Bmax Software protector - Coming Soon
BlitzMax Forums/BlitzMax Programming/Bmax Software protector - Coming Soon
| ||
| Hi Guys just want to get some feedback in your intrest in blizmax software protection module im currently in the process of writing. worklog here. http://www.blitzbasic.com/logs/userlog.php?user=71&log=1491 basicly this module will offer your bmx game/app anti crack protection from most tools used by the guys that write cracks for your software, also included is the feature to add time limited demos of your software. im planning on adding serial number generation using SHA1 secure hasing algorithm, sha1 algorithm is already wrote and being used for time limited demos. so you intested? i hope to have the module available soon. kev |
| ||
| so you intested? Dunno. Has it been tested? I'd be interested if it had been put up as a challenge for people to beat, and it hadn't been beaten. |
| ||
| People will beat anything, given enough time and determination. That said, if the price was competitive, and it was proven to be reasonably secure, who knows? I was toying with an online verification system - I'm just not really sure if its a valuable use of my time. |
| ||
| People will beat anything, given enough time and determination. That said, if the price was competitive, and it was proven to be reasonably secure, who knows? I was toying with an online verification system - I'm just not really sure if its a valuable use of my time. What GfK said... |
| ||
| Tough call really. People that crack, pirate software, don't buy software anyway. If you're software doesn't have a crack, chances are it ain't worth crackin. :) lol.. |
| ||
| Should be resasonable to make a module likes, and ppl will need it as it's cross-platform. |
| ||
| @Gabriel, when i wrote blitzlockit i released a .exe containing anti-crack code, there was no reports of it being hacked. once im happy i will do the same with this. @GfK and Seb, good point, though this will offer some protection. @MGE Developer not always, some people do it for fun. and to see if it can be done. ie they want there name on a crack. @yoko windows only, no cross-platform. kev |
| ||
| windows only, no cross-platform. Ouch, BUT, Windows is definitely the platform of choice for malware. I'm not sure about Mac, and linux users *tend* to go for the free version of everything as is the spirit of Linux. Thats not saying the Linux one won't sell, but it means software doesn't generally appear for download on p2p-style networks illegally, or, as often. |
| ||
| Shame it's Windows only. I need something for the Mac in a month or two. |
| ||
| @Kev, do your module then put a test up for people to mess with, TBH tho I think your time is also more valuable and could be spent doing something better, for example, even if you did come up with a nice system that gave a challenge to 50% of the crackers out there, it only takes one of them to nail the jmp calls and bypass your code. Failing that, all some one needs to do is buy the game and then just release it as a cracked/patched/reged exe with which ever files happen to be needed along with it. Iv noticed a trend that a lot of cracks these days are not actually cracks, but just copies of a registered exe or reg file. |
| ||
| Iv noticed a trend that a lot of cracks these days are not actually cracks, but just copies of a registered exe or reg file. This is an issue I hoped my online verification system would address. Each time the game is run on a system, it would 'phone home' and the IP address and reg key would be logged in a database. The same reg key being used from more than a couple of different IPs would be flagged as 'suspicious', and a notification e-mail sent to both me, and [possibly] the original purchaser of that key. From there I can disable a registration key or lock it to a single IP (with wildcard support for dynamic IPs), and any further attempts to use that key will result in the game being disabled. |
| ||
| Some ISP's DHCP reservation is configured to be a very short amount of time. You might find your clients IP addresses change as regularly as every hour, so beware... |
| ||
| This is why I would use wildcards since typically only the last two digits of the IP will change. Anyway, back on topic...... |
| ||
| This is why I would use wildcards since typically only the last two digits of the IP will change. The last three digits of my IP change on a regular basis. Sometimes as often as twice a day, though typically less often. |
| ||
| can happen on large ISPs with enough costumers. only 2 digit groups don't offer enough slots |
| ||
| Im not a great fan of online verification - there's been a few times where ive bought a product and when i come to try and install it without internet it wont run even though I am a fully paid and registered user. The other problem is if your verification server goes down, maybe in 10 years for example, all the software other people have purchased in the past has now become unusable, I still use some software I paid for 10 years ago and I would be annoyed if it suddenly stopped working because the company who made it cant afford to keep a server running! |
| ||
| This is an issue I hoped my online verification system would address. If you build something like this then ensure it's fail safe. What I'm suggesting is that the game should always run unless it gets a specific message from the server telling it that the key is invalid. You should build in other checks to ensure that people like me don't block your app through the firewall by default. |
| ||
| @GfK, i might look into online verification system but its something i did not plan on doing. i did code some ring0 code that grabs the hd serial number that the drives manufacturer has set. this could be used instead of the users ip address. or maybe use the MAC address. it does have possibilities but im unsure if i want to go that way, you never now. kev |
| ||
| i did code some ring0 code that grabs the hd serial number that the drives manufacturer has set. this could be used instead of the users ip address. or maybe use the MAC address. KISS - The biggest disti's use minimal protection, make it simple and easy for the client - complicate it and it will be counter productive. |
| ||
| I would not touch anything that run's ring0 and I am sure that I am not the only one, anything that has more control over my computer than me or the OS is an instant delete. |
| ||
| The biggest disti's use minimal protection That probably explains why everything from Reflexive and BFG is all over warez sites within minutes of release. I've reported loads since stampoutpiracy.com went live. |
| ||
| That probably explains why everything from Reflexive and BFG is all over warez sites within minutes of release. I've reported loads since stampoutpiracy.com went live. Others don't even need cracks. |
| ||
| or maybe use the MAC address. Which of the 3+? Never use something that potentially can change. For example MAC, the ID of the harddrive it is installed on (it might be an USB!) *use the Windows Drive ID instead* or other things that are not guaranteed to live long enough. Or stop pissing your costumers and think of something less troublesome than an online system bound verification system not working correctly *after 3 years of Realm Crafter, I have enough knowledge how pissed costumers feel ... we had enough problems as users ...* |
| ||
| Or stop pissing your costumers and think of something less troublesome than an online system bound verification system not working correctly *after 3 years of Realm Crafter, I have enough knowledge how pissed costumers feel ... we had enough problems as users ...* It'd be cool if you could express yourself without the profanities. Its not necessary. Or allowed. |
| ||
| I'm sorry for the used words. But thats what it actually is, stopping paying costumers from using the products while illegal users get rid of the protection system within minutes and do not need to contact the support twice+ per month to have their payed software working. At that point its hard for me to see why I should pay for software if any illegal user has less problem using it than I have. To me as paying costumer, this kind of protection is only 1 step away from star force, which is boycotted for good reasons. |
| ||
| I have to agree here. I know someone who can crack most things within a couple of hours. "Enter Serial Number:" is as far as i'd go to protect software. The way I see it, pirates/hackers will hack and pirate the software anyway they can, and won't pay anyway. It pisses me off when I pull out a game disk, try to play but realised i lost the case/book with serial number on. Thats when I become a pirate and grab one online. |
| ||
| @Dreamora Or stop pissing your costumers and think of something less troublesome than an online system bound verification system not working correctly *after 3 years of Realm Crafter, I have enough knowledge how pissed costumers feel ... we had enough problems as users ...* what customers? the hole point of this post was for feedback. granted thats what ive received. i have no intention of pissing anyone off. never mind possable customers. @Cygnus I have to agree here. I know someone who can crack most things within a couple of hours. then your contact should be one of the first to have a crack at my system. im not declaring this system as the best only as a means to protect what has taken you guys weeks/months to write. kev |
| ||
| Re: Windows Only...it should be the goal of any BlitzMax mod maker to ensure cross platform compatibility from the start. There have been a number of modules that have peeked my interest, but limiting the mod to one platform means I simply can't use it, and I'm sure many other devs who work on a Mac or Linux box agree. People like Brucey who put an emphasis on ensuring cross-platform compatibility really earn my greatest respect. Having said that, I would enjoy a software protection mod like this if I could count on cross-platform compatibility. I have argued in the past about how silly it is to try to fight piracy, but a simple built-in method of stopping the "casual copier" would be very nice. |
| ||
| ive been playing with incbin and self modifying code, see latest worklog. in the future im willing to look into cross platform protection, we shall see. I have argued in the past about how silly it is to try to fight piracy dont look at it as fighting piracy, but as a pain in the a*se to people that want to pirate your software. lets be honest if someone wants to crack your game\app then they will no matter how strong the protection. but having some protection is better than none. kev |
| ||
| then your contact should be one of the first to have a crack at my system. im not declaring this system as the best only as a means to protect what has taken you guys weeks/months to write. Years? XD I will ask if they will have a "crack" at it. :) |
| ||
| why is having some protection better than none? Software protection will always get defeated if the software it is protecting is worth having. I personally find license keys, code books, key disks and dongles a pain. I dislike having the cd in the drive to play a game just to verify you own it, after install the cd should not be needed and should be stored in the box, the only exception to this was when games used cd music or streamed fmv footage. Also online activation, what a palava if you don't have an internet connection. Just let the customer install the software and have done with it. People who pirate software, pirate software they are not interested in buying it. Those who don't will buy what they need no matter how much it is. Thats just my 2p worth. |
| ||
| why is having some protection better than none? Software protection will always get defeated if the software it is protecting is worth having. true crackers will, however take a shop for example we now that shop lifters steal from shops should not install cctv to make it more difficult? I personally find license keys, code books, key disks and dongles a pain. is license keys not a good way to manage customers? i do agree that the others are a little ott. I dislike having the cd in the drive to play a game just to verify you own it, after install the cd should not be needed and should be stored in the box, the only exception to this was when games used cd music or streamed fmv footage. i agree, i dont offer cd protection. Also online activation, what a palava if you don't have an internet connection. Just let the customer install the software and have done with it. online activation is not on offer, i did say i might look into this area of protection though. People who pirate software, pirate software they are not interested in buying it. Those who don't will buy what they need no matter how much it is. then as i also agree why not make it more difficult to pirate. |
| ||
| Serial keys aren't particularly useful from preventing games to be copied for single-player or LAN-gaming purposes, but for online games, which check for unique "real" serial keys, it can provide some incentive to actually buy the game. |
| ||
| Serial keys aren't particularly useful from preventing games to be copied for single-player or LAN-gaming purposes Not necesarily -- from a technical point of view it's trivial to do so. the game can compare checksums based on the serial, and if they match it won't talk to the other(s). No need to phone home to the manufacturer for that. It's just that locking it down at that level is likely to do more harm than good for its makers, so they don't seem to bother. |
| ||
| What I meant was, there are plenty of sites where you can get "genuine" keys that have been leaked or just generated serial keys, so that for a LAN game each computer can have an individual serial key. But for playing using an online service, which will check for duplicate or "bad" keys, you cannot use that method. |
   |