views:

70

answers:

5

Hi guys,

I have developed a small software. I want to provide and run it commercially only. I want it to be run in the machines who have purchased it from me.

If someone copies it from my clients computer and runs it in next computer, I would like to stop functioning/running the software.

What can be the ways to prevent the piracy of my software?

A: 

You can look at USB dongle

_simon_
He has developed a *small* software. Why vould he go in the trouble of providing a -very annoying for the user- dongle key with it?
nico
+1  A: 

In a nutshell: you can't.

Even very sofisticated systems (e.g. dongle keys) can be circumvented. I guess your best call is to give a code to your customers and have an online check for that code, so that it cannot be used twice.

Of course, that can be circumvented too but...

nico
+1  A: 

As nico said you really can't.

A simple solution might be to generate (registration/activation) codes that are based on hardware or software installed on the particular computer - eg video card serial id or c:/windows creation time.

Anton
+4  A: 

Adaption of one of my previous answers:

There are a few ways to "activate" copied software to try to stop casual copying of the application.

In the most simplistic case, a registration code ("CD key") purchased from you, possibly via your website, and it is sent to the user who enters it into the program or installer. The whole process can basically be done offline; the program itself locally determines that the code is valid or invalid.

This is nice and easy, but it extremely vulnerable to key sharing - since there's no "phoning home" then the application cannot know that thousands of different people are all using the same key that they got off the internet or a serial library or their friend. It's also reasonably easy to make "keygens" which generate valid-seeming keys that were never actually issued by the developers.

Then we get into online registration. You still have some kind of code, but the program will phone home back to the server to determine whether the code is valid and usually unique. This stops basic key sharing, because the company knows if too many people from all over the world are all using the same key. Perhaps there is some kind of identification involved using MAC address, too, with infinite registrations allowed on the same hardware but maybe a limited number on what appears to be a different computer.

This is still pretty easy and stops simple key sharing. People will actually have to get into cracking the software or faking the server response to get past it.

Sometimes the program itself is partially/mostly encrypted and is only decrypted by the online registration step. Depending on how well this is obfuscated then it can be pretty difficult and time consuming to crack. Bioshock was a high-profile example of this - debuting with a brand new encryption/copy protection scheme that took around two weeks from release to be broken.

Finally, a particularly guarded application might stay in constant contact with the server, refusing to work at all if the connection is severed.

If you know for sure that all your users will all have reliable internet connections then it can be considered quite a strong way to protect the app, at the cost of privacy and some user distrust of the spyware.

In this case to get around the activation they would need to fake the server itself. Steam emulators and private WoW servers are an example of this. And in the end, nothing is uncrackable.

Coxy
Thank you for _not_ saying it wasn't possible. Sure people can bypass activation, copy registration info and even crack an app but most people won't do this.
Chris Haas
A: 

The best way is to use some sort of hardware-locking in which your license code contains encrypted info about the machine on which it will run. Your software will then check for this info and match it with the current computer and if the match is successful, the license is deemed valid.

Sure, any scheme can be cracked by someone on the face of the planet, but that does not mean you shouldn't use a protection scheme.

If you are looking for a ready-made scheme for this, have a look at CryptoLicensing.

logicnp