How can I make my application non 'pirate-able'?

[LucieLastic]

hi

I'm writing an app for a friend and would like some ideas on how to stop users copying/pirating the software. The best idea I've had is when the app is first run, the user has to telephone my friend for a key and then the app will create a file somewhere (not sure of best place) with the encrypted id (IP Address?) of the computer in it. So if the user copies the .exe to another computer, it will first look for the file, if it's found, it checks it's got the right computer id in it, if not, comes up with the message to telephone my friend. I need to think of a way of auto generating unlock keys for each .exe - not sure how I'm going to do this bit yet - Maybe use today's date encrypted aswell, so my friend will know what to tell them. I'm thinking the .exe and it's file could be in the same directory. Also, is there another computer id I can use rather than an IP Address, what's best? Does this sound like a robust idea? I'm open to any suggestions or criticisms.

Lou

 

[melmitts]

Nothing is perfect if someone really wants to break it.

This is as close to perfect as I have found.

Just remember not to go overboard trying to protect your software. When you make it too difficult or just become a pain in the ass to register it, users will look elsewhere.

Mel

 

[TonHu]

Hm, IP address is not such a good idea, as on each lan you could probably have a PC with IP 192.168.1.1 :-( this assumes customer has a PC with a network adapter :-( and when using DHCP the PC could have a new IP address every day :-(
Alternative would be to use the MAC-address wich is supposed to be unique. But on current wireless adapters, that can quite easily be changed as well :-(

I'd go for this kind of scenario:
- On first startup, and no keyfile found, create a GUID (Globally Unique IDentifier), it won't be uniquely generated somewhere around the year 3501 (not really sure about that number) but by that time I don't care anymore ;-)
- Using that GUID and the MAC address, and a User supplied name (User-name?) calculate some code of about 15 to 20 digits/characters, and present this on screen split in 4-digit parts (easily read from screen) and have them call your friend.
- Friend enters this code in the 'calculator', along with the username, (you provide the calculator) that presents the unlock-code and registers the information in some database. The username could nicely be an e-mail address, so Friend can keep in touch, send a bill and/or provide support.
- Customer enters the unlock-code in app, and it gets stored on local harddisk.
- Optionally: Username could be presented in app.'s titlebar, and on any output generated with the app, so a 'bad' copy can be easily identified

This is still quite easily broken :-(

Other options but they have also been broken:
- Dongle's (both LPT and USB versions)
- Encrypted executables
- 'Phone Home' (through an allways-on internet connection) that checks on every startup whether the entered license-code is still valid, and refuses to start if no connection can be made (quite hard to break, but rather expensive and demanding)

I could go on for some time, but I hope I've thrown enough of a picture here.

HTH
TonHu

 

[sggaunt]

Lou: My own system uses the User name, the program variant name and the Version number to generate a 16 character Code. I back this up with a key file that holds the first run date (as an Tdatetime integer. This lets me compile a time limited version)
I have a key generator that will produce the correct key and this sent to users where is matched with a key generated by the program when it runs.
Its not perfect, anyone with a valid Code and username can pass on the info. but an updated or upgraded version wont run.
The cracability vs cost thing is important in my view, you have to ask yourself will anyone want to crack my program.
Lets put it this way, Im not expacting a keygen for my algorthm to appear on any crack site anytime soon.

Did you get chance to look at the screen saver?
Oh and TTUK is alive and well and planing a London meet!


[red]GNBM 4th Feb[/red] More on and other neat UK stuff at forum1091
Steve: Delphi a feersum engin indeed.

 

[LucieLastic]

hi Steve. Thanks for the suggestion. Big apologies about the screensaver, I remember looking at it and pondering on it, then I completely forgot about it, really sorry. Can you bump it to the top again and I'll have another look, I'm afraid I can't promise anything ?

lou
p.s. I've noted the TTUKBM

 

[SundialServices]

Realistically, "you can't." You have to weigh the needs of your legitimate customers against your fears of what pirates might do, and I'm sorry to say that if your program isn't selling as well as you thought it should, the reason probably isn't piracy.

I have passed over many an application that wanted "dongles" or other such nonsense, just to run. I don't mind typing in license-codes (once!) but, having bought a copy of the program I consider that copy to be .. mine. I don't want "E.T. phone home," don't want quibbling if I replace my hard disk drive. I want .. to be trusted a little bit.

That philosophy is also reflected in the design of the software product which we sell.