software protection techniques

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I would like to add to a C++ application for Windows/Linux some basic
protection using an expiration date and a serial number. Where could I
find some reference on the web to avoid reinventing the wheel?


Re: software protection techniques

Quoted text here. Click to load it

If you're clear, that this never will be securely possible, it's very
easy to "reinvent".

Quoted text here. Click to load it
Norman Perry in c.s.f

Re: software protection techniques

I think the best solution for you would be EXECryptor

I know it as one of the today's strongest software
protection/licensing. Also they recently updated it to new version. So
if you're interested, have a look.


Re: software protection techniques

An implementation example:

An approach is to provide your users with a code that works only for
one particular machine. Basically you inspect the hardware for serial
numbers and unique numbers (like mac addresses) then build a "message"
from this information that can be used to generate/calculate a key
possibly using a cryptographic hash function. To implement the notion
of expiration you can include an expiration date in the message so that
the key gets valid for a given hardware and until a given date. Note
that most of the time you won't be able to calculate the expiration
date from the key (because of the properties of cryptographic hash
functions) - so either you should "guess" it by trying a range of
values of otherwise you'll need to store it somewhere.

Problems to address:

Reverse engineering. This might allow an attacker to a/ understand the
mechanisms of the protection and build a key generator, or b/ to remove
the protection. Against a/ you might want to use some programs to make
your executable difficult to reverse engineer - make a google search
for this. You might also want to implement your protection following a
logic that is difficult to follow (but don't underestimate the
motivation of an attacker). Against b/ you should make several calls to
the protection in different areas of the program and in different
manners. Probably, the best would be to implement some sort of
self-inspection, assuring the executable was not changed. But this
self-inspection part is subject to the same sort of attacks than the
protection itself.

In any case a regular communication with a server controlled by the
editor helps a lot.

Kind regards
Ludovic Joly

Site Timeline