RE: Licences 101 - Copy Protection for Newbies
RE: Licences 101 - Copy Protection for Newbies
- Subject: RE: Licences 101 - Copy Protection for Newbies
- From: "Josh Ferguson" <email@hidden>
- Date: Mon, 23 Sep 2002 10:06:31 -0500
- Thread-topic: Licences 101 - Copy Protection for Newbies
Jeremy,
I work at a company called eSellerate, and I've responded to this type of question before. I'm (amazingly) not replying to plug eSellerate, rather I'd like to get you thinking in a different way. First of all, if you want example code of a simple registration scheme, download the esellerateSDK from www.esellerate.net, and check out the GeckoSoft Project Builder example. It will give you some idea of reading/writing from user defaults to store your serial number, and changing how the program runs based on whether or not it's registered. This (obviously) uses the eSellerate for getting and validating serial number, but you can just ignore that part of it.
Second of all, registering your software and registration services that sell your softare typically go hand in hand, so while you're looking for a way to register your software, take a look at the different registration services (eSellerate, RegNow, RegSoft, ShareIt, Kagi, etc.) and what they can offer you as far as the generation and validation of serial numbers. I know that eSellerate will generate serial numbers and our SDK gives you the validation routines, AND you can integrate the entire purchase process into your application (so that "registering", aside from the purchase process, is virtually transparent to the customer). I'm not a big fan at all of heavy-handed registration processes, and I really don't think they're worth the time and effort they take to implement. There are some very simple methods that are effective at deterring the typical software pirate.
To specifically address your steps:
1.) To simplify this and step 6, just check for for a valid registration number every time the application starts.
2 & 3.) The most secure method here is having some kind of generation and validation routines. The easiest way to make this relatively secure is to generate a serial number based on a registration name. Maybe something like encrypting the name and hashing the result to generate a serial number would work. Check out MulleCipher to do this. If you wanted to, you could also store different types of information in the serial number, like expiration date, number of copies, etc. This is all up to you.
4.) You could store the value in a file, or you could store the value in User Defaults (my preference, as it allows you to register on a per-user basis). You might want to try encrypting the serial number before it's written out, thus preventing someone from modifying the serial number external to your application.
5.) This is fine
6.) See 1.)
I don't know if this helps at all, but if you want to discuss this further, please let me know. I'm pretty familiar with registration and cracking and such, so I could easily give you more pointers if you wanted.
Josh Ferguson
-----Original Message-----
From: Jeremy Dronfield [
mailto:email@hidden]
Sent: Monday, September 23, 2002 8:27 AM
To: Cocoa-Dev Apple
Subject: Licences 101 - Copy Protection for Newbies
I've been hesitating for a while now over broaching this subject again,
especially as it's a bit OT. However, after reading through all the
contributions to the two big threads on copy protection that have
occurred here during the past four months, I feel there's one aspect
that hasn't really been covered: guidance in first principles for people
with no experience of copy protection and little or no knowledge of the
coding techniques involved. Lots of fascinating, tantalising stratagems,
but no how-tos. This, therefore, is my request.
Below I've outlined what I believe is the fundamental structural
paradigm for basic copy protection. (I don't need anyone writing in to
say the scheme is no good - I know it's no good, it's just a paradigm. A
teaching aid, if you like.)
FIRST RUN
1. App knows it is running for the first time, so puts up an "Unlicensed
Copy" window which invites the user to either use the product unlicensed
in limited demo mode, or enter the licence code they've obtained
(honestly, we hope). If they do the latter, then:
2. App compares the entered value with a valid value (or array of valid
values) held internally. If it gets a match, then:
3. App stores the value (or something derived from it) in a file
somewhere.
4. App triggers an email message to developer registering the
transaction.
5. App sets boolean variable isLicensed to YES (or sets up variables to
be used in some mathematical process).
6. App periodically queries isLicensed (or performs its maths) when
deciding whether or not to execute certain functions.
SUBSEQUENT RUNS
7. App queries file referred to in 3 (above) and retrieves value from it
(and reverse-processes it if it's a derived value). Repeats step 2. If
it gets a match, then:
8. Repeat steps 5 and 6.
Now, this seems to me the foundation on which all *basic* software copy
protection is built. What I'm humbly asking for is to have the
fundamental weak areas pointed out and explained. You'll note that I
emphasise *basic*. I'm not asking for someone to tell me how to protect
my software (I'm inexperienced, not naive), but to help me get a grasp
of the basic techniques of copy protection. For the record, I've
gathered enough from previous threads to be aware that:
a) Defeating crackers and serial pirates is impossible, and effort
expended in any attempt to do so is wasted, so
b) The best we can hope for is to avoid handing them our app on a plate,
and
c) Concentrate on encouraging the "honest" to pay, which means
d) Not teasing and tormenting them with over-elaborate registration
remedies.
So, apologies to those who are sick of the sight of this subject, but
can anyone help?
-Jeremy
========================================
email@hidden // email@hidden
The Alchemy Pages:
- fractious fiction at
http://freespace.virgin.net/jeremy.dronfield
========================================
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.