When I initially thought about providing protection for our software, I assumed that the problem had been solved. Clearly solutions would be published and easy to find on the web, right? I couldn’t have been more wrong. It was fairly difficult to find free tools for protecting our program. There are a few companies selling their systems out there, but as with most things, I would prefer to understand what is going on as opposed to assuming that it was done correctly.
I had a fairly short list of my requirements:
1. Asymmetric Function for Register/CreateKey (using cryptography most likely)
2. Easy program integration
3. Fast verification for program startup time
4. Ability to view the copy protection code and internal workings
5. Free (we are boot strapped after all!)
and a list of what I didn’t want to have for the system
2. Internet Activation
3. Complex integration into the program
4. Encrypted Machine Code
5. Registration tied to a machine.
The basic premise is similar to locking your car. You know that if a capable thief wanted to, he could steal it whenever he wanted. However, a minimum amount of security will help the honest people stay honest by removing temptation and will deter the lowlifes who might want to take your brand new car for a joy ride. But at the same time, drivers generally don’t want anything more onerous than a key protecting their vehicle. My feeling is that software protection is similar to this.
We are not trying to implement the highest level of security for our software. My research indicates that if users wants to circumvent copy protection there will always be a way around it. We would prefer to have our system out there in use. Because we tie into hardware, eventually we will find out if people crack our software. Mostly, I wanted a system that was easy for the user, avoided lost keys or activation issues, but provided our company with a certain measure of protection. The goal is to provide enough security for the average user and to help us track our users from a company standpoint.
After much searching, I came across the following information that I thought might be helpful to others as well as some solutions we are considering.
LicenseKey – pure vb code available for anyone to read.
http://www.killervb.com/LicenseKey.aspx http://www.killervb.com/Download.aspx?FileId=LicenseKey )
Similarly there is a ActiveLock, a nice open source ActiveX control for copy protection.
While reading up on copy protection and cryptography, I came across the following site which was incredibly useful reading about how people crack copy protection.
The Google Answer page was very helpful for an overview – He also linked to the above two sites.
This was interesting simply because it was a pure VB code approach to use the RSA approach, except I had to generate the keys outside of the program, but this wasn’t a big deal.
How To Protect Your Software Better was a nice discussion of security.
So in conclusion, there were no silver bullets, but many nice applicable solutions. If you are looking to do something similar, I hope this was of some help!