• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 201
  • Last Modified:

Anti Hacking???

Hello All!

We have an application that uses COM objects. So we need to ship the (20+) COM objects with our APP to customers. The software is also available for download for DEMO.

So I need to secure our COM objects from being cracked. I dont want them to be useable other than in our software context. As they include massive functionality and one can easily build a stolen verion of our software just by writing few ASP pages.

I need Ideas on how to make it most difficult for users to use the dlls independently.

Hoping for some good response ASAP.
ANY HELP WPOULD BE HIGHLY APPRECIATED. I CAN SPEND UPTO 500 POINTS on it.

__A
0
kuchnaheen
Asked:
kuchnaheen
  • 3
  • 2
  • 2
  • +3
1 Solution
 
jkrCommented:
>>I need Ideas on how to make it most difficult for users to use the dlls independently

- Use undocumented interfaces that are not included in any TLB

- Use an application callback that "identifies" the apllication using a challenge/response method

- "disguise" them by creating "Ghost" entries and redirect using "CoTreatAsClass()"
0
 
jhanceCommented:
Technical "tricks" are all fine and dandy but remember:

1) No matter how clever you think you are, there are smarter (or just more determined) people who value themselves based on their ability to crack what you've protected.  I'm not aware of ANY SCHEME that has not been cracked.

2) The BEST defense is a copyright and strong and well written license agreement.  If the software you license is misused, your lawyers can have a "field-day" with the offenders.
0
 
kuchnaheenAuthor Commented:
Thanx jkr: but my problem is bit more complicated...I cant hide methods, We ship open ASP code that uses COM objects...u c the problem....challenge/response will also fail here...how can I encapsulate the response code????

Thanx jhance: U r 110 % right and I know that, but this is what I am to do, Lawerys will do their part when their time comes, as we have really bitter experiences with our last version. We got to protect it this time. I know we cannt do that, but we can increase the amount of effort that one will have to put in, n that will reduce misuse.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jhanceCommented:
One possibility might be to use a public/private key encryption scheme.  RSA (now that it's free of patent issues) might be a good choice.

Perhaps something like:

You (at build time) embed a private key generated value into the application that calls the objects.  Since only you have the private key, nobody else can generate a key that works.

The objects have the public key inside them and can therefore decode the private key encrypted messages.

It's not 100% foolproof since it's possible that someone could hack the interface and just send the same keys that your applications does but if the "vocabulary" was large enough the process would be very time consuming.

Just a thought.
0
 
IainHereCommented:
Unless it is a fully functional time limited demo, then you could conditionally compile out some of the code that should not be callable from the demo.  Of course, you'd have to alter the ASP pages for the demo.
0
 
griesshCommented:
Dear kuchnaheen

I think you forgot this question. I will ask Community Support to close it unless you finalize it within 7 days. You can always request to keep this question open. But remember, experts can only help you if you provide feedback to their questions.
Unless there is objection or further activity,  I will suggest to accept

     "jhance"

comment(s) as an answer since you never gave more feedback.

If you think your question was not answered at all, you can post a request in Community support (please include this link) to refund your points. The link to the Community Support area is: http://www.experts-exchange.com/commspt/

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
======
Werner
0
 
kuchnaheenAuthor Commented:
Werner:

>>I think you forgot this question

Not true
We were trying to find out the solution, n at last we did. I was thinking abt packing the question but keeping it open was also not a bad idea as some one can always come up with a better idea, but if u really press then to me jhance answered my question on non technical grounds n jkr proposed some technical solutions, but none satisfied my requirement. I will rather like to delete the question  against the option of splitting the points with a B grade. I am waiting for ur feed back.

__A
0
 
griesshCommented:
kuchnaheen

If you would post how you solved your problem, you could get your points refunded and we's move the question to PAQ.

If you want to keep it open for while that's fine, too (I just noticed that there was no activity for a long time, so I made my recommendation).

Many of these older questions are abandoned. We try to find a reasonable way to close them. There is no need to accept my decision, it is all yours! People like you are the ones we would need more often. Giving feedback shows that you are interested in you rquestion and that's all we want ...

Thanks for the feedback and just let me know what you thinkk we should do ...

======
Werner
0
 
kuchnaheenAuthor Commented:
well I cant give details of what we have done, that will be a staright leak:O u c most often idea is most important, if u know the policy u can try to breach that, but if u dont know then first step will ofcoure be the search for the scheme.

For this question I think I must split points...I am goin to put another quetion for Jhance for 50 points, if u can some how reduce this question's points, I would like to reward 100 points to jkr as I also used his suggestions abt how to secure my dlls againt cracking.

Thank You All

__A
0
 
jkrCommented:
Well, for a split, you'll have to address Community Support: http://www.experts-exchange.com/commspt/
0
 
MoondancerCommented:
I have handled this for you.  I refunded 50 points to you so you can post a new question for jhance in this same topic area to give him those 50 points, be sure to include the link in the new question for which you are awarding points to jhance, which you can just cut/paste from here.
http://www.experts-exchange.com/jsp/qShow.jsp?ta=cplusprog&qid=20281230

I have also finalized the 100 points for you for jkr.

All has been completed so that you can now post a new question for jhance.

Let me know if more is needed please.

Thanks,

Moondancer - EE Moderator
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now