Seriously, consider rolling your own for having complete control over your algorithm. It happened to Discreet in five minutes once they went with a third-party license solution for 3ds Max years ago. Once that component is cracked for one application, it's cracked for all applications. I've always considered this area too critical to trust a third party to manage the runtime security of your application. But it really is the programming equivalent of trying to build a perpetual motion machine. Developers have been trying to come up with ever more complex schemes for this, thinking that if they develop their own system for it then it will be known only to them and therefore 'more secure'. It won't, and cannot be as long as people control the hardware and OS your program runs on. All the same caveats apply though - people can get round anything like this.Ĭonsider also the support costs of having to deal with users who have forgotten their key, etc.Įdit: I just want to add, don't invest too much time in this or think that somehow your convoluted scheme will be different and uncrackable. Also be very careful that your scheme does not become obtrusive to paying users - it's better to have some ripped off copies than for your paying customers not to be able to use what they have paid for.Īnother option is to have an online check - just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period.
So you should just make it difficult enough that an honest user will not forget to pay. You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof. Digitally signing your code won't help, they can remove that signature, or resign it. Same applies even if you supply a dongle - if someone wants to, they can patch out the check for that too.
Even if they can't someone will, and will distribute the hacked version.
It doesn't matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it).īeware of false sense of security though - sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Then you just verify it within your program. Then encrypt that using some crypto algorithm with a fixed key or hash it. program features to enable, expiry date, name of the user (if you want to bind it to a user). This could include anything you want - e.g. You can do something like create a record which contains the data you want to authenticate to the application.
0 kommentar(er)
