Safe Distribution: Mechanism Ideas


Scenario: I want to sell some of my programs to some poeple.

Problems: The programs would work on... any machine. An amature could copy it to his friend's computer.

What I need to do to fix this: I need some way to prevent the un-authorized distribution of my programs.

I've thought a lot about how I could do this, but the only standing solution I have been able to come up with involves using a batch file to retrieve windows product keys.


My solution involves using a batch file to retrieve the product key of a given windows OS. I would run a program on a 'client's' computer that would retrieve his product key for me. Once that is done, the program will check the product key of the computer it is running on. If the product key does not match, it will spit out an error, saying so.

I have some doubts, though, about this solution. I'm not sure if it is the best way to go about this.

It doesn't have to be solid, just enough to where you would have to be able to modify the program on the assembly level. Any suggestions? I'm not quite sure where to start, as this is unexplored territory for me.
_________________________________________________________________________
Fighting piracy is difficult. Hackers love to crack this stuff by their very nature. The more difficult you make it to pirate and/or the more creative you are... the more determined they will be to crack it, and the more vocal they'll be about their accomplishment once it's done.

I don't have a whole lot of experience in this area myself. But I can tell you a few things:

- Anything that runs in a batch file won't be very effective. Crackers know how to write batch files and it'd be painfully easy for them to dummy up a script to bypass anything you're doing in one. Even inlining batch commands from within the exe is no good, as that stuff shows up as plain text when you open the exe in a hex editor.

- Doing something like looking for a Windows product key will piss off your users. Many people have multiple machines that they might want the program to run on, and they don't want to buy a different copy for each machine. Not to mention people will "lose" their copy when they upgrade Windows.

- Probably the most effective way is to require communication with an external server which keeps tracks of how many copies of a specific key are running. This way the hacker has no access to the critical data (but obviously it still is not 100% fullproof). This comes with heavy downsides though.... such as requiring the user to have constant internet access, and also having the responsibility of keeping a server online (customers will get extremely pissed if they can't use your program because your server went down).

- If you just want to stop computer novices from passing a file around.... and not worry about medium-core hackers.... a simple registry key is probably enough to fool most people. You can just write an installer which puts the exe somewhere and write a registry key. Then the exe can check the registry to make sure the correct key is there. If people copy/paste the exe, they won't copy the registry key so the program won't work... the installer would have to be run (and that's where you can enforce that they have the key).

Of course it's very, very easy to dummy up registry keys if you know what they are. Most casual PC users are oblivious to them, though.
I thought about the registry, and I tried reading up on it, but it seems a bit complicated. Are there any helpful references?
Personally we generate a key that is specific to the machine and the user logged on and we license on a per-user basis. If the user needs more keys we can manually send them extra ones. This works fine, but the software we sell costs ~$5,000ec so it's not exactly a high volume product.

Per machine it's pretty easy to use the mac address of the primary network device, this allows them to reinstall it on that machine as many times as they like.
I have spent hours looking for a similar code, but I couldn't find one that worked for me and I was wondering if you were able to finish this, and if so, if you could give me some help with creating and checking for a registry key. Thanks in advance!

Topic archived. No new replies allowed.