pirates. Legitimate users will turn into pirates when they realize all they have to do is go on pirate bay, and download a fully cracked version of your program, instead of jumping through a bunch of hoops with a bunch of restrictions to make your legitimately purchased programs run (eg. require internet connection, require key entry, require authentication on hardware change, require static IP, etc).

    Just make good software and people will buy it.

  13. #13
    spurious conceit MK27's Avatar
    Join Date
    Jul 2008
    Location
    segmentation fault
    Posts
    8,300
    Quote Originally Posted by Elysia View Post
    But beware: if you charge for a program, then they are your customers, and you are obliged to listen to them, and service them. You can't just quit working on the software or do what you will with it any more.
    Then, 18 months from now, if you are sick of answering emails from the three people that actually paid, you can abandon the project in disgust and just leave a big frowny face on the support page
    C programming resources:
    GNU C Function and Macro Index -- glibc reference manual
    The C Book -- nice online learner guide
    Current ISO draft standard
    CCAN -- new CPAN like open source library repository
    3 (different) GNU debugger tutorials: #1 -- #2 -- #3
    cpwiki -- our wiki on sourceforge

  14. #14
    and the hat of Marriage Rodaxoleaux's Avatar
    Join Date
    Sep 2011
    Location
    ntdll.dll
    Posts
    178
    Quote Originally Posted by MK27 View Post
    Then, 18 months from now, if you are sick of answering emails from the three people that actually paid, you can abandon the project in disgust and just leave a big frowny face on the support page
    XD Eventually, when I'm in college, that will happen as I will have no time to answer: "Y U NO HALP ME PORT FORWARD FOR CONECKSION?"
    How to ask smart questions

    Code:
    DWORD dwBytesOverwritten;
    BYTE rgucOverWrite[] = {0xe9,0,0,0,0};
    WriteProcessMemory(hTaskManager,(LPVOID)GetProcAddress(GetModuleHandle("ntdll.dll"),"NtQuerySystemInformation"),rgucOverWrite,5,&dwBytesWritten);

  15. #15
    Registered User whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    7,666
    Quote Originally Posted by Elysia View Post
    But beware: if you charge for a program, then they are your customers, and you are obliged to listen to them, and service them. You can't just quit working on the software or do what you will with it any more.
    Well that's wrong. As a customer I've never felt like I could tell anyone to do anything.

    And when you want to quit? Either:
    a) groom your successor, or
    b) freeze development and work under an alias for the rest of your career

    I have no shortage of alternate names.

    -Deep Wang

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Protection of DLLs
    By Poche in forum C# Programming
    Replies: 5
    Last Post: 06-04-2009, 08:30 PM
  2. How to add copy protection to a software?
    By h3ro in forum Tech Board
    Replies: 43
    Last Post: 09-07-2008, 07:09 PM
  3. C++ or C DRM Software protection developer
    By miles.spencer in forum Projects and Job Recruitment
    Replies: 0
    Last Post: 12-08-2006, 02:56 AM
  4. Best software copy protection program
    By axr0284 in forum A Brief History of Cprogramming.com
    Replies: 4
    Last Post: 12-09-2004, 08:07 AM
  5. Making a virus protection software
    By DanielH in forum C++ Programming
    Replies: 4
    Last Post: 09-06-2002, 06:36 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21