I just put a computer info based algorithm in my simulator today. I am finally moving toward making a version of my relativistic physics of spacefilight simulator available on the net with some features being registration activated. Looking for a web site is part of it.

My first idea was to somehow get the physical location of the file on hard disk (haven't found a way of doing that yet either) as a basis for unique registration but then a disk defragmentation would invalidate the registration so that will not work, unless there is some way of making the file un-movable like some system file are. Although that sounds a bit unfriendly.

Any thoughts would be welcome.

ummm just have a serial sign up to go with it as it is the easiet most painless one availble at the moment

How does serial sign up work? Sound similar to what I am doing. I generate a number based on their computer info which they have to send me with their check then I can send them a number based on the one they sent be that will unlock registered features. Since the number I give them will not work on other computers copying will only result in unregistered copies on other computers.

Does serial signup mean that you issue copies with their own unique serial number? How is copying discouraged?

i hate it when i buy something but i can't install it on more than one of my computers. and honestly, whats the point of serial keys, etc.? You (and many other people) know that a cracker's just gonna come along and crack it, don't you?

mitchellmckain,

Nice tutorial on win32 although MS's weakpoints have always been their APIs and it's good to know your a physics teacher, you'll find programmers need someone handy like that around.

I have to say that your method has it's flaws. I've given up Reverse Engineering, well partially, other than to understand how programs work but I use to break software copy protection all the time, it was for the challenge more than anything or how I would put it, I was a bored teenager looking for something to waste my time on.

I can tell by your method, that

1) It is going to generate a number from something from the users computer, which is most likely going to be unique from someone elses computer. A lot of software companies tried and failed this method.

2) This number is sent to you, in which you generate the key from their number sent to return back to them the key that registers the program. Again another tried and failed attempt.

To say what will happen if someone attempts to break your protection is quite easy, they will discover how the number is generated, since the key you use is based on their key, they will also find in your program how your key would be checked against their key, which pretty much shows them how they will generate your keys without requiring your input. Obviously your program will have to contain the same information you use to check against being a valid key or not, since there would be no other means of actually checking your key if otherwise. (or is there?)

I have to say, software protection is really a time wasted effort, if someone wants to get in they will. Although I can tell you methods that are quite effective in at least making sure that not everyone is capable of breaking it, but the end result usually is, if it gets broken into once, once is enough, soon the answer is circulating around the web and now everyone will be capable of breaking it.

If you really want help in making your software as protected as it could be, write your protection in a crackme, submit it to a crackme site and get people to crack your software and they will write solutions to how they did it. Read their solutions thoroughly and then work on how to fix the problem, you may continue submitting altered crackmes until finally it becomes unsolved, when it reaches this stage, you know you've got a fair chance, but don't put everything on it saying it's unbreakable.

The methods that I had difficulties in solving usually were the results of finding multiple keys in multiple parts while being lead on and on and on, while also having to refer back to whether a flag was set or not set. The cryptography or even just advanced mathematics could set code crackers back and forth. The longer you keep this up, the least likely anyone would be willing to crack it unless it is important but as I say, it's not 100% foolproof, it's just more time consuming than anything.

You could work on your anti-debugger/disassembler, pack your software, etc.

In the end it comes down to what you think, would your rather work on fixing your program, or spend endless efforts on protecting it? If you spend endless efforts on protecting it, there are some people who spend endless efforts on unprotecting it.


Cheers,


MC

Gosh you don't have to tell me it is not unbreakable, its just the first idea I thought of that I could implement. My first idea was to get location on disk but then realized that one disk defrag would render it inoperable. I was looking for ideas and from what you have said you don't think there really is anything better other than to make the code which computes the comparison number difficult to trace.

In any case, I am realistic. The purpose of copy protection is like the lock on your front door, to discourage the casual intruder. I did not spend a lot of time making my comparison number calculation difficult to trace, so maybe I will discourage the cracker with boredom.

Any software is crackable, but if you want to make it a little harder, distribute the full version as a separate binary from the demo. Write into the code (not something lame like into the data section of the exe, so the code cannot be "patched out") some customer ID for those that buy the full version. When you find your software on a p2p network in pirated form, you know who to harass.

You *can not* stop software piracy...but you can get a little payback

I think the simplest thing to do is to do a serial check on start-up. You can encode something using their computer name and a key stored in an ini file. You could have a hard-coded key in the program that "decodes" the ini key with the computer information. As long as somebody doesn't figure out the encryption algorithm, you should be safe, and you wouldn't have to worry about people using your software without registering. Since your program is probably not the highest of targets for fraud, you shouldn't have to worry too much about people hacking your algorithm.

Implementation:
To do this, I would convert their computer-name into a hex-representation, and then do some logarithmic function on it (choose some ridiculous base like 13 or something), and then store the result as the base. Do the reverse (an exponential function) to the key on startup, and if the result matches the computer-name, you're good to go. If not, end the program and give some insulting message box that tells them to stop trying to steal your program.


This is not copy protection, but it will not allow unauthorized use of your program, so long as somebody doesn't figure out what you did. You could use some other piece of information from their computer, such as hard-drive name/serial number, or some ridiculous piece of hardware that will never change. You could also store the result into some weird base, like base 5 or base 7. Use your imagination.

Anyway, hope this helps; good luck!!