|
Pages: [1]
|
 |
|
 Author
|
Topic: Software registrations (Read 4270 times)
|
|
Paul
|
What are industry standard with respect to software protections and registrations?
What is the best way to harden REBOL apps against cracking groups?
How secure are Encapsulated Apps?
Just thought I would throw these topics out to get some activity going regarding this.
Paul
|
|
|
|
|
Logged
|
|
|
|
|
|
|
Paul
|
I gave this topic quite a bit of thought and have developed a few tools to aid me. One person in those threads made the most valid point about registrations systems and that is that the software may eventually get cracked but it gives the developer time to release a new version. I do believe in the key file system much like how Rebol Technologies distributes their software.
Paul
|
|
|
|
|
Logged
|
|
|
|
|
GedB
|
In the manner of senile uncle at a dinner party I digress with a little story.
I visited Cyprus over Christmas, and in Cyprus we visited a historical site - a castle.
Surrounding the castle was this tiny wall. You could jump over it with just a small run up. In the wall by the car aprk was a gate, which was padlocked.
Since the gate was clearly locked, we walked round to the entrance and paid the nominal fee, just a couple of pound. There were quite a few others who reacted the same way as us.
I tell this story because at the time I though that it showed how even the most ineffective of barriers work by showing an intent, making it clear that a fee should be paid.
|
|
|
|
|
Logged
|
|
|
|
|
Paul
|
Well said!
Paul
|
|
|
|
|
Logged
|
|
|
|
|
Gregg
|
Your biggest risk is not someone cracking RT's encryption scheme for enapped apps. If you have an untrapped runtime error it will dump them to a console session, where they could, if they are clever, find out pretty much all they want to know about your code.
I'm sure someone could come up with an obfiscation scheme, as has been done for other languages, though it might be a bit harder for REBOL.
|
|
|
|
|
Logged
|
|
|
|
|
Graham
|
It may dump you to a console screen, but all you can do is hit enter and *poof*, it's closed down and gone  |
|
|
|
|
Logged
|
|
|
|
|
Gregg
|
Ahh, Hmmm. Haven't done it in a while myself, but I thought I had made a note about that being a hole--one of my early encap experiences. Thanks for correcting me Graham.
|
|
|
|
|
Logged
|
|
|
|
|
Ashley
|
Two interesting links on this very subject: http://www.tidbits.com/tb-issues/TidBITS-620.htmland: http://www.woodmann.com/crackz/Tutorials/Protect.htmI do the following to protect my REBOL/SDK programs on Windows: [li]Wrap the entire program in a "if error? set/any 'error try []"block
[li]Generate a registration key based on something unique about the PC (I sometimes use the Windows product ID)
[li]For high-end software, make use of a USB dongle
All this won't stop someone determined enough, but it will discourage / prevent the more common casual piracy. If you've read the 2nd link above, then you'll know that it's a lot harder to produce a crack for an interpreted language like REBOL, even more so since it is not main-stream. With regards to the risk of your source being "exposed" in a REBOL/SDK exe, I think the risk is small (REBOL uses a strong encryption technique), but even if someone does crack the source the author still has a number of advantages: [li]They have a production / test / QA process
[li]They experienced the evolution of the code, the cracker only has a point in time copy
[li]They usually have a "vision" for where they want / need to be
[li]They have an established user-base / distribution chain
These are tangible assets over and above the IP value of the source code, it is difficult to "steal" these things. |
|
|
|
|
Logged
|
|
|
|
|
Paul
|
I actually wrap the registration contents, a crc checksum, har drive volume number, and parts of the code in the key file which is encrypted. I at least want to make it very difficult for the crackers to get to my product. But what more I fear is that with the proliferation of trojan viruses and other viruses occurring more frequently that someone hacker will get their hands on a registered copy and post the software as warez along with a registered keyfile. Thats why the volume number part is important. I actually made some tools that do all this for me so I don't have to reinvent the wheel everytime.
Paul
|
|
|
|
|
Logged
|
|
|
|
|
|
Pages: [1]
|
|
|
 |
News: 01-09-08 Alpha version of REBOL 3 has been released!
2187 Posts in 576 Topics by 1615 Members
Latest Member: Uncellhoolf
|
