Re: Licences 101 - Copy Protection for Newbies
Re: Licences 101 - Copy Protection for Newbies
- Subject: Re: Licences 101 - Copy Protection for Newbies
- From: Jeff LaMarche <email@hidden>
- Date: Mon, 23 Sep 2002 08:36:41 -0700 (PDT)
This topic has been pretty much beat to death, but I will make a few comments:
On Monday, Sep 23, 2002, at 06:26AM, Jeremy Dronfield <email@hidden> wrote:
>
2. App compares the entered value with a valid value (or array of valid
>
values) held internally. If it gets a match, then:
In most cases a list of valid values is not the best way to go. You should use some form of algorithm. A "blacklist" is definitely a good idea - a list of values that pass the algorithm but are not valid for other reasons (known distributed or hacked values)
>
4. App triggers an email message to developer registering the
>
transaction.
I would be very careful about requiring the user to register or contact you. I'm not saying you shouldn't, but do it respectfully. Do not initiate any kind of remote connection (e-mail, http) of any sort without letting the user know you are doing so. I personally watch my packets any time I install a new app and if it sends information over the internet without asking me, I uninstall the software and write a nasty e-mail to the author. I'm generally not adverse to giving some information to the producer of software I like, but I want to know what I'm sending them and I want to have control over if/when my information gets sent.
>
5. App sets boolean variable isLicensed to YES (or sets up variables to
>
be used in some mathematical process).
I wouldn't do this. This would make it very easy for a hacker to bypass your protection. They don't have to figure out an algorithm or bypass anysecurity; they simply need to insert a single command into your program that sets this value. Validate the license code every time; it will make it a tiny bit harder for those hacking yoru program.
>
6. App periodically queries isLicensed (or performs its maths) when
>
deciding whether or not to execute certain functions.
Randomly doing so is a grand idea, especially if you put in some kind of cross-validation to make sure there hasn't been tampering. For example, you could create a hash based on the executable file and check that value periodically to make sure nothing's been done, or create a hash of the license struct when the app starts and check that periodically to make sure nobody's been changing the values using a debugger...
>
SUBSEQUENT RUNS
>
Now, this seems to me the foundation on which all *basic* software copy
>
protection is built.
I don't think that is an accurate statement. If you had stated that it was the basis of "most" shareware copy protection, you'd probably be right, but you'd need to make some of your statements much more general for this to be a true statement.
>
a) Defeating crackers and serial pirates is impossible, and effort
>
expended in any attempt to do so is wasted, so
Not any effort; you just have to learn to stop when you reach the point of diminishing returns.
>
b) The best we can hope for is to avoid handing them our app on a plate,
>
and
>
c) Concentrate on encouraging the "honest" to pay, which means
Yeah, basically you want to make it so it's not worth it for most people to pirate your app by a) pricing it correctly, b) using some form of copy protection or registration.
>
d) Not teasing and tormenting them with over-elaborate registration
>
remedies.
Amen.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.