Best Shareware lock for Delphi Win32

Question

Same intro as my last question:

I am re-writing and/or consolidating a bunch of my "app framework" classes (basic mainform, about box, locking routines & purchase linking, auto-update, datamodule initializer, etc) -- Basically, I have a number of small potential shareware apps that I'm wanting to get out the door, and want to re-use code where I can, as well as build a framework for later apps to save time.

But different question: : )

What is the best shareware lock component for Delphi Win 32 apps? (I don't mind paying for commercial if that's best).

Clarifying -- yes, best license key verification / lock + trialware component.

lol, the GPL is a lot of things (mostly evil), but a shareware licensing system it is not. — TWA, Apr 01 '09 at 21:56
That is what I mean, don't fight, make it good quality, avoid others to lock in licensing it with GPL and charge for services — Miquel, Apr 01 '09 at 22:17
Services don't scale when compared to straight sales. Not all programs require services - programming tool, disk utilities. Services only really apply to enterprisy type scenarios. Sales can be made to anyone anywhere , doing stuff in person as a service is not as practicle... — mP., Apr 02 '09 at 13:22

Michael Riley - AKA Gunny · Answer 1 · 2012-02-13T13:39:06.473

5

I created a "self-modifying" EXE by appending a data record to the end of my compiled application. The first thing my application did was get the machine id and the bios date from the computers memory. I would then compare these to the machine id and bios date stored in the appended data record. Seek to end... back up XX number of bytes... read to end.

This worked great. If a buddy passed on a program to a friend and it didn't recognize the machine id or bios date and reverted back to trial-ware. When they entered the key successfully I would update the appended record with that machines user information.

Then Norton started flagging my software as a virus because it was a self-modifying EXE. That put a halt to my app locking days. I haven't tried since.

edited Feb 13 '12 at 13:39

answered Oct 25 '09 at 12:27

Michael Riley - AKA Gunny

5,074
4
42
89

1

I realise this was from a long time ago, but i was looking for something basic like this (just a simple timing program) do you have an example of the code to create a self modifying exe – Kieran Wilson Oct 30 '12 at 00:02
1. User updates the hardware -> Key not recognized -> you have to support the user and send new key. 2. How does the program know WHEN to 'accept/write to itself' the computer ID? Because whatever the procedure it is, one the cracker finds it, it can share it on Internet -> program hacked to work in all PCs. – Gabriel Jan 20 '17 at 17:00
Another upvote for "please share the source" – Mawg says reinstate Monica Jan 30 '17 at 18:45

score 5 · Answer 2 · answered Apr 01 '09 at 19:41

5

There is no effective way to lock down an application, period. You can make it more difficult for users to use the program without a valid license from you, at the risk of creating false negatives, which can become a PR nightmare very quickly in the Internet age.

There are two ways to go about doing this. You can create some sort of DRM lock built into the software. These take no time flat for some talented hacker to reverse-engineer. (The best tend to last about 1 month.) Or you can create a validation system that requires the program to connect to a server. These are a lot harder to crack, but tend to have serious false-negative problems, and if your server ever goes down, all your paying customers are up a creek. In the end, neither is a good solution.

Long story short, if you want to make a program that will be profitable, make it of high enough quality that people will be willing to pay for it, and market it to the people who are willing to buy software instead of steal it. There just aren't any shortcuts.

answered Apr 01 '09 at 19:41

Mason Wheeler

82,511
50
270
477

1

I know you can't beat the hackers -- basically looking for best tool to keep honest people honest, which in a full-functionality trialware marketing approach, is has been proven to be both necessary, and effective. (Don't have the reference, but I remember reading a very clear case study of it). – Jamo Apr 01 '09 at 20:44
+1, regardless how often this will get asked, there is no better answer. But "s/hacker/cracker/g" please. – mghie Apr 01 '09 at 20:46
The case study was someone who released a full-function "shareware" app both ways at the same time: 1) as a time-limted trial version, and 2) as an "honor system" true "shareware" app. The former blew away the latter in terms of revenue, by a HUGE margin. It's not just about crackers & pirates. – Jamo Apr 01 '09 at 20:59
I wish I could find it (tried can't recall a unique enough search term to grab it via Google). I'm not making it up though -- it came as a reference link on one of ny "MicroISV" RSS feeds I think. If I can find it again, I'll definitely post here. It was VERY interesting! – Jamo Apr 01 '09 at 22:28
Jamo, Mason - if it's any consolation I remember reading something very similar to that and I can't find it either. I thought it might actually have been in Bob Walsh's book, but I can't see it. I have no idea where I read it, but if it comes to me I'll post the link here. – robsoft Apr 02 '09 at 06:45
@Jamo, I think you're confusing the well-known study by Colin Messit, regarding the profitability of full-function, non-expiring trial (e.g. the "honor system") vs. crippling (features were missing or degraded as the trial approached or exceeded the expiration). Colin did a proper A/B split test, pretty much proving that crippling/limiting was the way to go. The Association of Shareware Professionals changed their bylaws to allow crippling, to the chagrin of "purists". And a lot of authors made a lot of money as a result. – Chris Thornton May 10 '10 at 03:21
1

Agree with Mason. There is no DESKTOP software (game, OS, graphics app, business app) on this planet that successfully resisted an attack (this does not stand true for web apps). The reason is super simple: the cracker has access to the protection code. There is nothing in this world that prevents the cracker for modifying the protection code in whatever way he desires. If the cracker wants to make pink hearts out of it, it can. All you need is some ASM knowledge and a dissembler. Period. – Gabriel Jan 20 '17 at 16:58

score 3 · Answer 3 · answered Apr 02 '09 at 01:23

I tend to agree that aggressive DRM is really bad and annoys legitimate users, but, at the same time, an incentive to keep honest people honest isn't bad either, provided it doesn't get in the way...

Not a real component reference, but some interesting reading on protecting software:

anti-cracks tips:
Fravia's HOW TO PROTECT BETTER.
Pirate-Me-Not.

reflections on Piracy and DRM:
Piracy and Unconventional Wisdom.
Piracy & PC Gaming.

score 2 · Answer 4 · answered Apr 01 '09 at 23:44

I have used OnGuard by turbo power in several projects, but do not rely on it being the only method to protect the software. You can also use the LockBox library to encrypt data, such as a record stuffed in a database your app controls, containing license registration data that you emailed to the user and they applied via cut and paste into the about box.

The strongest way to protect things is to have a piece that the user doesn't have access to, and have your software "call home" to validate that its still valid (very DRM like). Unfortunately, this is easy for anyone to block by turning on thier software firewalls and excluding your application from using the internet. Of course DRM like systems have a bad name right now, but its partly because they are a frustration point to the end user because they work... as long as the service which validates the license is up.

I'd prefer to think they have a bad name because they do things which, in any other context, would be classified as illegal computer hacking, and users savvy enough to know what DRM is don't like the double standard. — Mason Wheeler, Apr 01 '09 at 23:54

score 2 · Answer 5 · answered Apr 02 '09 at 06:11

2

Oreans has very good production products(Themida & WinLicense), and recommended more than other products.

answered Apr 02 '09 at 06:11

Mohammed Nasman

10,992
7
43
68

score 2 · Answer 6 · answered Apr 02 '09 at 08:22

Having watched others have trouble in the past with third party licence & protection software, I think there is only one viable system. First, don't spend too much time on it, just make a good product, and update it often. Second, separate the install code from the protection. This way you can change the protection at the drop of a hat, without affecting any users. This basically means you have to write your own install code system, or use one like the old Turbopower one. Then use something that will protect your decoder a little. I currently use the Oreans Code Virtualizer which is quite sufficient.

Keeping them separate gives you flexibility, and less hassle.

How did Code Virtualizer has fared since your reply? Are you still using it and have you found any issues to note about? — smartins, Feb 21 '10 at 10:43
@smartins It still just keeps on working for me. Adding the sections to encrypt is easy, and making it happen in my build script is easy. No problems! — mj2008, Feb 21 '10 at 15:49

score 1 · Answer 7 · answered Sep 04 '10 at 22:30

I tend to prefer Armadillo from Silicon Realms (http://www.siliconrealms.com/). It has nice nice features and is integrated with Digital River/RegNow.com (being a subsidiary of them).

There are alot of Anti-Armadillo software available but custom builds a some additional prevention coded by you do magic.

score 0 · Answer 8 · answered Dec 25 '12 at 05:17

0

I'm Trial License Shield SDK, seem to be able to achieve the desired functionality.

But it is a DLL, not you wish VCL Component.

answered Dec 25 '12 at 05:17

hingman

1

score 0 · Accepted Answer · answered Apr 01 '09 at 19:31

0

I've used ICE License in the past. Tool was easy to use - which is good, as the support was shocking!

None of these types of products is perfect, but, if you've decided that this is the route you want to go, you could do worse than this product.

answered Apr 01 '09 at 19:31

dommer

19,610
14
75
137

Thanks -- this was actually one I'd found a few years ago, but couldn't think of the name of it. Appreciate the help, and good to here it worked well. Will check it out. – Jamo Apr 01 '09 at 20:45
4

Be warned, support for this product may be hard to obtain or nonexistant, based on responses to this question: http://stackoverflow.com/questions/2290324 – Argalatyr Feb 18 '10 at 22:03

score 0 · Answer 10 · answered Apr 02 '09 at 13:03

I also not believe that it's worth to spend a lot of time and energy in a tecnical protection, the people who want steal your software wil doe it anyway.

Peldi Guilizzoni from Balsamiq have a nice blog post over this subject:

http://www.balsamiq.com/blog/?p=382

score 0 · Answer 11 · answered Apr 02 '09 at 14:29

0

I can second the recommendation for Oreans' products. Their support is particularly good, too.

I also use Armadillo - which is ok, but I wouldn't recommend it anymore; and ASProtect, which I really wouldn't recommend at all.

answered Apr 02 '09 at 14:29

stg

367
5
7

Best Shareware lock for Delphi Win32

11 Answers11

Linked