Fog Creek Software
Discussion Board




Protecting shareware

Hi

I need some advice regarding good strategies to protect coping of shareware. Is there any software out there that provides this?

sudarshan
Sunday, December 22, 2002

It has been ages, but back when I was a kid, the answer meant NuMega SoftIce and then hex editing the program to insert a few well placed NOPs. I guess the kid today use sensibly the same strategy with NuMega WinSoftIce.

Oh, checksuming the executable only means a loader as to be made in order to insert the NOPs in memory.

I think I was like 14 when I cracked my first game with, hmm, 4 hours of reading an assembly language tutorial. Worse thing is I owned a legit copy of the game, but couldn't be bothered the keep the manual handy every time I played.

I suppose that with serial numbers, all you got to do is hunt down wherever the serial numbers are verified and either insert a NOP over the conditional jump or reverse engineer the algorythm. Shouldn't be that hard.

My point being, the only way to make sure your shareware is not cracked is to ship a version that has been reduced in features. Then ship a replacement DLL with all features or something when someone registers.

Alex
Sunday, December 22, 2002

See "Crackproof Your Software: Protect Your Software Against Crackers (With CD-ROM)"

http://www.amazon.com/exec/obidos/ASIN/1886411794/qid%3D1040609525/sr%3D11-1/ref%3Dsr%5F11%5F1/103-0710446-9701413

Matthew Lock
Sunday, December 22, 2002

No problem, man, unless you want to have a 100% bulletproof software. It`s impossible, but you can built a good defence.
I know a guy that programs the protection for several well-known shareware products.
His protection module supports up to 256-bits encoding and each copy of the software only works on the computer where it was installed, i.e. the registration code will only work for the one computer, and will not work for others.
Of course, I think someone could crack this protection, bit it`s not easy.
Ask me directly, if needed.
GL

Slava
Monday, December 23, 2002

As many other people will tell you - there's no and will not ever be a 100% defense.
One friend of mine once told me his company invented a one person-year to protect their application which took a couple of month to some Russian hacker to break it.

If you're application is popular so that many people will need it - it will be eventually broken. Period. I honestly didn't see it otherwise for the last 5 years. If it's not that popular so that only couple of fellows are familiar with it - then you may have some chance to stop breaking it, but I doubt that you're interested in this scenario ..


If I'll have to deal with this problem some day - I'll use some simple "serial number" approach and invest all my efforts into the product rather than it's protection.

Evgeny Goldin
Monday, December 23, 2002

Heh:)
Well, the guy that wrote the protection module mentioned above, hacks a lot of others` protections in his free time, just for fun, he doesn`t distribute hacks. And he`s Russian:)
I`ve used his protection myself for one of the shareware projects. Worked ok.
Also I know that at least one of the products that use his protection is not hacked yet (Just made a search at one of well-known hack sites for the hack for the product`s new version -no results). So I think you need to make you software too hard to be hacked by thousands of newbie hackers, and update the versions (and protection) often, so advanced hackers will be always a step behind  with their hacks.
P.S. Evgeny, aren`t you Russian too?:)

Slava
Monday, December 23, 2002

"Evgeny, aren`t you Russian too?:) "

Of course, I am. And pretty proud of it :)

Evgeny Goldin
Monday, December 23, 2002

Talking about hacks - breaking Java applications is a real fun, if one's interested. Obfuscators just make it more entertaining.

Evgeny Goldin
Monday, December 23, 2002

"the guy that wrote the protection module mentioned above, hacks a lot of others` protections in his free time"

Definitely, the best way to protect the software is to study how one can break it.

"Also I know that at least one of the products that use his protection is not hacked yet"

Like I said - if it's not highly popular, it will be probably left alone. But if it is - it has no chance and nothing will change my mind. I didn't see any popular product that you couldn't get a keygen or patch somehow (forums are usually the best way). Nero, Total Commander, ReGet, TheBat!, OfflineExplorer, XML Spy .. just to name a few.


(Just made a search at one of well-known hack sites for the hack for the product`s new version -no results). So I think you need to make you software too hard to be hacked by thousands of newbie hackers, and update the versions (and protection) often, so advanced hackers will be always a step behind  with their hacks.

Evgeny Goldin
Monday, December 23, 2002

Oh, just before somebody will start flaming about Russians stealing "our intellectual proprty" (I've heard enough of it) - I've bought most of the software installed on my PC (especially, those I'm using for years and waiting for every new build).

Evgeny Goldin
Monday, December 23, 2002

You can take a look at http://www.aspack.com.

smm
Monday, December 23, 2002

>Like I said - if it's not highly popular, it will be probably left alone. But if it is - it has no chance and nothing will change my mind. I didn't see any popular product that you couldn't get a keygen or patch somehow (forums are usually the best way). Nero, Total Commander, ReGet, TheBat!, OfflineExplorer, XML Spy .. just to name a few.

Well, the only purpose of the protection is to buy some time for the software author, so he/she can sell several copies of the newest version before it will be hacked (and at this time you must have a new version ready:).
About the popularity of the software...well, drop me a line in the personal mail, and i`ll tell you the name of the product, so you`ll be able to see if it is popular or not.

Slava
Monday, December 23, 2002

Trying to protect your application against crackers can be really fun to do. You have to think like a cracker to protect against them. But remember that all the time you spend on implementing your protection is time wasted on implementing cool new features. So chances are you'll loose more than you'll win.

Also, the more you annoy your legal users with arcane registration systems, phoning home and hardware locking the less you will sell. But if you want to learn more:
http://www.inner-smile.com/nocrack.phtml

Oh and be flattered if you get cracked, because it means that your application is worth cracking ;)

At a certain period in time I worked really hard to protect a shareware application against crackers. The new protection managed to keep the cracks away for 6 months. We were a bit surprised that sales kept growing even after the cracks were out. My theory is that people that don't want to pay, won't pay.

Another problem is that better protection will attract better crackers. For many crackers, cracking is like what's playing Doom to others. So make it really tough and the best crackers will have a go at your protection.

There are also a few commercial protection tools which you can buy:
http://www.siliconrealms.com/armadillo.htm
http://www.aspack.com/

The problem with these commercial packages is that you share the same protection with lots of other applications. One of those gets cracked and your application is toast too. At least that's how it used to be. The last time I checked (which is some time ago) there were cracks or cracking tutorials around for all these commercial tools. But things might have changed.

Jan Derk
Monday, December 23, 2002


BS.

Don't put stuff in the way of your potential customers. If you are small, try with some "honor" system. Many business have succeeded with this schema.

Leonardo Herrera
Monday, December 23, 2002

>> The problem with these commercial packages is that you share the same protection with lots of other applications.

Registered users of AsProtect (www.aspack.com) can receive personal builds of AsProtect to make protection for every executable different from others. This prevents hackers from creating a universal AsProtect unpacker.

Also, you can use AsProtect SDK to check whether the wrapper is present or not. Using the SDK functions you can make a really sophisticated protection.

We've been using AsProtect for 2 years, and it has been great. I can recommend it to everyone.

Vladimir Golovin
Wednesday, December 25, 2002

>>Don't put stuff in the way of your potential customers. If you are small, try with some "honor" system. Many business have succeeded with this schema.

Do this and you will get about 20% of the potential revenue.

Tony E
Saturday, December 28, 2002

TonyE -- 100% agree with you.

Vladimir Golovin
Monday, December 30, 2002

*  Recent Topics

*  Fog Creek Home