views:

435

answers:

6

I am thinking of implementing a good licensing mechanism that has a good resistance against piracy. The required mechanism should not use an internet connection at each and every time the software is used. I am thinking of a mechanism based on hardware IDs etc. Do you guys have any better suggestions? What are the parameters/algorithms/characteristics that I need to concern to make a hack proof license mechanism?

+1  A: 

Check this question: What copy protection technique do you use?

It also links to other related questions.

mouviciel
+1  A: 

First of all, nothing is hackproof, so i wouldn't spend too much time on protecting your software.

The downside of a mechanism based on hardware IDs is when a user buys a new computer or upgrades most of his computer he needs to update the key too. HWHash is a pretty good HardwareID implementation, but i guess there are more (free) solutions. At work we use Hardlock and Hasp keys, but these are usbkey solutions which are not very efficient for small applications.

corné
I like the hasp keys - have used them in the past - but I would say not very good for BIG applications... And by the by, these are also quite hackable, I've done it with not very much effort.
AviD
BTWm, hwhash.com link is obsolete.
Sorin Sbarnea
A: 

You can check out Microsoft's SLP - I haven't used it, but it definitely looks interesting (yknow, IF you're into MS stuff...)

One important point to note - no licensing mechanism will protect you from piracy, or even substantially reduce it. By definition, the licensing mechanism will be client-side - which is inherently breakable. Take a look at all what happened with DRM...

Your guideline should therefore be usability - the intent should be to use it as a general policy, the good guys will be comfortably limited to what they're supposed to be allowed to do, and the bad guys - well, the bad guys will get around your intent anyway, your best hope is to make it more work.

AviD
I would point out that this all applies to installed software. Online services (obviously not your intent) can enforce better limitations.
AviD
"no licensing mechanism will protect you from piracy, or even substantially reduce it" I disagree with this. In the most part a simple copy protection will go a long way to keeping honest people honest and can make quite a dent in casual copying. For example, large companies often make HD images with licensed software on and then failed to buy more licences each time the image was used. It wasn't that they wanted to pirate the software, just kind of did it accidentally. This kind of thing is quite easy to stop and you can make a substantial reduction in it.
Martin Brown
Martin, I agree - but I dont consider "casual copying" to be the dangerous kind of piracy that is usually being blocked... This is what I was saying about the good guys - you're right, licensing should be intended to keep the honest people honest, but it wont help much against the really bad guys.
AviD
A: 

Ideally you need something that is OS independent.

I would recommend that you embed the license protection within your code or wrap your application within it in such a way that it cannot be run without the copy protection code having run first.

It would be best if your application needs a license key file in order to operate and that this isn't generated locally.

One way of doing this is that your application generates some form of image code based upon the hardware on it's initial run. This is supplied to you and in return you supply the license key which will allow the code to run. Best to base the hardware image around CPU and motherboard as these will change the least often.

Your app. should check against hardware image and license key whenever it is run.

If you want your app. license time limited then it should also keep track of how long it has run and embed it within the license key file.

Don't forget to encrypt the license file.

Also don't forget to make it more difficult to reverse compile your executable by use of a dotfuscator or similar.

ChrisBD
A: 

I'd be very wary of published software protection mechanisms, as they are much more likely to have published hacks. You are probably better off using some of the techniques to get a unique persistent ID and use this to roll your own protection mechanism. I also think that it is a poor idea to simple check the license whenever you run the program, as this leads the hacker to the location of your proection mechanism. IMO, your are better checking the license in a more random fashion, and more than once per session.

FWIW, I use hardware locks (hasp) for my high end desktop software, and device ID based licensing on mobile solutions. If you are selling small quantities of high cost software in a vertical market, IMHO, a good license protection mechanism makes sense, and hardware dongles work well. My experience has been that people will use more licenses than they purchase if this is not in place. For high volume, low cost software, I'd tend to live with the piracy based on increasing the size of the user base and product visibility.

Shane MacLaughlin
A: 

One way is to use licenses which require a one-time activation. While activation, the software sends the local machine code to the license server and the server returns a corresponding machine-locked license. This scheme requires internet connection only once to activate the license. Such a scheme is used by CryptoLicensing which you can consider using for your software.

logicnp