I have written a program in C++ that I would like to license and have the code protected and would like to have the ability to have it licensed.
I hope this topic hasn't been beaten to death yet, but what are the best ways people have done so?
Ideally I would like something that protects the code from reverse engineering and "calls home" to (1) check the license and (2) checks the "integrity" of the code to see if it is modified.
Obviously every solution can be broken (or there won't be cracks online :) ) but I am wondering what is the best solution from people's experiences.
The best protection is a custom protection, those well known protections are more widely cracked and have various scripts to unpack them which makes it easier for script kiddies to unpack them and rebuild their Imports.
There are so many software protections out there, Themida, ASProtect, Armadillo and many others that use many methods like stolen code, encryption and debugger detection.. all these have been broken and generic un-packers made available.
You will never prevent a peace of software from being reversed and cracked, that's the reality of it, if they want to get it they will. Companies invest millions on security and protection systems yet you find them reversed and patched, and available on the internet.
Sadly that's the reality, you just have to make life hard(er) for them :)
Thanks; I'll have to look into that then. I know a cracker will be made for the product in due time, I was just trying to ,as you said, make life harder for them.
If you are writing some protection code (i.e. a function to phone home) make it inline, that way it has several checks - makes your exe a little bigger but a little more protected. Its far easier to patch 1 function being called by multiple places than multiple places having phone home code (easier to miss one).
Also have your phone home code not consistent, i.e. don't have it always checking when you open the program, have it do it at random intervals as this makes it harder for reverser's to trace, same with checksum checks.
Having phone home code adds to your expense, i.e. you need a home for your code to phone (server).
I am a ex (retired) reverser and was a member of a well known hacking group that released games and apps on the Amiga and PC. To cut a long story short I grew up and realised how much it was hurting the developers and quit - sadly the group and many others still exist.
I do still reverse for self enjoyment (and to train the brain) but I don't release those that I reverse - its not so much the target I am interested in but the protection - I still love the challenge :)
Its probably sad to say that I get excited when I hear of a new version of a protection, or a protection where the vendor claims its unbreakable - that's the worst thing to say to any reverser.