Solved

Anti Hacking???

Posted on 2002-03-25
11
178 Views
Last Modified: 2010-04-02
Hello All!

We have an application that uses COM objects. So we need to ship the (20+) COM objects with our APP to customers. The software is also available for download for DEMO.

So I need to secure our COM objects from being cracked. I dont want them to be useable other than in our software context. As they include massive functionality and one can easily build a stolen verion of our software just by writing few ASP pages.

I need Ideas on how to make it most difficult for users to use the dlls independently.

Hoping for some good response ASAP.
ANY HELP WPOULD BE HIGHLY APPRECIATED. I CAN SPEND UPTO 500 POINTS on it.

__A
0
Comment
Question by:kuchnaheen
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 86

Accepted Solution

by:
jkr earned 100 total points
ID: 6894411
>>I need Ideas on how to make it most difficult for users to use the dlls independently

- Use undocumented interfaces that are not included in any TLB

- Use an application callback that "identifies" the apllication using a challenge/response method

- "disguise" them by creating "Ghost" entries and redirect using "CoTreatAsClass()"
0
 
LVL 32

Expert Comment

by:jhance
ID: 6894478
Technical "tricks" are all fine and dandy but remember:

1) No matter how clever you think you are, there are smarter (or just more determined) people who value themselves based on their ability to crack what you've protected.  I'm not aware of ANY SCHEME that has not been cracked.

2) The BEST defense is a copyright and strong and well written license agreement.  If the software you license is misused, your lawyers can have a "field-day" with the offenders.
0
 
LVL 1

Author Comment

by:kuchnaheen
ID: 6894829
Thanx jkr: but my problem is bit more complicated...I cant hide methods, We ship open ASP code that uses COM objects...u c the problem....challenge/response will also fail here...how can I encapsulate the response code????

Thanx jhance: U r 110 % right and I know that, but this is what I am to do, Lawerys will do their part when their time comes, as we have really bitter experiences with our last version. We got to protect it this time. I know we cannt do that, but we can increase the amount of effort that one will have to put in, n that will reduce misuse.
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 32

Expert Comment

by:jhance
ID: 6895035
One possibility might be to use a public/private key encryption scheme.  RSA (now that it's free of patent issues) might be a good choice.

Perhaps something like:

You (at build time) embed a private key generated value into the application that calls the objects.  Since only you have the private key, nobody else can generate a key that works.

The objects have the public key inside them and can therefore decode the private key encrypted messages.

It's not 100% foolproof since it's possible that someone could hack the interface and just send the same keys that your applications does but if the "vocabulary" was large enough the process would be very time consuming.

Just a thought.
0
 
LVL 4

Expert Comment

by:IainHere
ID: 6896737
Unless it is a fully functional time limited demo, then you could conditionally compile out some of the code that should not be callable from the demo.  Of course, you'd have to alter the ASP pages for the demo.
0
 
LVL 11

Expert Comment

by:griessh
ID: 7009299
Dear kuchnaheen

I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. You can always request to keep this question open. But remember, experts can only help you if you provide feedback to their questions.
Unless there is objection or further activity,  I will suggest to accept

     "jhance"

comment(s) as an answer since you never gave more feedback.

If you think your question was not answered at all, you can post a request in Community support (please include this link) to refund your points. The link to the Community Support area is: http://www.experts-exchange.com/commspt/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner
0
 
LVL 1

Author Comment

by:kuchnaheen
ID: 7013605
Werner:

>>I think you forgot this question

Not true
We were trying to find out the solution, n at last we did. I was thinking abt packing the question but keeping it open was also not a bad idea as some one can always come up with a better idea, but if u really press then to me jhance answered my question on non technical grounds n jkr proposed some technical solutions, but none satisfied my requirement. I will rather like to delete the question  against the option of splitting the points with a B grade. I am waiting for ur feed back.

__A
0
 
LVL 11

Expert Comment

by:griessh
ID: 7013726
kuchnaheen

If you would post how you solved your problem, you could get your points refunded and we's move the question to PAQ.

If you want to keep it open for while that's fine, too (I just noticed that there was no activity for a long time, so I made my recommendation).

Many of these older questions are abandoned. We try to find a reasonable way to close them. There is no need to accept my decision, it is all yours! People like you are the ones we would need more often. Giving feedback shows that you are interested in you rquestion and that's all we want ...

Thanks for the feedback and just let me know what you thinkk we should do ...

======
Werner
0
 
LVL 1

Author Comment

by:kuchnaheen
ID: 7015774
well I cant give details of what we have done, that will be a staright leak:O u c most often idea is most important, if u know the policy u can try to breach that, but if u dont know then first step will ofcoure be the search for the scheme.

For this question I think I must split points...I am goin to put another quetion for Jhance for 50 points, if u can some how reduce this question's points, I would like to reward 100 points to jkr as I also used his suggestions abt how to secure my dlls againt cracking.

Thank You All

__A
0
 
LVL 86

Expert Comment

by:jkr
ID: 7016313
Well, for a split, you'll have to address Community Support: http://www.experts-exchange.com/commspt/
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 7018627
I have handled this for you.  I refunded 50 points to you so you can post a new question for jhance in this same topic area to give him those 50 points, be sure to include the link in the new question for which you are awarding points to jhance, which you can just cut/paste from here.
http://www.experts-exchange.com/jsp/qShow.jsp?ta=cplusprog&qid=20281230

I have also finalized the 100 points for you for jkr.

All has been completed so that you can now post a new question for jhance.

Let me know if more is needed please.

Thanks,

Moondancer - EE Moderator
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Compile GLUT with Visual Studio 2015 1 170
Eclipse IDE - Cannot copy/paste from console output 8 250
Why isn't object file created? 6 68
c++, dynamic object by json 1 53
When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question