I'd be suicidal should it take me an hour!! Also, a point worthy of mention is that you may find you're pushing up a hill to use the CPU serial number as an identification method. My understanding is that this is NOT implemented as intended when the feature was devised. Different manufacturers handle the functionality differently. Furthermore, the user needs to enable this feature in the BIOS. I understand that you may be in a position to dictate hardware and BIOS settings. Though if this wasn't understood you may get quite a rude shock.
Have a look at tuts4you. They make for good education when it comes time to keep your investment safe. Many techniques of obfuscation and making life hell for the pirate are shown - albeit from the perspective of the hacker. I mention all of these techniques as a way of impressing upon you just how large a task it is to effectively protect software.
OriginalGriff has provided some wise information with regards to calculating an effective trade-off point. Posted Aug am enhzflep. May be this look a bit egocentric, but I'm a stronger believer in the sentence of the US court against Sony: "It is your software, but that's not your computer". Nerveless there are countries in the world whose legal system explicitly prohibit any intrusive mechanism of software protection, and explicitly allow the user to run all the copies he wants on the machines he owns.
Such laws I' referring in particular about the European directive about software copyrights explicitly say that whatever software license denying those rights have to be considered illegal and hence without any value. A user in those countries can legitimately take you into a court to ask to disable such a protection if it make him unable to change its own machine.
Moral of the story: If you want to make money with software forget to make them by "selling copy" copy is a basic operation that makes every machine working, you cannot pretend an exclusive : sell "support" instead, granting evolution and bug fixing only to who subscribed a license. Posted Aug am Emilio Garavaglia.
Add your solution here. OK Paste as. Treat my content as plain text, not as HTML. Existing Members Sign in to your account. This email is in use. Do you need your password?
Submit your solution! When answering a question please: Read the question carefully. Understand that English isn't everyone's first language so be lenient of bad spelling and grammar. If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem.
Insults are not welcome. Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.
Let's work to help developers, not make them feel stupid. Related Questions. I am really sad because a few days ago we launched our software developed in. Net 4. After 3 days, its crack was available on the internet. We tried to protect the software from this but somehow people got away cracking it. Here is the scenario: When the application launches the first time it communicates with the web server and checks the credentials passed by the user. If the credentials are correct, the software saves the values in the Registry, sends the MachineID back to the server and stores it in the database.
Now, the hacker has replaced the Server communication with a "return true;" statement I checked that with Telrik JustDecompile. Now, following are my questions: 1- How to make sure that. Net application will not get cracked? What steps should i take? But the hacker knows my code what should i do? Config with sensitive data? Even if they just have access to the executable but not the target platform they still can step through and mimic what the target platform would do and figure out how the protection is being done.
Totally rewrite the authentication portion so they have to start from scratch but they will get it again, it is just a matter of how long. The jinni is out of the bottle now that they have the non-obfuscated code.
There is not much you can do unless you drastically re-write the software so they have to start from scratch. A obfuscateor will not prevent a determined attacker, they only thing that can prevent it is keeping the binary out of their hands. The only copy protection I have seen to remotely delay for any period of time is what Ubisoft did with Assassin's Creed: Brotherhood. They encrypted ther levels with the game disk and it had to download the decryption key from the internet as it was needed This is the keeping the binary out of their hands approach.
But that did not work forever, eventually the hackers did get those levels decrypted and it was fully cracked. This approach is just what I saw take the longest time to get around without legal involvement See point 2 at the bottom.
All the reflector software needs to do is look for the section that loads App. There is no secure place to store information on a computer you do not have full control over. If it is on the computer, it can be read. If it can be read, it can be reverse engineered. The person never gets your app, it is streamed from a server under your control and they never get to see the binary. The only thing you send them is the information they need to drive the UI. This is the approach that all MMO's work on.
People can reverse engineer what you are sending to the UI and mimic the logic that is going on on your servers but they will never be able to outright see what it is doing and if your software is complex enough it may not be feeseable for the attacker to recreate the server side code. The downside to this approach is you will need to host servers for your users to connect to, this will be a reoccurring cost you will need a way to re-coup.
Often this method is called a "Rich Client" or "Thin Client" depending on how much processing is done client side and how much processing is done server side. Specifically I am describing what is shown in figure 4 and 5. The seccond option is whoever you sell your software too have them sign a legal contract not to distribute the software not a EULA, a actual contract that must be physically signed by the client.
In that contract have large fines be applied to the person who leaks the software, then riddle your program with fingerprints that are unique to the person who buys the software so that when the program is leaked you can see who did it.
A quick google search could not turn up any cracked versions newer than 6. This method will not stop piracy, but it may discourage the copy to be leaked in the first place. This also lets you recover some lost costs associated with the program being leaked in the first place. One issue is that you will need to put a lot of fingerprints and they will need to be subtle, if a attacker can get two copies of the program and can compare the files between the two he will be able to tell what is the identifying information and just put whatever they want in so they can't tell who they got it from.
The only way to do this is put a lot of red-herrings in that can't just be stripped out or randomized, also make the identifying code non-critical to running the software, if they don't have to work to crack it they are more likely to leave it in.
Update : After revisiting this answer to link to it for another question I thought of a easy way of implementing the 2 solution. All you need to do is run your code through an obfuscateor and let it rename your classes for every person you sell your software to I would still make them sign a license agreement, not just click a EULA so you can enforce the next part. You then make a database of the obfuscation mapping, when you see a leaked copy on the internet you just need to find one class anywhere in the project, look it up in your database, and you will know who leaked it and know who you need to go after for legal damages.
You can obfuscate, but the only way of preventing this is: don't give anyone the exe. Since we want a modified UPX version in order to be difficult to unpack, we do the following things:. Double click on UPX0 in the right pane under Name section and change it to whatever name you want. I changed it to code8. Do this for the two other sections:. And we have this. Now click on Hex Editor in the left pane and scroll down the mouse at right pane until you see this:.
Change it to whatever you want but it is better not to exceed the amounts of characters change until! Now click File menu and save and confirm to save.
Bingo ; A modified UPX version that can not easily be unpacked with upx —d or any other automated upx unpacker. Let us check it with ExeInfoPE:.
This one also says it is a modified version. Now let's check it to see if we can unpack it with UPX. UPX could not unpack our file. But have we done. Not yet. Let us make it harder to unpack again. Click on OK and Process and -. You have just passed level 2 protection of your EXE. Let us check to see what is detected by our packer detectors? With Detect it's an easy extra protector is detected:.
0コメント