3

I have a small software program for my intellectual property. I wrote it in VC++ as a Visual Studio 2010 DLL project.

I want to protect the code for the DLL. Protect the logic in the DLL from reverse engineering.
Put a expiration period in the DLL, just like a trail period that will expire in 1 month.

What are my best option here? What shall I use for expiration after trial period, that cannot be cracked or reverse engineered? I never did this before, so basically I am clueless here.

Any help appreciated!
Thank you

Michael Burr
  • 333,147
  • 50
  • 533
  • 760
Majoris
  • 2,963
  • 6
  • 47
  • 81
  • Whatever you do, it's going to be an arms race with users -- you can always make it *harder* to reverse engineer, but not impossible. Good hackers will always find away around it. – Adam Rosenfield Jul 16 '12 at 15:57

2 Answers2

2

Security is a scalar--more security is better, but at a cost. In this case, you have two choices:

  1. Roll your own solution (obfuscation, encryption, etc). Cost is your labor to engineer, test, fix, and support it. Other cost is whether your customers will be irritated because you have created problems for them (because your implementation is flawed due to lack of experience on your part, lack of energy invested, lack of use case testing, or whatever).

  2. Buy a commercial "padlock". Our company makes them, so do other companies. Cost is cash out the door (doesn't have to be much, could be very affordable depending on the solution you choose). Commercial product should make it incredibly quick and simple to both protect the dll and create a trial version.

Upside is you don't have to spend your energies on something you don't know much about (turning to specialists for a specialized solution) and you have a single throat to choke if there's an issue you need to be addressed. Also you can buy better security than you can possibly make yourself.

If your dll is valuable, spend some resources to protect it soundly. If you had expensive jewelry, would you keep it in a cigar box or a safe deposit box? If it's not very valuable, don't bother with the safe deposit box, the cigar box under the bed is sufficient.

John Browne
  • 700
  • 4
  • 6
  • have you ever tried lock picking? You should. I think no one into lock picking is ever going to consider you company's solution with the padlock analogy you're using. There is *nothing* secure about a padlock :) ... I like the rest of the points, though. – 0xC0000022L Jul 23 '12 at 14:25
0

What shall I use for expiration after trial period, that cannot be cracked or reverse engineered?

There is not much that can't be cracked. Please read my answer over here. As a reverse engineer myself I totally agree with Adam Rosenfield's comment on your question. It's an arms race, no more no less. Make your software cool and interesting and someone might actually take the time to crack the most time-consuming protection scheme.

I never did this before, so basically I am clueless here.

This makes things even worse, because it means that you cannot even judge well which solution may stand a chance and which won't. The thing is, you can only deter "crackers" so much. But the more interesting question if your protection doesn't get cracked whether it was good or whether your software is perhaps so uninteresting that no one makes an effort to crack it. Again, read my linked answer on the related topic.

The gist: I am questioning the motivation for this kind of protection mechanisms. The best trial w.r.t. protection from IP "theft" is the feature-limited trial, not the time-limited trial.

Let me quote myself from the linked answer:

The general problem in most of these cases is that on one hand you trust the users (because you sell to them), but on the other hand you don't trust them (because you try to protect your software somehow). When you look at it this way you can see how futile it actually is.

Community
  • 1
  • 1
0xC0000022L
  • 20,597
  • 9
  • 86
  • 152