C++ API : license management to protect a software [closed]

Question

I'm searching for a C++ and open source library to protect a commercial software again crack etc...

Do you know one ?

Answer 1

I have a phrase I like to use for these types of situations: "You can't solve a social problem with a technological solution". If someone is sufficiently motivated to do something you don't like, you can't stop them. The harder you make it to do something, the harder they'll try to get around your barrier. In the end, the only way is to diminish their motivation, and that needs a social solution.

Effectively preventing software from being cracked is an incredibly hard cat and mouse game. With every advancement you can make protecting your program, someone is going to figure it out and get around it. After all, your program does have to run on a computer, and if the computer can understand what it's doing, given enough time, a sufficiently motivated person can do it.

I'm not saying that crack-protecting isn't useful. If you make it hard enough, it will take crackers so long to subvert your software that once they do, that version's so out of date that it's useless. But doing this right is very difficult, and unfortunately there are no simple band-aid solutions that a lay-person can just slap on. Like Tom said, any "just stick it in" method of crack proofing can be just as easily be "snipped right out". Your program needs to be designed from the start to have an anti-cracking approach.

With no intention to insult you, if you're asking this question, then its clear that you don't know enough about software protection to design it in or to use it effectively, and you clearly aren't prepared for the arms race you need to be in to keep your software really powerfully protected.

Most likely whatever you're writing isn't worth the effort of locking it down to an extreme level. Take the simple approach. Your goal should be to keep honest people honest. Just write a plain old, simple verification routine to check if the user's key, when combined with the user's name, address, and other info, passes some checksum. For every copy you sell, take the user's info, generate the key and give that to them. Change the checksum with each version so users can't use old keys. If you must, combine that with some type of periodic "phone home" system over the internet, where a list of leaked (and thus rescinded) keys is published.

Keep in mind that phone home systems tend to piss off your honest customers, and it's far worse to burn a good customer with bad copy protection (a sale you'll never get again) than to keep a non-customer from getting a copy of your program (a sale you wouldn't have gotten anyway).

Sure a cracker can get around it, but crackers aren't your customers. You can't stop them or change their motivations. In the end, they're going to do what they're going to do.

Sure a bad customer could give out their key, or use it against the terms of your license (like run it on too many computers). A key could leek out or be stolen, and a bad person could use it, or they could use a cracked version. You can't prevent those things from happening, but you do have the legal system (a social solution) to deal with it when it does.

The important thing is that you avoid spending too much effort on locking things down and that you avoid making things too draconian for your legitimate customers. After all, you write software for your those customers, not for the crackers. Pissing off your customers to make thing just a little harder for the crackers is never worth it.

Answer 2

Yeah, you see, that's the thing. If such a thing existed it would use predefined library functions which would be very easy to detect from a crack... This is exactly why Apple doesn't provide sample code for its App Store protection on Mac: making an open-source library for it makes it easier to crack apps rather than harder. After all, if you implemented something like this you wouldn't add extra protection anymore and the cracker could make a generic crack for all software.