Aurokripa
asked on
security for application
hello sir,
i know cd protection is a very big & internation problem but everything is possible.
v r working on vb6.
v want a solution for cd protection as well as application security without using a dongal (hardware lock : eprom) or any physical device.
restrictions :
1. cd to cd writing
2. copying cd to hdd
user can install from cd in him/her single pc only.
is any facility in c++ ?
thanx
bhavesh
i know cd protection is a very big & internation problem but everything is possible.
v r working on vb6.
v want a solution for cd protection as well as application security without using a dongal (hardware lock : eprom) or any physical device.
restrictions :
1. cd to cd writing
2. copying cd to hdd
user can install from cd in him/her single pc only.
is any facility in c++ ?
thanx
bhavesh
Auro...,
If there were a simple, inexpensive, and foolproof way of doing this, don't you think EVERYONE would be using it?
As briefly as possible, my opinion is that THIS CANNOT BE DONE simply, inexpensively, in such a way that it is effective against pirates but not inconvenient to paying customers.
I've said it before and I'll say it again:
"Pirates don't buy software. Paying customers don't pirate. Spend your resources with the paying customers and ignore the pirates."
If there were a simple, inexpensive, and foolproof way of doing this, don't you think EVERYONE would be using it?
As briefly as possible, my opinion is that THIS CANNOT BE DONE simply, inexpensively, in such a way that it is effective against pirates but not inconvenient to paying customers.
I've said it before and I'll say it again:
"Pirates don't buy software. Paying customers don't pirate. Spend your resources with the paying customers and ignore the pirates."
I rather agree with what jhance said, why waste your resources to people who have no intention of paying anyway? They simply won't use your product if they have to pay.
But anyway, a quick survey showed that http://www.cdmediaworld.com/hardware/cdrom/cd_protections.shtml might be interesting.
But anyway, a quick survey showed that http://www.cdmediaworld.com/hardware/cdrom/cd_protections.shtml might be interesting.
I just noticed:
>>user can install from cd in him/her single pc only.
That would require a write to the CD to save the 'number of licenses'. Without a CD/RW this wouldn't work at all.
Maybe you should adopt the new Microsoft licensing: use a combination of all types of hardware information and with this info let the user call in to get a key to unlock the software. You will have many unhappy customers ;-)
In 3 words: don't do it!
======
Werner
>>user can install from cd in him/her single pc only.
That would require a write to the CD to save the 'number of licenses'. Without a CD/RW this wouldn't work at all.
Maybe you should adopt the new Microsoft licensing: use a combination of all types of hardware information and with this info let the user call in to get a key to unlock the software. You will have many unhappy customers ;-)
In 3 words: don't do it!
======
Werner
Like many of the experts have already stated this is very difficult however there are several solutions used by the gaming industry and large companies like Rational and of course the new crap Microsoft is rolling out.
1.) Game Developer magazine has an article on Spyro 'Year of the Dragon' they used numerous checksums to determine if the software had been cracked.
2.) If you get enterprise class software like Rational Clearcase a server application is used to authenticate the client applications liscence where obviously there is strict control over a liscence that may/may not have expiriation dates that you have to periodically dl from the s/w vendor
3.) With XP M$ only allows certain number of installs and it extensively polls the h/w on your machine to generate a key similar to way pgp keys are created.
Obviously these techniques will only last for a certain period of time and are annoying like the M$ one, Spyro's protection was only design to keep the cracks off the net during the 1st 4 mos the game launched since this is when a games make the most money. Obviously with a application with a longer lifecycle (like most apps) this needs to be enhanced for longer defensiveness.
My 2 cents...
1.) Game Developer magazine has an article on Spyro 'Year of the Dragon' they used numerous checksums to determine if the software had been cracked.
2.) If you get enterprise class software like Rational Clearcase a server application is used to authenticate the client applications liscence where obviously there is strict control over a liscence that may/may not have expiriation dates that you have to periodically dl from the s/w vendor
3.) With XP M$ only allows certain number of installs and it extensively polls the h/w on your machine to generate a key similar to way pgp keys are created.
Obviously these techniques will only last for a certain period of time and are annoying like the M$ one, Spyro's protection was only design to keep the cracks off the net during the 1st 4 mos the game launched since this is when a games make the most money. Obviously with a application with a longer lifecycle (like most apps) this needs to be enhanced for longer defensiveness.
My 2 cents...
Ahh, a topic near and dear to my heart...
You need to have the user call in and get an unlock code to enable the software on every installation. It might be worth the hassle (to you and your customers) if your software sells for more than $500.00 (US) per unit.
Another alternative is to ship the CD with a floppy diskette. Floppy diskette copy protection is relatively easy to do. Have the floppy contain just the custom install program (and the bad-track shennaigans that lets you do the copy-protection) and all the cab files are on the CD.
-- Dan
You need to have the user call in and get an unlock code to enable the software on every installation. It might be worth the hassle (to you and your customers) if your software sells for more than $500.00 (US) per unit.
Another alternative is to ship the CD with a floppy diskette. Floppy diskette copy protection is relatively easy to do. Have the floppy contain just the custom install program (and the bad-track shennaigans that lets you do the copy-protection) and all the cab files are on the CD.
-- Dan
The best way I know to do it is like this...
Every computer has a NIC (network interface card) that contains a globally unique identifier. You can get your code to get the identifier and (combined with other information about the machine eg processor speed, hard disk capacity etc) calculate and display a number (or combination of numbers and letters) to the user. The user is then required to ring you, the software provider, with this number. You can use this first number to produce a second number, using a specific algorithm. The user then types this second number into the program. The program uses the same algorithm and (knowing the first number) can work out whether the second number is genuine, and thus unlock the software. Every time the program is run, the second number is checked against the first. Since the private part of this process is the algorithm, the two numbers can be stored in a public place (eg registry on NT, or a file).
There are several mathmatical processes that would make the second number very hard to calculate if you did not know the algorithm, even if you had several examples of first number / second number combinations.
The disadvantages of this system is that it ties the licence to one computer, so you have to provide a licence migration facility. Also if you sell a lot of copies of your software, then it is a big operation to provide keys.
Hope this helps...
Every computer has a NIC (network interface card) that contains a globally unique identifier. You can get your code to get the identifier and (combined with other information about the machine eg processor speed, hard disk capacity etc) calculate and display a number (or combination of numbers and letters) to the user. The user is then required to ring you, the software provider, with this number. You can use this first number to produce a second number, using a specific algorithm. The user then types this second number into the program. The program uses the same algorithm and (knowing the first number) can work out whether the second number is genuine, and thus unlock the software. Every time the program is run, the second number is checked against the first. Since the private part of this process is the algorithm, the two numbers can be stored in a public place (eg registry on NT, or a file).
There are several mathmatical processes that would make the second number very hard to calculate if you did not know the algorithm, even if you had several examples of first number / second number combinations.
The disadvantages of this system is that it ties the licence to one computer, so you have to provide a licence migration facility. Also if you sell a lot of copies of your software, then it is a big operation to provide keys.
Hope this helps...
Bah,
So if your NIC changes, or you exchange a hard drive, or add some memory, the program won't run anymore. Then the client has to take action to get a new number, pull out all kinds of paper work and probably wait for weeks before some dumb and marginal software company delivers a new key.
While the pirate that happily uses a hacked version has no such problems at all?
Are actually trying to /promote/ piracy here?
So if your NIC changes, or you exchange a hard drive, or add some memory, the program won't run anymore. Then the client has to take action to get a new number, pull out all kinds of paper work and probably wait for weeks before some dumb and marginal software company delivers a new key.
While the pirate that happily uses a hacked version has no such problems at all?
Are actually trying to /promote/ piracy here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
KangaRoo
Thank you very much for your extremely constructive comments. I'm sure that we all look forward to hearing your solution to this problem.
In response to some of your points: yes; every time you change your computer, you need a new key. If you a business user, changing your desktop configuration tends to happen rarely. Considering the licence could have cost 10s of thousands of dollars, making one phone call is no big deal. If your software company can't organise its end with efficiency, it will lose business pretty quickly.
Admittedly, this method won't protect against piracy of the next Half-Life, but for several big business systems it can (and does) work.
Thank you very much for your extremely constructive comments. I'm sure that we all look forward to hearing your solution to this problem.
In response to some of your points: yes; every time you change your computer, you need a new key. If you a business user, changing your desktop configuration tends to happen rarely. Considering the licence could have cost 10s of thousands of dollars, making one phone call is no big deal. If your software company can't organise its end with efficiency, it will lose business pretty quickly.
Admittedly, this method won't protect against piracy of the next Half-Life, but for several big business systems it can (and does) work.
I tried something like that some time ago. I think you will have to come up with your own ideas. Why? If it cannot be in C++, because the language doesn't care about copy protection. It wouldn't be in the libraries that came with your compiler, since then it would be easy for everybody to understand how it works and find a way around it.
So the only option you have is to go out and find a company that sells yoy their copy protection or find your own way to solve that problem.
Sorry
======
Werner