Re: custom licensing scheme

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: William DePalo [MVP VC++] (willd.no.spam_at_mvps.org)
Date: 09/06/04 

Date: Mon, 6 Sep 2004 16:19:45 -0400

"Patty O'Dors" <PattyODors@discussions.microsoft.com> wrote in message
news:A600BBFF-B27C-41E8-A160-4FE83E755602@microsoft.com...
> Well - OK. I see your point.
> But my point is that I'm not trying to be too ambitious. There's always
> going to be some people who haven't got a clue of how to disassemble and
> can't crack any program, and there's always going to be some who are
> expert
> at it, who can crack anything.

Yes, but the naive approach to the problem involves a solution along these
lines

    bool ok = IsThisCopyGoodToGo();

    if ( !ok )
     ExitProcess();

You can have a world class implementation of the license check but some 17
year old who can use a debugger will find the address in the code where he
simply set one bit in the EAX register and your application is his. The
commercial products spend as much time hiding the check and making it
difficult for the attacker who only has a standard debugger to have his way
as they do on the crypto.

> My aim is not to *prevent anybody* from
> cracking my program, but to make it likely that you'll have to disassemble
> in
> order to do it.

Well, unless and until operating systems provide this level of security no
solution will be absolutely perfect. The attacker has the upper hand because
he has your stuff.

> Since this is going to be largely a business application, I
> think the sort of developers that are going to be using this product are
> mainly people who are building in-house systems.

Businesses are the worst. I used to work for a huge multinational bank - one
in the top two or three in the US. Its settlement for using unlicensed
copies of a particular software publisher's product was so large it made the
nightlly news. What passes for ethical behavior in the financial commumity
on Wall Street is often literally criminal.

Regards,
Will

Relevant Pages

  • Re: custom licensing scheme
    ... > at it, who can crack anything. ... difficult for the attacker who only has a standard debugger to have his way ... The attacker has the upper hand because ... > mainly people who are building in-house systems. ...
    (microsoft.public.vc.atl)
  • Re: custom licensing scheme
    ... > at it, who can crack anything. ... difficult for the attacker who only has a standard debugger to have his way ... The attacker has the upper hand because ... > mainly people who are building in-house systems. ...
    (microsoft.public.vc.language)
  • Re: bin ich sehr krank?
    ... Eine Übersicht über alle erbrachten Leistungen wird ... einmal jährlich an die Versicherten verschickt. ... ihr tauschen. ... Das wäre auch in Deutschland eine sinnvolle Sache. ...
    (de.talk.tagesgeschehen)
  • Re: Change Administrator Password when expired
    ... You can use password policy in an attempt to force users to not use weak ... Password expiration is valuable in cases where an attacker needs ... attempt to brute force crack the user passwords. ...
    (microsoft.public.security)
  • Re: Code breakers beat security scheme of car locks, gas pumps
    ... it depends on the resources of the attacker. ... >> I'm not very worried if it takes ten thousand PCs a year to crack one car. ...
    (sci.physics)