Thoughts and reflections on building Telaeris, Inc. from the ground up

2006-12-01

Copy Protection and Protecting Your Software Investment

When I initially thought about providing protection for our software,
I assumed that the problem had been solved. Clearly solutions would
be published and easy to find on the web, right? I couldn't have
been more wrong. It was fairly difficult to find free tools for
protecting our program. There are a few companies selling their
systems out there, but as with most things, I would prefer to
understand what is going on as opposed to assuming that it was done correctly.

I had a fairly short list of my requirements:
1. Asymmetric Function for Register/CreateKey (using cryptography most likely)
2. Easy program integration
3. Fast verification for program startup time
4. Ability to view the copy protection code and internal workings
5. Free (we are boot strapped after all!)

and a list of what I didn't want to have for the system
1. Dongles
2. Internet Activation
3. Complex integration into the program
4. Encrypted Machine Code
5. Registration tied to a machine.

The basic premise is similar to locking your car. You know that if a capable thief wanted to, he could steal it whenever he wanted. However, a minimum amount of security will help the honest people stay honest by removing temptation and deter the lowlifes who might want to take your brand new car for a joy ride. But at the same time, drivers generally don't want anything more onerous than a key protecting their vehicle. My feeling is that software protection is similar to this.

We are not super concerned with the highest level of security for our software. My research indicates that if users wants to circumvent copy protection there is always a way around it. We would prefer to have our system out there in use for extra market exposure than worry about people cracking our software. Mostly, I wanted a system that was easy for the user, avoided lost keys or activation issues, but provided our company with a certain measure of protection. The
goal is to provide enough security for the average user and to help us track our users from a company standpoint.

After much searching, I came across the following information that I thought might be helpful to others as well as some solutions we are considering.

LicenseKey - pure vb6 code available for anyone to read.
http://www.killervb.com/LicenseKey.aspx http://www.killervb.com/Download.aspx?FileId=LicenseKey )

Similarly there is a ActiveLock, a nice open source ActiveX control for copy protection.
http://www.activelock.com/

While reading up on copy protection and cryptography, I came across the following site which was incredibly useful reading about how people crack copy protection.
http://www.inner-smile.com/nocrack.phtml

The Google Answer page was very helpful for an overview - He also linked to the above two sites.
http://answers.google.com/answers/threadview?id=121722

This was interesting simply because it was a pure VB6 code approach to use the RSA approach, except I had to generate the keys outside of the program, but this wasn't a big deal.
http://www.di-mgt.com.au/crypto.html#dhvb

The code project had a nice discussion of software security here.
http://www.codeproject.com/library/ssdsdk.asp

How To Protect Your Software Better was a nice discussion of security.
http://www.searchlores.org/protec/protec.htm

So in conclusion, there were no silver bullets, but many nice applicable solutions. If you are looking to do something similar, I hope this was of some help!

posted by David Carta at 7:36 PM

0 Comments:

Post a Comment

<< Home