2

Possible Duplicate:
Protect .NET code from reverse engineering?

I want to make my software that it doesn't get distributed without being purchased?

One way i thought was to make web service and keep track and all stuff.

But limitation is that not all the computers have Internet so this comes out of the question.

One idea was that I get the computer information like CPU Serial Number by WMI and then buld that software to run on system with that serial number. I cannot think of much better idea than this.

Please help me with some ideas how to make software secure.

I don't want to protect it from being decompiled. I want that if i give the a user with a single computer licence so this software sticks with that computer and does not tun on other computer

Community
  • 1
  • 1
Afnan Bashir
  • 7,319
  • 20
  • 76
  • 138
  • 5
    Developers have attempted this since the beginning of commercial software, and the conclusion is probably that making it secure is *impossible*. The trick is making it good enough to get people to buy it if they want it, but not overdo it so that it is a annoying process to your paying customers. – Øyvind Bråthen Jul 25 '11 at 12:19
  • @ Øyvind Knobloch-Bråthen keeping this thing in mind that here in my country every software is available in market cracked in 0.7 $ DVD so this makes me think that when microsoft failed to protect their windows 7 from piracy even that was good enough to get ppl to buy it...............then i am thinking an impossible :P – Afnan Bashir Jul 25 '11 at 12:25
  • 2
    I think the most important thing is to make buying the software *less* a hassle than finding it somewhere pirated and choosing the price so that your intended audience won't think too much about buying it or not. Lagrangian: Note that Microsoft does not make much money with Windows sold over the counter in stores. The majority of Windows sales are because you get it with a new computer. – Joey Jul 25 '11 at 12:25
  • what do you think of http://www.codeproject.com/KB/cs/GenerateUniqueKey.aspx – Afnan Bashir Jul 25 '11 at 12:29
  • 1
    @Lagrangian: I don't think Microsoft needs to put any significant effort against piracy of Windows. First, people already buy it indirectly when they buy a computer. Second, they have enough resources to pay lawyers to prosecute if they want to. Third, there are probably so many people trying to crack Windows that it will get cracked soon anyways (with enough eyeballs, all bugs are shallow, remember?). – André Caron Jul 25 '11 at 12:34
  • @Lagrangian - Your welcome to use the Unique Key code on that website. Fair warning is that if you do it would be really easy to modify the data file you use to work on any machine. All it would take is somebody to decompile your program, see how you generate and read the key, which takes 5 minutes at most. – Security Hound Jul 25 '11 at 13:13

3 Answers3

5

Short answer: You can't.

Longer answer: You CAN always put these security barriers, which makes the crackers' work HARDER, but in the end, they WILL crack it. It's a matter of balance: you can make their work harder, but this means MORE work for you, too. The only real way of protection from piracy, in my opinion, is to make the essential parts of your application, web-based, and have all your customers use a unique ID while contacting the service. In most scenarios (and in yours too, as you have pointed out), this is hard or even impossible, but to be honest, there's no other real way.

Can Poyrazoğlu
  • 33,241
  • 48
  • 191
  • 389
  • Going cloud will defenitly help keeping the goodies secret and under control. – gjvdkamp Jul 25 '11 at 12:37
  • 1
    Adding security measures may also make the software more difficult/annoying for customers to use. For example when Witcher 2 was released in Poland players could not play for the first 24h or so because the license server was down. – Paweł Obrok Jul 25 '11 at 12:44
  • Yes, I forgot about that point. People actually PAY for something, and it doesn't work due to extra security measures. Not really something anyone would want :) – Can Poyrazoğlu Jul 25 '11 at 13:54
3

Inishtech provides a solution calles Software Protection and Licensing Service that sounds like what you descibe. It's a spinoff from a micrososft project. It extracts and moves certain portions of your code to an encrypted dll that runs on a .Net VM that is encrypted too, specifically for that application/ client as I understand it, so it should be very secure.

Also has a platform to distribute and administrate licensing etc.

Don't know of any free alternatives.

Regards GJ

gjvdkamp
  • 9,929
  • 3
  • 38
  • 46
  • 1
    When posting answers that essentially consist only of a link it's usually advisable to at least elaborate on what you're linking to or quote relevant parts (in case the linked page goes offline or when people do not want to follow a possibly unhelpful link without knowing what to expect there). – Joey Jul 25 '11 at 12:29
2

There is always the Hardware Dongle: http://en.wikipedia.org/wiki/Dongle

Steve Wellens
  • 20,506
  • 2
  • 28
  • 69
  • 1
    Which can be circumvented as well, usually. I guess an option would be to outsource certain software features to the dongle and thus have them in hardware (or not at all if the dongle isn't present), but that prevents easy updates to *that* code and is probably not worth it. – Joey Jul 25 '11 at 12:27
  • Disclaimer: I work for a dongle company. Using smart-card based dongles, implemented according to the manufacturer's recommendation, is theoretically crackable but requires electronic equipment costing several hundred thousand dollars and extensive knowledge. We have customers protecting software with a retail price of $1.5MM with dongles. If they weren't pretty secure, they wouldn't do this. As for code moving, it's possible but the execution time would be slow. Updating is not an issue with CodeMeter. – John Browne Jul 26 '11 at 15:57