Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Conventions to follow to make Commercial software harder to crack?

Tags:

c#

drm

What are some good conventions to follow if I want to make my application harder to crack?

like image 865
Josh Avatar asked Apr 30 '09 13:04

Josh

3 Answers

As long as your entire application is client side, it's completely impossible to protect it from being cracked. The only way to protect an application from being cracked is to make it have to connect to a server to function (like an online game, for example).

And even then, I have seen some cracks that simulate a server and send a dummy confirmation to the program so it thinks it's talking to a real, legit server (in this case I'm talking about a "call home" verification strategy, not a game).

Also, keep in mind that where there is a will, there's a way. If someone wants your product badly, they will get it. And in the end you will implement protection that can cause complications for your honest customers and is just seen as a challenge to crackers.

Also, see this thread for a very thorough discussion on this topic.

like image 95
ryeguy Avatar answered Sep 30 '22 11:09

ryeguy

A lot of the answers seem to miss the point that the question was how to make it harder, not how to make it impossible.

Obfuscation is the first critical step in that process. Anything further will be too easy to work out if the code is not Obfuscated.

After that, it does depend a bit on what you are trying to avoid. Installation without a license? The timed trial blowing up? Increased usage of the software (e.g. on more CPUs) without paying additional fees?

In today's world of virtual machines, the long term anti-cracking strategy has to involve some calling of home. The environment is just too easy to make pristine. That being said, some types of software are useless if you have to go back to a pristine state to use them. If that is your type of software, then there are rather obscure places to put things in the registry to track timed trials. And in general a license key scheme that is hard to forge.

One thing to be aware of though - don't get too fancy. Quite often the licensing scheme gets the least amount of QA, and hits serious problems in production where legitimate customers get locked out. Don't drive away real paying customers out of fear of copying by people would most likely wouldn't have paid you a dime anyway.

like image 39
Yishai Avatar answered Sep 30 '22 11:09

Yishai

Book: Writing Secure Code 2

like image 24
Brian Avatar answered Sep 30 '22 09:09

Brian
Sign in to Comment

Related questions

How to justify text in a label
Special characters in property name
WebAPI error reading MIME multipart body part
Xamarin.Forms - BeginInvokeOnMainThread for an async Action
async await and threading
What does the |= Operator mean?
Unity - how to use Vector2.Reflect()
How to get C# (.net core) project directory path in Visual Studio 2017 RC3?
Clarify what select does
Add an image to an existing PDF file with iText7
How to get item from IEnumerable collection using its index in C#? [duplicate]
Azure DevOps XML Transformation During Release Not Working
Entity type ‘Business_attrib2object’ has composite primary key defined with data annotations. To set composite primary key, use fluent API
Initialize a List<T> with inline definition of <T>
Unable to load DLL 'tensorflow' or one of its dependencies (ML.NET)
How do you programmatically identify the number of references to a method with C#
C# Default scope resolution
Is there a quick way to remove using statements in C#?
UrlEncode - Javascript vs. C# [duplicate]
How to make sure a user can only vote once on an ASP.NET poll

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!