26 replies to this topic

[CommittedC0der]

I know piracy is a big issue but I had an idea to try and stop it.

Basically I'd be using it in my app's made in C#.

When the user decides to upgrade the free version of the software a random 10 digit alpha-numeric string is created. Its then sent to my site and stored(mySQL database?) Once the payment is done a randomly generated url is created to download the full version. When you navigate to the URL the random code in the application is compared against the code stored in the database. If they match download precedes and the code is erased from the database, if not, download is canceled.

I image this has already been done by someone, but I dont know what it would be called. Also is it easy to crack?

Thanks ~ Committed. :)

[Vaielab]

This could help, but what if someone don't have internet on this particular computer.
Or the user format his computer, will have to repay you twice?
Or he have multiple virtual machine?

Once the user have downloaded the full version, what will stop them to share it with his friends?
And if you are using c#, their always the possibility to simply decompile your code, remove some code, and recompile, and we have a full free version.

But seriously, I think your idea is pretty good, this will probably slow piracy, but stop piracy I don't think this is possible.

[Alexander]

It is common when buying softwares online via merchant (i.e. Paypal) services, that you will get a unique download link of which expires once you have purchased the item. It does not stop them from copying the download everywhere as the Vaielab has stated.

You can however tailor each software to only run on the computer of which has generated the specific identification code (much like hardware ID restrictions do) to prevent copying of the software.

Further, you can download the pirated copy yourself and view (through your own means) the ID code and find the original buyer.

[WingedPanther]

I would flag the item as downloaded, or perhaps allow up to 3 downloads (in case something munges up on the first one). As others said, copy after download is the real issue.

Also, note that there are plenty of tools out there to monitor which registry keys/files your program accesses. Storing a key doesn't hide it from the people who want to disable your security.

[CommittedC0der]

Hmm. To prevent the user from getting the paid version, the unique URL's which expire after X amount of time would work perfect.

Preventing the spread is the hard part. Lets say it is flagged as purchased like WP said. This allows the .exe to be installed 3 times, but to prevent people from taking out the 3 time limit the source is encrypted. Im pretty sure this is common right? You shouldn't be able to crack and encryption if its key(or whatever) is randomly generated before the program is even put out for download could you?

I dont know alot about encryption and stuff, so thanks for the help ~ Committed. :)

[RhetoricalRuvim]

I actually thought of something right now. I don't know if this is the best idea, but maybe you could make the download servers generate and include the product key for that specific customer inside the .exe file, so that that particular .exe file will only run with the product key for that customer. That way they can still install the program without having internet connection.

Though I wonder if using assembly language can help with the security and difficulty to crack.

[bbqroast]

Personally I would have the user purchase the program, when he does a couple of licenses would be placed under his account name. Then its just a matter of logging on through the program which checks if a license for that program exists, then downloads the full version (at this point the user will need to login again, once it has done that it destroys the license) which locks itself to the users hardware.

If you release regular updates its always good to make sure the user is logged in before the server releases them (this is where notch went wrong) that way pirated copies will need manual updation.

Alexanders idea to download the pirated copy yourself to find the original buyer is good.
If people pirate your software then you should consider the pricing, generally if adults who have the ability to easily buy the program pirate it then your price may need reconsidering (non-adults commonly find online purchases a hassle).

[JOSourcing]

Has the practice of binding software to a user's hard drive proved useless?

[WingedPanther]

JOSourcing said:

Has the practice of binding software to a user's hard drive proved useless?

How do you bind software to the hard drive of a VM? In all seriousness, there are a lot of techniques to stop piracy that just aren't very good ideas. Remember the furor over Sony's rootkit to protect a game?

[RhetoricalRuvim]

There are good and bad ways of postponing things like piracy, but piracy would probably happen sooner or later.

Maybe if you can figure out a way to slow down piracy enough that it wouldn't be very useful by the time the pirates get to it?

[CommittedC0der]

I honestly dont think piracy will be a big problem for me( I plan to sell apps < $10) but i still want to keep them from just being downloaded freely. I dont really like binding software to a users HD, i mean what if they want to install on more then one computer, or what if the HD crashes?

Will this not work?

Quote

Lets say it is flagged as purchased like WP said. This allows the .exe to be installed 3 times, but to prevent people from taking out the 3 time limit, the source(or .exe?) is encrypted. Im pretty sure this is common right? You shouldn't be able to crack the encryption if its encrypted based on a key that's randomly generated before the program is even put out for download could you?

~ Committed.

[Alexander]

Quote

This allows the .exe to be installed 3 times

I do not believe so, the executable will have no clue if it has been installed previously, or that someone else had installed it thrice prior. It will only stop more than three downloads, not more than three copies.

Quote

You shouldn't be able to crack the encryption if its encrypted based on a key that's randomly generated before the program is even put out for download could you?

I am unsure of where the download check ties in to the executable, however: The issue is eventually the executable will need to be decrypted to run - and it is then useless.