I rolled my own. I was not about to put all that effort into developing the
app and have someone steal my work from under my nose.
For validating the license key, I would recommend some form of digital
signature rather than just a simple checksum. I used a checksum first time
around and it was quickly hacked. My current scheme also ties the key to the
machine it's installed on so that it can't be handed around, but it's probably
sufficient to prominently display the customer's name and email address on
startup and make it such that a key cannot be forged.
The other thing you have to do is to find some way to stop the hackers from
patching your app to bypass the check. Again, I use a DIY form of code
signature to protect the app as a whole and I then check that the signature is
valid from here, there and everywhere at run time to make it difficult for the
hackers to patch the code in just one place. There are still probably weak
spots but my software is not exactly expensive so I think it's adequate.
I originally used codesign to validate the integrity of the application but I
ran into some problems with it. Something (I have never figured out quite
what) occasionally adds or changes a file in my bundle after it has been
installed, thus rendering the code signature invalid. So I switched to my own
scheme where I calculate a digital signature for the critical files that make
up the app and store that in a separate file which I can check at runtime.
Again, this signature cannot be forged.
If you're hazy about the concepts behind public / private key encryption and
digital signatures, this might help (I have never been known for my modesty :)
http://www.codeproject.com/KB/security/EZRSA.aspx
As might be apparent, I have put quite a lot of work into this, but I don't
have anything in a form that can be packaged up and given away. Nor do I want
to do that, in fact, but I hope this at least gives you some ideas.
Not really a Cocoa question... Don't know where else you'd ask it though.
Paul Sanders.
http://www.alpinesoft.co.uk
----- Original Message -----
From: "Michael A. Crawford" <[email protected]>
To: <[email protected]>
Sent: Wednesday, February 24, 2010 9:54 PM
Subject: Looking for info on anti-piracy and trial-mode techniques for my app .
. .
I've purchased apps from other developers on this forum, which have mechanisms
for limiting functionality until a valid registration code has been provided.
I'd like to include this functionality in my own app but don't want to create
it from scratch if I don't have to. To that end, I'm looking for existing
libraries, techniques, blogs, and/or suggestions.
Thanks.
-Michael
_______________________________________________
Cocoa-dev mailing list ([email protected])
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to [email protected]
