[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Unique to one system application

Posted on 2002-06-26
Medium Priority
Last Modified: 2010-05-18
Hi all,

My intention is to burn my application onto CDs when I'm ready to distribute it.
Each CD will contain a 'unique to one machine application'  - So that my app will only work on that one user's system. Of course this will rely on me sending the prospective buyer/user a small exe to read in the BIOS or HDD serial. They would then e-mail me the BIOS/HDD# and then I would custom write that number into the unique application instance then burn the resulting app onto CD. This would be a simple way to stop the app being given to friends and neighbors etc. Trouble is, it includes a few steps to implement everything.

Can anybody offer any advice about the method I'm planning? Or, if indeed such a ploy is logical and/or feasible? Perhaps there's a simpler way that you might know of and wish to share. Any info will be appreciated.

I see potential problems with this specific system deployment... Supposing the user buys a new HDD or changes systems, the app would then not work. The user could ask me for another serial #, which in effect could be for his friends PC ;-) Any thoughts on this?

Please don't just redirect me to websites offering security components... I can Google my way to those myself. I want to get first hand info from the EE fraternity :-)
(BTW,I have seen the earlier post and URL pointing to TurboPower ProActivate)

Question by:tongalite
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 7110596
First, I would dump the first executable pulling your unique ID's for you to burn into the executable. This is more trouble than it is worth. Instead, include in your application an algorithm which:

A) Builds two codes based on the internal components you list, neither of which is stored

Have the users install and run application which would then check an .ini file or database for the second code, which if found would allow normal startup. If the second code is not found, or the written version of the second code does not match the second code generated dynamically, then display the first code and prompt user for the second. The first code could be emailed, faxed, phoned, etc... to you, or you could even just put up a web page to have people register and submit code 'A'. Have an application on your end which will generate the correct code 'B' when 'A' is input.

Hope that makes sense to you.

As far as the user replacing HW, that is always going to be an issue, though through the registration process required to acquire activation code you do have a binding EULA as well as having some personal info on the original user you can try to use to verify that user is valid.  

Expert Comment

ID: 7110682
IMHO, forget it.
First, you cannot enforce it because any part can be replaced.
Second, if I buy a piece of software I want it to run on any of my machines.

If you implement such restrictions you will simply have no users.

Just my 2c.

Expert Comment

ID: 7110692
This kind of protection may work if you intend to sell a few copies of your app... otherwise it'll drive you crazy!

Depending on how much does your app costs, you may consider using a HardLock protection system, thats is far more professional... I use www.rainbow.com keys on my apps, here in Brazil a key is about US$ 45.00

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Accepted Solution

jfvd earned 200 total points
ID: 7111453
I've used two methods in the software that I've developed so far:
 1) Used a hardware dongle - the system by itself was for the high end market which makes the cost a non-issue.
 2) checked system info and generated a unique key based on that. The user would connect to a website that would use that key to generate a password for the user and then store the password so that it was useless if tried again.

I've found that the 2nd method worked pretty good in most instances - I had 13000 users on running the system.

Hope you get your answer.

Expert Comment

ID: 7111800
You simply cannot protect an application unless you control the hardware it will be run on!

Even Microsoft cannot do it.

The closest you can come is a hardware dongle thingy OR a modified floppy or CD that is used as a key

You can damage a floppy and use that as a key... it will be very hard to damage another one in exactly the same way... so you just have your program check for the correct damage...same with a cd... damage a cd and check for the damage. Of course a hacker can pick through your application and edit out the check code... just have many instances of check code...and have some of them hit randomly and some hit on future dates.. This way the hacked copies will keep failing :-)  and maybe a lot of users of the cracked apps will have become accustomed to using it and will just cave in and buy it when the cracked copy fails. (be sure and pop up a message saying it failed because it is cracked or they may think the software is just buggy :-)

Using this sort of scheme will make each copy of your app unique... hackers will try to get several copies and compare tham and look for the differences to find clues to help them write a crack.

I'd have lots of differences! make sure the cracker has a LOT to weed through!

good luck...

Author Comment

ID: 7112421
Loads of interesting stuff to think about.
Thanks everybody for your thoughts and responses.
Now comes the hard bit of awarding the points :)

I'll rest on it


Author Comment

ID: 7112999
thanks for your input.
Regarding part 2 of your solution... I would be grateful if you could mail me further details on how to implement that. I have my own website so this is a good option for me. If you care to mail me anything at all, examples, articles or just about any info at all, I would be obliged.
If you don't have anything further to add... no big deal, I'll persue the info through Google

Expert Comment

ID: 7113008
>> just have many instances of check code...
now i understand why simple EXEs are becoming >10Mb in size :)

Expert Comment

ID: 7113576
Wow, the accpeted answer is the same as what I stated earlier.

Boned again.

Author Comment

ID: 7113760
Hey YodaMage!

Sorry ya feel boned :-))))
How about I award you some points as well? I didn't really compare the comments that closely and I want to be fair.

Keep your eye out for the points :)

Expert Comment

ID: 7949329
I think you better turn to some cheap dongle based solutions, and any other methoads are really difficult to make work properly in the situations you are speaking about.
In my company we use two methods of protection for our products - even for the same products depending on whom we have to ship our soft. But in any way if extra spents like 20-30 bucks for per copy protection is not vital for you (and your clients - mainly) - it's the best choice to use some dongle. Look here for more info, and some useful ideas on protection:


Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question