protecting from cracking

Hi!

I don't know how many users you think your application will be spread too, but the best way to protect the app is to make it soo great that people just want to license it to get regular updates.

I think the most succesful licensing of shareware apps and such is the subscription types, so you pay like $20-$30 for one year subscription.

I have bought three such applications. I use two of them daily. Other applications like Office is too expensive for me so I usually use free office programs like StarOffice, it's not free anymore but the version I have was free. Or I'll run an older MS office like Office 2000.
I got such a license since they aren't to expensive.

I would never pay $500-$800 for a offcie program, it's not in my budget, besides I have access to newer office at work so not too important to have it at home.

You also need to charge a resonable fee for it, if you charge too much for a license and people want to use it, it will be cracked no matter what you do.

I mean programs like AutoCAD and 3D Studio MAX are almost always cracked in less than a week and they have very sophisticated anti cracking/protection devices.

Most other programs are cracked within hours of release.

If you just want to stop novice users from cracking and illegaly using your application, I'd say it's pretty safe to use the computers BIOS clock.

Not many user change their date and time in BIOS just to extend the trial period, I never heard of one.

I don't now what you intend to do, but what I mean is don't spend too much programming to try and stop piracy, use that time to make an outstanding good app instead.

If you are doing a special app for a company, I don't think you need to have any anti-copy protection at all, just put such thing in the contract with the company instead.

This is how I see on the whole thing.
I'm against piracy/cracking don't get me wrong.

Regards
/Hans - Erik Skyttberg

i'm  totally disagree with heskyttberg.
doesnt metter how good your app is, as long as it spread over the net as a shareware,there is always someone who can and will crack it!
there is no way to stop the phenomenon!!!

i'm  totally disagree with heskyttberg.
doesnt metter how good your app is, as long as it spread over the net as a shareware,there is always someone who can and will crack it!
there is no way to stop the phenomenon!!!

Number 7 is one of the better suggestions in that pdf.
Check out this site, used to be one of the better ones, use the CACHED pages as the site is down currently:
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=+site%3Awww.woodmann.com+tools+protection

Your better off creating your own files, as suggested at #10. And like he says, don't worry about the protection all that much, it will get cracked, Softice will see to that. Also what heskyttberg doesn't realize, is that when you change the time on your clock on an OS, it is changing the one in BIOS. The most popular apps are what gets cracked 1st also. The app's that get cracked, but still get you the $$ are for Ligitimate business, espically Corporations, because if you caught them with even 1 piece of cracked software, they would loose lots of $$. Make you app good, there are those out there (my friends and family) that aren't aware of cracked software :) well, they aren't aware of how easy you can come by it. The more you understand how crackers work, the better off you'll be, but again, focus on the app mainly.
GL
-NEO

You can also have the application connect to your remote server and verify the date time. You can get the Hard Disk Serial number and and send it to your server. Then you can keep an account for each number.

Keep track of the date time via another meathod as well such as a system file or the BIOS version.
If you can tell that the local security has been cracked have the app launch a pop up box next time the program starts that tells the user that a cracking attempt has been detected, and reported.
Then you can do what you want, give his IP to the FBI etc.

You can also veryify the applications integrity. For example you can have the program install a binary copy of itself so that it can run an integrity check on itself and make sure its binary has not been tampered with.

The last idea I have is to have the program check its own creation date and compair it to its modified date.

What I suggest is that you creat a "demo version" and a "full version". The demo version sould not be able to do some things the full version can. You can also get creative with this for example when they launch the demo it will make them wait 60 seconds to use it.

If you RELY want to make sure that it stays secure you can recompile it for each user. You can keep the sorces on the web server and when the user downloads the demo it modifys the sorce code and then recompiles it and gives it to the user. Then you can have the program compair the local time with the time hard coded into the app, this compared with a check to make sure the file was not modifyed after it was created should make it very secure.

Just some thoughs, sorry about the seppeling, I havent installed my word proceser on this system.
Thank you for your time,
Arrummzen

Hi!

Well I never said you can hinder anyone from cracking, what I mean is by making a good app and have resonable price for it depending on how hard it is to code and what it does, you are likley to get more people to buy it.

I mean if partition magic would cost $500, to companies it would still be worth buying.

But how many home owners would buy it for that amount ?
I would say just about none.

But when it only costs about $50 some people are buying it.

You can't stop cracking, illegal copie no matter what you do MS$ and other big companies probably spend a lot of money and they still can't stop it.

I'm just saying that isn't it better to get something like 10 000 users and get 2000-3000 that actually buy a license, than get 10 000 users and none buys a license.

That's how I look on the whole thing, feel free to disagre..


Regards
/Hans - Erik Skyttberg

all interesting discussion.. but to answer the initial question....

I would use the date that the OS was installed based on its directory. Or maybe the root directory.

The rough part is not making the check obvious. Consider having the install snag that info and encrypt it to do comparisons against.
if the encrypt_string=date_of_OS_dir
  then count timeallowed based on date_of_OS_dir

that way if they change the date of the OS dir to "move time forward" then the program will always refuse. Maybe date of the command.com would be easier.

Also consider adding other the other checks also (autoexec.bat, bootlog.txt, etc) as dummy checks in the program to make cracking harder.

You can also add some other info to that encrypt string such as the part_ID of the motherboard. Makes it harder for someone to copy/give-away your program to a buddy.

Gandalf  Parker
Random Idea Generator
(out of work)

First, I say I generally agree with all commenters above, especially compared to the PDF I won't even bother with, since you've already said that it claims I can get better uncracking features for trialware by monitoring file called autoexec.bat, which I find rather ridiculous.

Now let me stir some disagrees. I disagree with comments 2,3,4; the two of The_Creed and NEO, namely that I totally agree with Hans. But I do agree that "there is always someone who can and will crack it! there is no way to stop the phenomenon!!! "

What to add? I suppose saying that you should know that the more you try to make it difficult to crack, the more difficult it will be to provide contued support, so you'd have to plan for providing additional product support or lose some important clients in initial stages of use. As said above, go cheap, have them want to pay to get more of a valuable product, and rather than spend a lot on anti-cracking, spend more on developing stability and testing compatibility with a wider variety of platforms and other products. We've had some that would fail for things that seem simple, such as upgrading our computers to run at a higher speed. Desire was for applications to run faster, but what we experienced was that some would cease to function, unless we made workaround to run dummy apps to just run to waste computer time so the product would not fail. Do that to me and I don't want your product if you offer it for free!

Hi aqain ,
 I  know the uncrackable program not exist
I want to know  expert ideas about uncracking . The strategy of a corporate not related to me( I m programmer and I say  my idea to our masters  ),
Accept or reject of our  idea ( software group)  is   related to our masters(  heskyttberg and the_creed talk  about it)
I want to know some ideas for encrypting that ARRUMMZEN and GP1628 talk about it.
Please describe this issue with more clarity ARRUMMZEN:
<<You can also veryify the applications integrity. For example you can have the program install a binary copy of itself so that it can run an integrity check on itself and make sure its binary has not been tampered with.>>

thanks a lot.
Hamid reza

Hi!

Well how you do it depends on what kind of app you are creating.

An app like:
www.neevia.com

You need a serial number to register it which you get whne buying one license.

Will never be bought by private persons so no need for very elaborate anti-piracy scheme.
Most serious companies will register such a app if they have need for it.

One app I actually have purchased during last year is:
www.xdesksoftware.com

Since I'm a unix/linux fan that is FORCED to use windows in work, I'm used to multiple desktops and therefor this app is well worth the registration fee.

They will send you a binary file that is the registration key and just copy that into the app dir. The license is one year subscription, if you also buy any of their other apps the subscription is added one more year which will last for both apps.

This will help alot if you want to use in remote or quiet installs. Since you don't need to manually input a serial to register the app.

The network/remote/silent install is also something to consider if youplan to make an app that a corporation might wanna use in their whole enterprise.

If you can't do that with your app, they will almost certainly choose another one if it has thoose possibilities.

Just some thoughts.

Regards
/Hans - Erik Skyttberg

Dear 123456

I've refunded 30 points to enable you to accept the comment for one expert and to post "Points for <expertname>" Q's for the other experts in the same topic area.
There is however a 20 points minimum for a Q.

Please:
1) Post the link to the original Q in the "Points for <expertname>" and
2) Add in the original Q a comment with the link to the "Points for <expertname>", thus the email notif will warn the expert.

modulo

Community Support Moderator
Experts Exchange

If you want to explore file validity checking, you might begin with old tape drive technology and move on to modem. Simple things with parity and checksums, then compressions and variable checksums (used upon file segments). Encryption itself is simply applying some conversion function on each individual data element. Using "known" methods increase odds of being cracked.

thanks of every one