Solved

Anti Hacking???

Posted on 2002-03-25
11
176 Views
Last Modified: 2010-04-02
Hello All!

We have an application that uses COM objects. So we need to ship the (20+) COM objects with our APP to customers. The software is also available for download for DEMO.

So I need to secure our COM objects from being cracked. I dont want them to be useable other than in our software context. As they include massive functionality and one can easily build a stolen verion of our software just by writing few ASP pages.

I need Ideas on how to make it most difficult for users to use the dlls independently.

Hoping for some good response ASAP.
ANY HELP WPOULD BE HIGHLY APPRECIATED. I CAN SPEND UPTO 500 POINTS on it.

__A
0
Comment
Question by:kuchnaheen
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
Comment Utility
>>I need Ideas on how to make it most difficult for users to use the dlls independently

- Use undocumented interfaces that are not included in any TLB

- Use an application callback that "identifies" the apllication using a challenge/response method

- "disguise" them by creating "Ghost" entries and redirect using "CoTreatAsClass()"
0
 
LVL 32

Expert Comment

by:jhance
Comment Utility
Technical "tricks" are all fine and dandy but remember:

1) No matter how clever you think you are, there are smarter (or just more determined) people who value themselves based on their ability to crack what you've protected.  I'm not aware of ANY SCHEME that has not been cracked.

2) The BEST defense is a copyright and strong and well written license agreement.  If the software you license is misused, your lawyers can have a "field-day" with the offenders.
0
 
LVL 1

Author Comment

by:kuchnaheen
Comment Utility
Thanx jkr: but my problem is bit more complicated...I cant hide methods, We ship open ASP code that uses COM objects...u c the problem....challenge/response will also fail here...how can I encapsulate the response code????

Thanx jhance: U r 110 % right and I know that, but this is what I am to do, Lawerys will do their part when their time comes, as we have really bitter experiences with our last version. We got to protect it this time. I know we cannt do that, but we can increase the amount of effort that one will have to put in, n that will reduce misuse.
0
 
LVL 32

Expert Comment

by:jhance
Comment Utility
One possibility might be to use a public/private key encryption scheme.  RSA (now that it's free of patent issues) might be a good choice.

Perhaps something like:

You (at build time) embed a private key generated value into the application that calls the objects.  Since only you have the private key, nobody else can generate a key that works.

The objects have the public key inside them and can therefore decode the private key encrypted messages.

It's not 100% foolproof since it's possible that someone could hack the interface and just send the same keys that your applications does but if the "vocabulary" was large enough the process would be very time consuming.

Just a thought.
0
 
LVL 4

Expert Comment

by:IainHere
Comment Utility
Unless it is a fully functional time limited demo, then you could conditionally compile out some of the code that should not be callable from the demo.  Of course, you'd have to alter the ASP pages for the demo.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 11

Expert Comment

by:griessh
Comment Utility
Dear kuchnaheen

I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. You can always request to keep this question open. But remember, experts can only help you if you provide feedback to their questions.
Unless there is objection or further activity,  I will suggest to accept

     "jhance"

comment(s) as an answer since you never gave more feedback.

If you think your question was not answered at all, you can post a request in Community support (please include this link) to refund your points. The link to the Community Support area is: http://www.experts-exchange.com/commspt/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner
0
 
LVL 1

Author Comment

by:kuchnaheen
Comment Utility
Werner:

>>I think you forgot this question

Not true
We were trying to find out the solution, n at last we did. I was thinking abt packing the question but keeping it open was also not a bad idea as some one can always come up with a better idea, but if u really press then to me jhance answered my question on non technical grounds n jkr proposed some technical solutions, but none satisfied my requirement. I will rather like to delete the question  against the option of splitting the points with a B grade. I am waiting for ur feed back.

__A
0
 
LVL 11

Expert Comment

by:griessh
Comment Utility
kuchnaheen

If you would post how you solved your problem, you could get your points refunded and we's move the question to PAQ.

If you want to keep it open for while that's fine, too (I just noticed that there was no activity for a long time, so I made my recommendation).

Many of these older questions are abandoned. We try to find a reasonable way to close them. There is no need to accept my decision, it is all yours! People like you are the ones we would need more often. Giving feedback shows that you are interested in you rquestion and that's all we want ...

Thanks for the feedback and just let me know what you thinkk we should do ...

======
Werner
0
 
LVL 1

Author Comment

by:kuchnaheen
Comment Utility
well I cant give details of what we have done, that will be a staright leak:O u c most often idea is most important, if u know the policy u can try to breach that, but if u dont know then first step will ofcoure be the search for the scheme.

For this question I think I must split points...I am goin to put another quetion for Jhance for 50 points, if u can some how reduce this question's points, I would like to reward 100 points to jkr as I also used his suggestions abt how to secure my dlls againt cracking.

Thank You All

__A
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Well, for a split, you'll have to address Community Support: http://www.experts-exchange.com/commspt/
0
 
LVL 1

Expert Comment

by:Moondancer
Comment Utility
I have handled this for you.  I refunded 50 points to you so you can post a new question for jhance in this same topic area to give him those 50 points, be sure to include the link in the new question for which you are awarding points to jhance, which you can just cut/paste from here.
http://www.experts-exchange.com/jsp/qShow.jsp?ta=cplusprog&qid=20281230

I have also finalized the 100 points for you for jkr.

All has been completed so that you can now post a new question for jhance.

Let me know if more is needed please.

Thanks,

Moondancer - EE Moderator
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
IntroductionThis article is the second in a three part article series on the Visual Studio 2008 Debugger.  It provides tips in setting and using breakpoints. If not familiar with this debugger, you can find a basic introduction in the EE article loc…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now