Re: Protecting Software w/ Software License Keys...
Re: Protecting Software w/ Software License Keys...
- Subject: Re: Protecting Software w/ Software License Keys...
- From: Jeff LaMarche <email@hidden>
- Date: Sat, 15 Jun 2002 23:27:44 -0700
On Saturday, June 15, 2002, at 10:49 PM, Thomas Deniau wrote:
>
You can keep a list of somehow hashed or encrypted (MD5 for example)
>
registration codes in your sourcecode (a table of encrypted codes).
>
>
This way the reg codes won't be visible in clear in the datafork so people
>
won't figure them out easily, and there is no algorithm to create a
>
registration code which people can crack.
No, you've actually just made it easier. They'll just skip your code that
looks up the registration code, or they'll reverse engineer the method and
realize that all they have to match is a hash and not a code, and they'll
attack it be removing the code that hashes the entered value. Software suffers
from the same problems as multimedia content - there has to be a way to decrypt
or decode the data in order for it to be useful, and therefore any protection
scheme can be overcome. Hell, Sony's multi-million dollar CD-protection scheme
was defeated in a few days with a black Sharpie.
>
And if one purchased code leaks, you simply remove it from the list in the
>
next version. Or, if your app uses the Net, check it against a list on the
>
Net (and quit immediately if you can't connect to the mother server, because
>
people can use a firewall to block your request).
This method works for some applications, but is not foolproof. It's only practical
for applications that require the Internet, and frankly, there's no reason
why they couldn't just point the lookup somewhere else (to their own dummy
server), or replace the method that goes to the server with one that pretends
it went to the server and got the appropriate response.
The original statement was correct; there is no foolproof method for protecting
your software other than not distributing it. The authors that use it effectively
are well aware of the fact that their scheme can be broken, but they design
it to prevent crimes of opportunity. Make it easier for the average person
to register the program than to copy it.
- Jeff
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.