On 1/12/2015 7:30 PM, Gleb Dolgich wrote:
This is a fight you cannot win, so don't waste your time. A dedicated cracker will bypass any protection. I use minimal obfuscation and asymmetric key generation, and that's it.Gleb
I haven't been following this thread closely, but I do wish to respond to Gleb's comment in hope that it finds relevance.
Over the last 25+ years I've purchased more than $100k worth of personal software[1][2], and nothing perturbs me more than copy-protection and license keys [3]. When such things become sufficiently annoying, I spend the time to remove the annoyance. I have successfully done this with dozens of software products, regardless of the type of method used, either software or hardware (dongle) support. The two most difficult methods [4] to overcome involve encryption of run-time code when combined with compression, and a high-quality dongle with encryption when used properly [5][6]. If you aren't using either of those methods (and properly) you probably aren't going to stop piracy. Even if you do use one of those methods properly, you might stop a younger me [7] from removing the protections, but there are certainly people out there more determined [8] than me who will succeed.
Experience has taught me that copy protection and license keys almost never prevent software piracy, except where the cost of ownership is so low that defeating the protection isn't worth the effort. I don't mean to discourage anyone, but no matter how clever you think your method may be there is certainly someone more clever than you.
Paul[1] Yes, I am a moron, especially considering that the bulk of it was utter crap or obsolete in time units easily counted in months. [2] Including contributions to open-source projects, and individual software programmers who asked for such. [3] Please don't flame me for disliking copy protection. I understand all the reasons, but I don't have to like it. [4] Based on my experience. If there are other more effective methods, I haven't run into them. [5] Note that I have never failed; but experience has taught me where *I* would give up. [6] Fortunately for me, all the adopters of dongles that I've encountered have either used inferior products, or didn't use them properly. [7] The older me has given up; life is too short with more satisfying pleasures.
[8] Determined, intelligent, or lucky.[Bonus] For those who have read this far: Many moons ago I worked as a consultant at a Savings and Loan. The special projects manager there had his staff using a 4GL software product (never mind which one) that required a key disk (floppy) be inserted to use the product. One day the manager remarked how problematic the key disk was, always getting lost, or sometimes failing to read properly. I told him it was no problem, I would remove the requirement. It took me nearly 40 hours (much longer than I had anticipated), but I succeeded, despite heavy encryption being used throughout all the modules comprising the product. A month or so later the salesman from the vendor was talking to the manager about feature requests — as luck would have it I was present — when he happened to notice that one of the staff sat down at her desk, fired up the product without the key disk and began working. The salesman stopped in mid-sentence, and remarked, "I just noticed you have no key disk inserted." The special projects manager told him his people removed that requirement. The salesman was dumbfounded. All he could keep saying was, "That's impossible! That's impossible!"
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
