Best way to protect my new commercial software.

F

farsheed

I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?
 
V

Virgil Dupras

I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?

Don't. This is a fight you already lost. Besides, people who crack
software are either students with no money or people who never buy
software. Students who crack your software today might be your
customers tomorrow. If your software is a real hassle to crack, they
will crack your competitor's app and use it. Wouldn't you rather have
them use your app? They might be talking about it to their friends.
 
F

farsheed

Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.
 
V

Virgil Dupras

Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.

Oh, then sorry, I never gave much thought to it. If you're not afraid
of legal troubles, you could have it silently phone home so you can
know how many apps are in use at any moment. Given the scale of your
app, it should be feasible for you to simply contact users who didn't
pay and kindly ask them to pay.

The fact that pyc files are so easily de-compiled makes app protection
pretty hard...
 
P

Paul Boddie

Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
Understood.

It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people. indeed this is an animation manging tool I wrote for my
company. So if you have any idea that what is the best way to do it,
I'll appreciate that.

I'll state my agreement with the opinion usually given when these
kinds of questions are asked: that determined people will find a way
to run software if that software is distributed, and running software
as a service is probably the only reliable way of concealing your
code. If your code is in-house, there might be numerous dependencies
on in-house services that would make the code useless to an outsider,
and you could consider exploiting this aspect of your software.

See this recent thread on this subject:

http://groups.google.com/group/comp.lang.python/browse_frm/thread/d00c8926c0da7df0

This is very much a frequently asked question (the last thread
appeared about three days ago), so I've tidied up a Python Wiki page
dealing with this topic:

http://wiki.python.org/moin/HowDoYouProtectSource

I trust this provides some answers.

Paul
 
M

Marc 'BlackJack' Rintsch

Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.

Then make it as ugly and unusable as you can. Spend the time you planned
for writing documentation for this task. ;-)

Ciao,
Marc 'BlackJack' Rintsch
 
T

Tim Chase

So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered. Despite what various protection
companies would have folks believe. At some point, the user's
CPU has to execute the code, and at that point, it can be
intercepted, unwound, and intercepted.

The *only* way to prevent people from reverse engineering your
code (until quantum computing becomes a household standard) is to
never give your code to them. Keep it on your servers and only
allow users to access your service, not your code.

Or, you could just trust your customers to adhere to your
licensing terms (with this little thing called "the law" to back
you up, as long as your licensing terms are legal). Then just
distribute your software and spend your energies making a better
product rather than chasing a quixotic dream of protection.

Customers prefer not to be treated as criminals.

-tkc
 
C

Carl Banks

You cannot distribute any program with the expectation that it
cannot be reverse engineered.
[snip]


From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?


Carl Banks
 
B

BlueBird

I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?

I used SoftwarePassport ( http://www.siliconrealms.com/ ) for exactly
this.

I have found it to be very complete, with many possible scheme: trial
period, multiple licence schemes, lock on hardware, moveable
installation, ...

Although it will not stop a highly dedicated hacker, it will raise the
barrier very high for breaking the protected software. A few of the
memory protection were incompatible with py2exe, so you need to
carefully test your program. But for me, it was a breeze to setup and
use.
 
T

Tim Chase

So, are there any ways to make it "harder" to reverse engineer a

In addition to the standby of

-Don't distribute your program (SaaS)

I'll add to the list:

-Only distribute your program to people too non-technical to
consider reverse-engineering

-Don't document your program (or even better, *mis*document your
program)

-Write Lovecraftian code ("import goto" comes to mind) designed
to make reverse-engineers go insane trying to figure out what you
were thinking

-In your Python, drop to in-line assembly language "for
business-logic optimization". Only targeting specific models of
obscure processor architectures helps minimize your audience.

-Write software that does nothing of interest/value/use

Just a couple ideas to get an enterprising young coder off on the
right track ;)

-tkc
 
K

kyosohma

In addition to the standby of

-Don't distribute your program (SaaS)

I'll add to the list:

-Only distribute your program to people too non-technical to
consider reverse-engineering

-Don't document your program (or even better, *mis*document your
program)

-Write Lovecraftian code ("import goto" comes to mind) designed
to make reverse-engineers go insane trying to figure out what you
were thinking

-In your Python, drop to in-line assembly language "for
business-logic optimization". Only targeting specific models of
obscure processor architectures helps minimize your audience.

-Write software that does nothing of interest/value/use

Just a couple ideas to get an enterprising young coder off on the
right track ;)

-tkc

Don't forget pyobfuscate:

http://www.lysator.liu.se/~astrand/projects/pyobfuscate/
http://bitboost.com/

Fun to play with...although not necessarily much more "secure".

Mike
 
C

Chris Mellon

So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered. [snip]


From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?

Just telling them you did is at least as effective as anything else.
Anyone who knows enough to know that you're lying knows why it's
impossible.
 
G

Grant Edwards

So you say there is not any trusted way?

You cannot distribute any program with the expectation that it
cannot be reverse engineered. [snip]


From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof". So
any attempt to convince the OP may be aimed at the wrong person.

Misguided as they are, sometimes you have to placate these people.
So, are there any ways to make it "harder" to reverse engineer a
program?

Just telling them you did is at least as effective as anything else.
Anyone who knows enough to know that you're lying knows why it's
impossible.

If you're distributing source code, run it through pyobfuscate
and call it done. Otherwise, just use py2exe or something
similar to bundle it up. Both are pretty ineffective at
preventing reverse engineering. But so's everything else. If
none of the options really work, then you might as well pick an
ineffective one that's cheap and easy.
 
G

greg

farsheed said:
It is some kind of in house tool and I want to copy protect it. this
is very complicated tool and not useful for
many people.

So there will be very few people with any incentive to
steal it, and even less if it's not distributed to the
public.
 
G

greg

Carl said:
From the OP's post, it seemed likely to me that the OP was asked by a
misguided management to make sure it was "reverse-engineer-proof".

In that case, just package it with py2exe and tell him
it's done. The misguided management won't know any better.
 
G

greg

Tim said:
-Write Lovecraftian code ("import goto" comes to mind) designed
to make reverse-engineers go insane trying to figure out what you
were thinking

The problem with that is it makes it hard for *you* to
figure out what you were thinking...
 
S

sturlamolden

I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?

I wrote this in another thread,

1. Put all the compiled Python bytecode in a heavily encrypted binary
file. Consider using a hardware hash in the key.

2. Program a small binary executable (.exe file) in C or C++ that:

2a. Reads the binary file.

2b. Decrypts it to conventional Python byte code.

2c. Embeds a Python interpreter.

2d. Executes the bytecode with the embedded Python interpreter.

3. Protect the executable with a licence manager such as Flexlm or
SoftwarePassport.

I will not make reverse engineering impossible, but it will be
extremely difficult.

As noted, the only completely safe solution is to provide a web
application instead of distributing your program.
 
T

Tim Chase

greg said:
The problem with that is it makes it hard for *you* to
figure out what you were thinking...

Psst...other than the Saas answer, they were *all* really bad
ideas :) Sorry if my jesting came across as actually serious.

-tkc
 
S

Steven D'Aprano

The problem with that is it makes it hard for *you* to figure out what
you were thinking...

Why is this a problem? The more time the Original Poster spends
struggling to maintain his copy-protected in-house software that nobody
else wants, the less time he will have to go out and cause mischief by
writing something useful and copy-protecting it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top