Protecting Software from Pirates

Question

After reading numerous threads on Stack Overflow about how to protect software, I realized you can't. Thankfully my software is targetted at hosting businesses (not a lot of them at that) and a handful of consumers. I don't think the software will be popular enough that anyone is going to crack it, but I would like to protect it.

In one of the threads I found, it had a list of half decent options. I have decided I would like to go with "Simple registration with revokable keys, verified online frequently."

I figured since my application is a C# NET Console Application that will be ran through a management container, I can just issue keys for it. Perhaps do a MySQL Database and keep a list of keys that can only be used on one install, and another list of keys that can be used on X installs. My application will be ran with command line parameters at startup anyways, so adding one like "-key 29839X900AQ" or something will alleviate the need for them to have to really worry about it too much.

Does anyone know of any information/sites that offer help on setting something like this up?

Answer 1

One way to do this is to use a web service where you keep a list of all revoked/disabled licenses (maybe in a database). From your app, you will ping the service from time to time to see if the currently used license has been revoked. If so, the license validation fails.

If you can use a third party system, take a look at CryptoLicensing which supports this exact scenario via its "Notify License Service On Validation" license setting.

Disclaimer: I work at LogicNP Software, the developers of CryptoLicensing.

Answer 2

You can absolutely protect software and the threads that claim otherwise are in error. No one has cracked our system (when properly implemented) and we've had public contests to see if anyone can (disclaimer: I work for a software-protection company).

However, there are a zillion ways to approach this and there is no "free" system or software-only system that can't be cracked. Some, however, are strong enough that they will require a significant effort and unless your software appeals to a large market or costs a lot of $$ there will be little motivation for a cracker to put in the effort.

If I understand your proposed solution you will be vulnerable to people sharing keys. You can check to see if a single key always originates from the same IP address but that can be spoofed (to allow for illegal copying) or could potentially prevent legal customers from access.

Protection is like putting locks on the doors: more locks can conceivably keep out burglars, but it also makes it tougher for you to get in and out. And if there are too many locks it might just make the burglars look for a window to kick in. Since we do this for a living we have made a study of how people crack software and lots of times the protection schemes are easy to get around, just not in the way the original developer anticipated. The trick everyone wants to accomplish is to have the right strength to their protection without generating false negatives (blocking legitimate users falsely). Feel free to PM me if you need more help.