Hello again. At this moment I am looking for theoretical solution, not a piece of code or something precisely. I will repeat: I'm not looking for a full proof solution because it doesn't exist. And I don't want to annoy my customers with a very complicated/unstable schema knowing that sooner or later it will/can be cracked. So, I want to keep my honest customers form becoming un-honest (as Robert said) not to offer to those crackers from India a real challenge. My application is not a chat client, free SMS tool or game but a tool for genetic research. So I hope no crackers will ever try to use my application in his computer.
I already made few functions that return me the hardware ID for few components of the computer. The main problem is -where to securely store the information -what I should do if the user change/upgrade the hardware -how to prevent/detect system time (windows clock) alteration -> this is related to first problem: where to store the information (the last good time). Checking the time from Internet doesn't seems a good solution. ------ Reformulating my question: -how to prevent my users to activate with one key 20 applications/computers? (the answer obvious should be: unique keys based on hardware ID) -how to prevent it from changing the system time, so it not will remain always in 30 days trial mode? This is also related to reinstalling Windows since it can be reinstalled in less than 2-4 minutes from an image (from DVD). -should I use an already made VCL? (the answer I think it is 'NO!) And one more question came in my mind after your first email: -should we protect our applications mainly against hackers or against users? (Yes, against both will be great but it seems that keeping the crackers away, also might keep the buyers away). -- > Who knows, maybe next year a > script kiddie with too much free time will write a "security" application > that would make identifying the "commercial grade" protection schema a snap! This is a good one. I am sure this will happen one day (very soon). Somebody should hire those damn kids or to give them more test at schol to keep them bussy. PS: when I corrected the spells in this email I've found that I wrote hacker instead cracker in several places. I apologies if in my previous emails I made the same spelling mistake. --- Cosmin Prund <[EMAIL PROTECTED]> wrote: > What I've sad is especially true for limited-market, not so popular > applications! If opening up your exe file with notepad provides the name of > the "protection schema" readily available, any Jon Doe user would be able to > crack your application using google! No more disassembling and no more real > cracking. Just plain matching your application's security method to a list > of known commercial "protection schemas"! Who knows, maybe next year a > script kiddie with too much free time will write a "security" application > that would make identifying the "commercial grade" protection schema a snap! > > If on the other hand you're interesting in keeping and improving your own > protection schema, just come up with specific questions. I'm sure lots of us > will follow the discussions. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:delphi-talk- > > [EMAIL PROTECTED] On Behalf Of Human > > Sent: Monday, April 03, 2006 4:50 PM > > To: Delphi-Talk Discussion List > > Subject: RE: What VCL do you use for protecting your application? > > > > Thanks allot for your indications. > > I already looked on cracking forums and web sites and the conclusions are > > pretty 'dark'. > > Those guys can crack anything. For example this guy was quite funny > > http://www.woodmann.com/fravia/compro2.htm. > > As I know, until now there is no application that poses a real challenge > > to those crackers. All > > applications were cracked sooner or latter. > > > > > > Anyway I am not interested in implementing a very powerful protection > > scheme since my software > > have a very limited marked so it won't be very popular like Winamp, > > Windows, Delphi, ACDSee. > > So there will be very little interest for crackers to crack my software. > > I just want a very flexible and STABLE solution. > > A solution which will allow me to generate unique keys, temporary keys, > > partially keys... > > > > The main problem for unique (hardware based) keys is: what will happen if > > the customer will > > upgrade his hardware. > > I should generate for him a new key. But the question is how often should > > I allow a customer to > > ask for a new key? > > I really need some opinions about this issue. > > > > > > > > > > > > > > > > --- Cosmin Prund <[EMAIL PROTECTED]> wrote: > > > > > Tip: > > > > > > Before you make your decision on a component for trialware-enabling your > > > application consider looking it up on "cracking" forums and P2P > > programs. > > > There might be a "generic crack" available for that component and that > > would > > > make cracking your programs very easy. > > > > > > Also be aware a crackers interest in cracking a given protection schema > > is > > > based on the popularity of the protected software. When you're sharing > > your > > > protection schema with many other applications you're automatically > > > increasing cracker interest in your application. > > > > > > If you're unlucky enough to select a "popular" protection schema with > > > available generic cracks, it will be worst then using your own code. > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:delphi-talk- > > > > [EMAIL PROTECTED] On Behalf Of Human > > > > Sent: Sunday, April 02, 2006 7:05 PM > > > > To: Delphi-Talk Discussion List > > > > Subject: What VCL do you use for protecting your application? > > > > > > > > Hello. > > > > I want to implement a protection for one of my programs to make it > > > > trialware. > > > > I used until now my own component but now I want to use a professional > > > > solution that allow me to > > > > generate unique keys based on hardware ID. > > > > > > > > I've tried TmxProtect but it is unstable and has almost no > > documentation > > > > (but is free). > > > > With a little improvement it will be the best VCL around. But until > > then I > > > > need something else. > > > > > > > > I also tried other VCLs but I've found only bad jokes. For example a > > VCL > > > > at 199$ which was weak > > > > then mine and had no hardware ID options. > > > > > > > > > > > > Any idea? > > > > > > > > > > > > If I choose Christianity then the Islamic will say I'm a pagan. > > > > If I choose Islamic then the Buddhism will say I'm a pagan. > > > > If I chose Buddhism then the Jewish will say I'm pagan. > > > > If I choose no God then everybody will say I'm pagan. > > > > Please, can I be free? Can you NOT tell me how I should live MY life? > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Tired of spam? Yahoo! Mail has the best spam protection around > > > > http://mail.yahoo.com > > > > __________________________________________________ > > > > Delphi-Talk mailing list -> [email protected] > > > > http://www.elists.org/mailman/listinfo/delphi-talk > > > > > > > > > > > > __________________________________________________ > > > Delphi-Talk mailing list -> [email protected] > > > http://www.elists.org/mailman/listinfo/delphi-talk > > > > > > > > > If I choose Christianity then the Islamic will say I'm a pagan. > > If I choose Islamic then the Buddhism will say I'm a pagan. > > If I chose Buddhism then the Jewish will say I'm pagan. > > If I choose no God then everybody will say I'm pagan. > > Please, can I be free? Can you NOT tell me how I should live MY life? > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > __________________________________________________ > > Delphi-Talk mailing list -> [email protected] > > http://www.elists.org/mailman/listinfo/delphi-talk > > > > __________________________________________________ > Delphi-Talk mailing list -> [email protected] > http://www.elists.org/mailman/listinfo/delphi-talk > If I choose Christianity then the Islamic will say I'm a pagan. If I choose Islamic then the Buddhism will say I'm a pagan. If I chose Buddhism then the Jewish will say I'm pagan. If I choose no God then everybody will say I'm pagan. Please, can I be free? Can you NOT tell me how I should live MY life? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Delphi-Talk mailing list -> [email protected] http://www.elists.org/mailman/listinfo/delphi-talk
