Best way to protect my new commercial software.

[Ben Finney]

Why is this a problem? The more time the Original Poster spends
struggling to maintain his copy-protected in-house software that
nobody else wants, the less time he will have to go out and cause
mischief by writing something useful and copy-protecting it.

s/copy-protect/copy-restrict/g

 

[Florian Diesch]

Thanks. But I ask this question technically, I mean I know nothing is
uncrackable and popular softwares are not well protected. But my
software is not that type and I don't want this specific software
popular.
It is some kind of in house tool and I want to copy protect it.

Insert some code that tests for something that's special in your
company's environment.

In a networked environment create a simple license server, e.g. one that
uses asymmetric encryption to encrypt incoming data and sends it back to
the client. Your program then send some random data to the server and
decrypts the answer using the server's public key.


Of course that just protects against someone just taking away a copy but
not against reverse engineering.



Florian

 

[farsheed]

Thank you all. I explain what I did to do it. Very simple but what I
want:

I find the host id of system (using ipconfig) and create a hash code
based on it.(some math, md5 and functions).
the code for licensing is about 15 lines and is very fast. I needed 20
licenses and I wrote a keygen for myself.

Thank you all.

 

[Ben Finney]

the code for licensing is about 15 lines and is very fast. I needed
20 licenses and I wrote a keygen for myself.

Given that you still haven't explained what threat in particular
you're securing against, I wonder whether "very fast" is the only
criterion. In which case, 0 lines of code would probably be even
faster.

 

[farsheed]

Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing.
and really we havn't time to copyright it. so I want to secure my
software from some people who love to steal and use it. I am an
animator and 3d programmer, what I wrote is some fast technology for
calculating sub surface lightning (SSS) using mental ray and
renderman. indded this tool works with maya and 3delight and mental
ray standalone. very complicated process and took me tree months to
wrote it. I am not a python pro, I know C++, maya Api, mel,... but I
use python because it is really faster than all of them. hope you
understand why I want to protect it, even if it will slower.

 

[Wolfgang Draxinger]

I wrote this in another thread,

And here the HOWTO for the crack:

1. Put all the compiled Python bytecode in a heavily encrypted
binary file. Consider using a hardware hash in the key.

Find the part in the binary where the encrypted bytecode is read,
start the binary in a VM to which a debugger is attached (can't
be detected, as it's in a VM) and put a watchpoint for any
access on the encrypted binary.

2. Program a small binary executable (.exe file) in C or C++
that:

2a. Reads the binary file.

Debugger intercepts it.

2b. Decrypts it to conventional Python byte code.

Record where the decoder puts the decrypted bytecode in memory.

2c. Embeds a Python interpreter.

Replace the call of the Python interpreter with a small shellcode
that writes the decrypted code to a file.

2d. Executes the bytecode with the embedded Python
interpreter.

Execute that file with the standalone interpreter.

I will not make reverse engineering impossible, but it will be
extremely difficult.

No. It's just a matter of reading the decrypted bytecode from
memory. Since Python bytecode is independent from any containing
file, it's very hard to test if a certain bytecode runs from a
valid or cracked container.

Any sort of bytecode will sooner or later run through some
interpreter, where it can be ultimately tapped. And unlike some
CPU binary a bytecode also delivers all information to
deobfuscate it. So even self modifying code doesn't help here.

Wolfgang Draxinger

 

[Paul Boddie]

Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing. and really we havn't time to copyright it.

I don't think it's particularly productive to continue this
discussion, given that you're obviously in a situation where you don't
have a great deal of flexibility, but I think you and/or your CEO
might benefit from listening to the PyCon 2007 talk "The Absolute
Minimum an Open Source Developer Must Know About Intellectual
Property" [1]. The speaker misrepresents the FSF somewhat in stating
that they don't believe in property (or some similar phrasing - I
don't recall the exact choice of words), but aside from this the talk
is rather well delivered, with the basic definitions of the different
legal instruments described in an approachable fashion.

so I want to secure my software from some people who love to steal and use it.

It sounds like your CEO has issues with the people he/she employs,
first and foremost.

Paul

[1] Slides available here:
http://us.pycon.org/zope/talks/2007/sat/track4/053/talkDetails2
Audio available from here:
http://pycon.blogspot.com/2007/11/pycon-2007-podcast.html

 

[Grant Edwards]

Let me be clear for you: there are someone in my company who
love to use my software in other companies that she works
there also. and because it is an inhouse tool, my CEO wanted
me to protect it from stealing. and really we havn't time to
copyright it.

Uh what? I don't know what country you're in, but in the US,
it doesn't take any time at all to copyright something. The
mere act of writing something copyrights it. I thought it was
the same in Europe as well.

 

[tinnews]

Uh what? I don't know what country you're in, but in the US,
it doesn't take any time at all to copyright something. The
mere act of writing something copyrights it. I thought it was
the same in Europe as well.

It is, you don't have to do anything to copyright something apart from
creating it to start with.

 

[Ben Finney]

Let me be clear for you: there are someone in my company who love to
use my software in other companies that she works there also. and
because it is an inhouse tool, my CEO wanted me to protect it from
stealing.

If the person is that untrustworthy, yet already has access *inside*
the company, then any technical solution will be ineffective until the
social issues are dealt with.

 

[sturlamolden]

No. It's just a matter of reading the decrypted bytecode from
memory.

Ok, let med rephrase that: It may not be difficult to you. But the
average user will be incapable of doing it. I don't think it will be
possible to copy-protect any program against someone with your level
of competence. Neither computer programming nor this kind of reverse
engineering are common skills. But most users of computers are capable
of copying a program to a USB-stick and use the program somewhere
else.

 

[Jan Claeys]

Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:

Uh what? I don't know what country you're in, but in the US, it doesn't
take any time at all to copyright something. The mere act of writing
something copyrights it. I thought it was the same in Europe as well.

No, it's only copyrighted when you _publish_ it.

 

[Piet van Oostrum]

JC> Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:

JC> No, it's only copyrighted when you _publish_ it.

Not here in the Netherlands. It is `the exclusive right of the maker of a
work to publish or copy the work' (loose translation of the introduction of
the law). Otherwise someone else could publish it if he got hold of it in
some legitimate way.

 

[Preston Landers]

Jan Claeys([email protected])@2007.12.18 12:06:08 +0000:

Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:


No, it's only copyrighted when you _publish_ it.

If we're still talking about US law here you are incorrect.

http://www.copyright.gov/help/faq/faq-general.html#mywork

Quoting:

* When is my work protected?

Your work is under copyright protection the moment it is created and
fixed in a tangible form that it is perceptible either directly or
with the aid of a machine or device.

* Do I have to register with your office to be protected?

No. In general, registration is voluntary. Copyright exists from the
moment the work is created. You will have to register, however, if you
wish to bring a lawsuit for infringement of a U.S. work. See Circular
1, Copyright Basics, section 'Copyright Registration.'

 

[Grant Edwards]

Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:


No, it's only copyrighted when you _publish_ it.

Interesting. So, in Europe, if somebody steals something you
wrote before you get it published, they're free to do with it
as they please?

I'm glad it doesn't work that way here in the US. Over here,
something is copyrighted as soon as it's written (actually I
think the phrase is "fixed in a medium" or something like
that).

 

[Jon Ribbens]

Interesting. So, in Europe, if somebody steals something you
wrote before you get it published, they're free to do with it
as they please?

No, I believe the above comment is false. The Berne Convention of 1887
makes copyright automatic as soon as a work is written or recorded.
Thus, most of Europe has had automatic copyright for a very long time,
and all of it does now.

 

[tinnews]

Op Fri, 14 Dec 2007 16:54:35 +0000, schreef Grant Edwards:


No, it's only copyrighted when you _publish_ it.

Which basically means letting anyone else see it, i.e. sending as an
E-Mail, posting on Usenet, etc.

 

[Steven D'Aprano]

Interesting. So, in Europe, if somebody steals something you wrote
before you get it published, they're free to do with it as they please?

Please do not conflate theft and copyright infringement, or theft and
plagiarism. They are very different concepts, and confusing them does not
help.

I'm glad it doesn't work that way here in the US. Over here, something
is copyrighted as soon as it's written (actually I think the phrase is
"fixed in a medium" or something like that).

I'm not glad at all. The Change from an "everything is uncopyrighted
unless explicitly copyrighted" model to a "everything is copyrighted
unless explicitly exempted" model was only one of many deleterious
changes to copyright law over the last half century or so.

It means the merest throw-away scribble on a napkin has equal protection
to the opus an author slaved over for thirty years (although in fairness
you are unlikely to win a copyright case over the words "Meet me at the
bar" scribbled on a napkin then tossed in a rubbish bin... *wink*). It
means that there is a serious problem of "orphan works", where rare and
valuable films from the 1920s and earlier are rapidly decaying into an
unusable powder because nobody dares copy them lest the unknown copyright
owners descend like vultures and sue you for copyright infringement
*after* you've done the hard work of restoring our cultural heritage.

(Although the orphan works problem is at least equally as much a problem
of excessively long copyrights as it is to do with automatic copyright.)

I dare say that European countries which have had automatic copyright
longer than the US have seen far more of their national heritage (early
film, photographs and the like) rot away.

Discussions of copyright so often focus on protecting the author's
privileges and ignore the opportunity costs of locking up works. When
works needed to be explicitly copyrighted, something of the order of just
ONE PERCENT of authors bothered to copyright their published works -- and
just one percent of them bothered to renew it for a second 14 year term.
That gives you an idea of how valuable copyright really is. For every
Mickey Mouse, there are 100,000 or more works that don't have enough
economic value to the creator to bother protecting -- but they're part of
our cultural heritage, and maybe somebody else could build on top of it,
like Disney built their empire on other folks' uncopyrighted stories and
ideas. Even Mickey Mouse himself got his start in a derivative work of
Buster Keaton's Steamboat Bill Jr.

This newsgroup is a perfect example of the fraud that is the idea of
copyright. Every single post sent to the newsgroup is copyrighted, and
yet they invariable have no economic value to the author. If they have
any economic value, it is to the readers -- but they don't pay for it,
and we authors don't ask for payment. In principle, anyone who forwards
on something they read here, or uses a code snippet in their own work, is
infringing copyright. We don't need copyright to encourage us to create
works of this nature, and in fact this newsgroup can only exist by
pretending copyright doesn't exist -- there are informal conventions that
unless somebody explicitly states otherwise, any reader can forward on
posts, copy and reuse code, and so forth.

(Disclaimer: for the avoidance of all doubt, I'm not suggesting that ALL
creative works should be uncopyrighted, or that no creative works benefit
from the encouragement of copyright.)

 

[Grant Edwards]

Please do not conflate theft and copyright infringement, or theft and
plagiarism.

I wasn't. If I write something down and somebody steals that
paper, that's theft.

They are very different concepts, and confusing them does not
help.

Sorry if I was unclear. The "stealing" was of the medium
containing the authored work.

 

[Paul Boddie]

I dare say that European countries which have had automatic copyright
longer than the US have seen far more of their national heritage (early
film, photographs and the like) rot away.

Indeed. One of the most famous and ridiculous cases is that of the
Domesday Project: a nationwide survey of Britain in the spirit of the
Domesday Book (which was 900 years old at the time of the endeavour),
where the newly gathered, late twentieth century information was in
danger of becoming unrecoverable due to the scarcity of parts for, and
knowledge about, the technology employed (now just over 20 years old).
This site provides an overview of the recovery process and information
about the history of the project:

http://www.si.umich.edu/CAMILEON/domesday/domesday.html

Although other technical discussions and perspectives have been
published about the project [1,2], the most pertinent issue to this
particular discussion is mentioned here:

"Many different copyright owners contributed a range of different
types of data to the Domesday Project for inclusion on the discs.
Unfortunately it is unclear as to exactly who contributed and under
what circumstances the data in question can be used."

http://www.si.umich.edu/CAMILEON/domesday/ipr.html

In many ways, those acting to preserve the contents of the Domesday
Project were able to act with some pretty large organisations watching
their backs. Others may not be as fortunate, as was pointed out.

Paul

P.S. Steven's post is indeed highly informative reading for those
willing to consider more thoroughly the nature and impact of
copyright.

[1] http://www.atsf.co.uk/dottext/domesday.html
[2] http://www.ariadne.ac.uk/issue36/tna/