Put the knife down and take a green herb, dude. (c) Ruffin Bailey 2001-2021

Happy new year, etc. USENET has roped me back into my favorite discussion: How shareware authors are doomed, DOOMED! More seriously, there is no perfect solution for protecting shareware written in interpreted languages, and it appears it's worth talking about again. So with the magic of cut & paste, here's what I had to say! Yay!

Peter Olcott wrote:
> "Nick Hebb"  wrote in message
> news:1136626317.968074.44360@z14g2000cwz.googlegroups.com...
> > Another option is to use a traditional license protection tool (e.g.
> > Armadillo). Put some critical bits of functionality in a COM DLL called
> > through interop. The COM DLL can then be wrapped with the protection
> > tool.
> >
>
> This is the only one that I could find that works with .NET. It also seems to
> work with everythig else.
>
> http://www.ionworx.com/SerialShield.html
>
> This product seems to have all the features of an excellent copy protection /
> trialware maker. It has one feature that I was not even aware was possible. It
> apparently can prevent itself from being reverse engineered through
> anti-debugging.
...

There seem to be a number of issues here. For the first quoted post, if you put your license check in a DLL, it'll be hard to decompile that, but still just as easy to decompile the portion of your .NET program that accesses it. At some point, .NET code is still going to be your weak link, and your "protection" is still toast.

For the second, I went to the site for the SerialShield to see what "antidebugging" is. Here's a quote:

"The main purpose of SerialShield is to make the crackers job more difficult should they attempt to crack your program(s). "

I believe the key phrase is "more difficult". As best I can tell, this feature is code obfuscation. This is a good thing to use, and strips out much of the info that would make decompiled code easier to understand, but still isn't much protection from ultimately being cracked.

Perhaps I've missed something, however. Anybody know exactly what this feature is trying to do if it's not obfuscation? The rest of the features seem interesting, but I wonder how you'd implement without adding a check for the, eg, Machine ID, somewhere in .NET and then *poof*, .NET is your weakest link again.

I released a shareware app in Java some years back, which is also an interpreted language, and started having some of the same questions. There's a relatively interesting (well, to me anyhow) and detailed thread on the same subject from the point of view of Java developers here:
[click me]

I asked pretty much the same questions, and the answers were every bit as disheartening as I'd suspected.

The key to remember is that you need to go in thinking not, "How do I remove any possibility to crack my program?" but "How do I maximize my returns by making my app more difficult to crack?" I wax prolific on this one too, I'm afraid. This URL:
[click here]

Good luck,

mfn

title: Put the knife down and take a green herb, dude.	descrip: One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com Using 89% of the same design the blog had in 2001.
FOR ENTERTAINMENT PURPOSES ONLY!!! Back-up your data and, when you bike, always wear white. As an Amazon Associate, I earn from qualifying purchases. Affiliate links in green.
x MarkUpDown is the best Markdown editor for professionals on Windows 10. It includes two-pane live preview, in-app uploads to imgur for image hosting, and MultiMarkdown table support. Features you won't find anywhere else include... MarkUpDown Multiline Table & Bootstrap Grid support. Beautiful Easy Actions that keep the Markdown flowing. HTML paste to paste HTML source into your documents. You've wasted more than $15 of your time looking for a great Markdown editor. Stop looking. MarkUpDown is the app you're looking for. Learn more or head over to the 'Store now!

Sunday, January 08, 2006
Here we go again -- licenses in interpreted languages Happy new year, etc. USENET has roped me back into my favorite discussion: How shareware authors are doomed, DOOMED! More seriously, there is no perfect solution for protecting shareware written in interpreted languages, and it appears it's worth talking about again. So with the magic of cut & paste, here's what I had to say! Yay! Peter Olcott wrote: > "Nick Hebb" wrote in message > news:1136626317.968074.44360@z14g2000cwz.googlegroups.com... > > Another option is to use a traditional license protection tool (e.g. > > Armadillo). Put some critical bits of functionality in a COM DLL called > > through interop. The COM DLL can then be wrapped with the protection > > tool. > > > > This is the only one that I could find that works with .NET. It also seems to > work with everythig else. > > http://www.ionworx.com/SerialShield.html > > This product seems to have all the features of an excellent copy protection / > trialware maker. It has one feature that I was not even aware was possible. It > apparently can prevent itself from being reverse engineered through > anti-debugging. ... There seem to be a number of issues here. For the first quoted post, if you put your license check in a DLL, it'll be hard to decompile that, but still just as easy to decompile the portion of your .NET program that accesses it. At some point, .NET code is still going to be your weak link, and your "protection" is still toast. For the second, I went to the site for the SerialShield to see what "antidebugging" is. Here's a quote: "The main purpose of SerialShield is to make the crackers job more difficult should they attempt to crack your program(s). " I believe the key phrase is "more difficult". As best I can tell, this feature is code obfuscation. This is a good thing to use, and strips out much of the info that would make decompiled code easier to understand, but still isn't much protection from ultimately being cracked. Perhaps I've missed something, however. Anybody know exactly what this feature is trying to do if it's not obfuscation? The rest of the features seem interesting, but I wonder how you'd implement without adding a check for the, eg, Machine ID, somewhere in .NET and then poof, .NET is your weakest link again. I released a shareware app in Java some years back, which is also an interpreted language, and started having some of the same questions. There's a relatively interesting (well, to me anyhow) and detailed thread on the same subject from the point of view of Java developers here: [click me] I asked pretty much the same questions, and the answers were every bit as disheartening as I'd suspected. The key to remember is that you need to go in thinking not, "How do I remove any possibility to crack my program?" but "How do I maximize my returns by making my app more difficult to crack?" I wax prolific on this one too, I'm afraid. This URL: [click here] Good luck, mfn posted by ruffin at 1/08/2006 09:56:00 AM

<< Older \| Newer >>