Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Conventions to follow to make Commercial software harder to crack?

Tags:

c#

drm

What are some good conventions to follow if I want to make my application harder to crack?

like image 865
Josh Avatar asked Apr 30 '09 13:04

Josh


3 Answers

As long as your entire application is client side, it's completely impossible to protect it from being cracked. The only way to protect an application from being cracked is to make it have to connect to a server to function (like an online game, for example).

And even then, I have seen some cracks that simulate a server and send a dummy confirmation to the program so it thinks it's talking to a real, legit server (in this case I'm talking about a "call home" verification strategy, not a game).

Also, keep in mind that where there is a will, there's a way. If someone wants your product badly, they will get it. And in the end you will implement protection that can cause complications for your honest customers and is just seen as a challenge to crackers.

Also, see this thread for a very thorough discussion on this topic.

like image 95
ryeguy Avatar answered Sep 30 '22 11:09

ryeguy


A lot of the answers seem to miss the point that the question was how to make it harder, not how to make it impossible.

Obfuscation is the first critical step in that process. Anything further will be too easy to work out if the code is not Obfuscated.

After that, it does depend a bit on what you are trying to avoid. Installation without a license? The timed trial blowing up? Increased usage of the software (e.g. on more CPUs) without paying additional fees?

In today's world of virtual machines, the long term anti-cracking strategy has to involve some calling of home. The environment is just too easy to make pristine. That being said, some types of software are useless if you have to go back to a pristine state to use them. If that is your type of software, then there are rather obscure places to put things in the registry to track timed trials. And in general a license key scheme that is hard to forge.

One thing to be aware of though - don't get too fancy. Quite often the licensing scheme gets the least amount of QA, and hits serious problems in production where legitimate customers get locked out. Don't drive away real paying customers out of fear of copying by people would most likely wouldn't have paid you a dime anyway.

like image 39
Yishai Avatar answered Sep 30 '22 11:09

Yishai


Book: Writing Secure Code 2

like image 24
Brian Avatar answered Sep 30 '22 09:09

Brian