Re: Trying to build a copy protection system

Discussion in 'C++' started by Lynn McGuire, Aug 9, 2012.

  1. Lynn McGuire

    Lynn McGuire Guest

    On 8/8/2012 3:10 PM, jeff wrote:
    > I am trying to build a copy protection system where the user authenticates to my server and the server sends a decryption key. Then
    > without writing the key to the hard drive I want to load an encrypted executable in memory, decrypt it, leaving the decrypted form in
    > memory and run the executable from there.
    >
    > I cannot have the decrypted executable or the key ever written to the hard drive because it is too easy for someone to get it from
    > there. I have the encryption and decryption working, I still need to get the authentication system working which will probably be
    > RADIUS since I do not know anything else that would work because the authentication is not custom built so I have either HTTP
    > authentication or RADIUS authentication. The RADIUS should be easy to setup I found several libraries that have that I just have not
    > gotten them to authenticate properly yet. The biggest thing is being able to run the executable from memory.
    >
    > Does anyone have any idea what to do for this? Any code examples to get me started?


    No but I would advise using zlib ( http://zlib.net/ ),
    a cross platform compression / decompression open
    source utility for your encryption / decryption.

    I have built a DRM system for our software package
    and it has been cracked many times in the last
    couple of decades. We use a digital signature
    (sometimes the hard drive signature:
    http://www.winsim.com/diskid32/diskid32.html )
    and password system.

    The problem is that locks are to tell honest
    people where the limits are. If everyone was
    honest then we software developers could use a
    very simplistic serial number or password system.
    Unfortunately, we have to design our software
    distribution systems to limit the amount of
    damage that the dishonest people can do. Just
    cracking your software is bad enough, there are
    actually people who will repackage software with
    viruses inside it (been there, done that).

    Lynn
    Lynn McGuire, Aug 9, 2012
    #1
    1. Advertising

  2. Lynn McGuire

    none Guest

    In article <k00pkp$liv$>, Lynn McGuire <> wrote:
    >On 8/8/2012 3:10 PM, jeff wrote:
    >> I am trying to build a copy protection system where the user authenticates to my server and the server sends a

    >decryption key. Then
    >> without writing the key to the hard drive I want to load an encrypted executable in memory, decrypt it, leaving

    >the decrypted form in
    >> memory and run the executable from there.
    >>
    >> I cannot have the decrypted executable or the key ever written to the hard drive because it is too easy for

    >someone to get it from
    >> there. I have the encryption and decryption working, I still need to get the authentication system working

    >which will probably be
    >> RADIUS since I do not know anything else that would work because the authentication is not custom built so I

    >have either HTTP
    >> authentication or RADIUS authentication. The RADIUS should be easy to setup I found several libraries that have

    >that I just have not
    >> gotten them to authenticate properly yet. The biggest thing is being able to run the executable from memory.
    >>
    >> Does anyone have any idea what to do for this? Any code examples to get me started?

    >
    >No but I would advise using zlib ( http://zlib.net/ ),
    >a cross platform compression / decompression open
    >source utility for your encryption / decryption.
    >
    >I have built a DRM system for our software package
    >and it has been cracked many times in the last
    >couple of decades. We use a digital signature
    >(sometimes the hard drive signature:
    > http://www.winsim.com/diskid32/diskid32.html )
    >and password system.
    >
    >The problem is that locks are to tell honest
    >people where the limits are. If everyone was
    >honest then we software developers could use a
    >very simplistic serial number or password system.
    >Unfortunately, we have to design our software
    >distribution systems to limit the amount of
    >damage that the dishonest people can do. Just
    >cracking your software is bad enough, there are
    >actually people who will repackage software with
    >viruses inside it (been there, done that).


    Disclaimer: I think the question is not really C++ related but... :)

    There seems to be a witch hunt by DRM haters agaisnt the OP. From the
    perspective of software DRM, I'd tend to agree that this is most
    likely a lost battle and managing licensing through value added
    service and legal (courts) means may be the better way to go.

    However, there exists a space where DRM is almost essential. A
    company like Netflix can't simply rely value-added customer service,
    etc. It has to protect the content and make it as hard as possible to
    access content without a subscription. This is most likely going to
    be a constant battle where crackers will find a way in the current
    system and the distributor will need to update their protection and
    distribute a new client but as things currently stand, they simply
    can't stream in a DRM-free format.

    So I think the the OP question has some value even if it is not quite
    in the original context.

    Yan
    none, Aug 13, 2012
    #2
    1. Advertising

  3. Lynn McGuire

    Lynn McGuire Guest

    On 8/16/2012 3:37 PM, jeff wrote:
    > On 08/14/2012 01:55 AM, David Brown wrote:
    >> On 13/08/2012 18:47, none Yannick Tremblay wrote:
    >>
    >>> Disclaimer: I think the question is not really C++ related but... :)
    >>>
    >>> There seems to be a witch hunt by DRM haters agaisnt the OP. From the
    >>> perspective of software DRM, I'd tend to agree that this is most
    >>> likely a lost battle and managing licensing through value added
    >>> service and legal (courts) means may be the better way to go.

    >>
    >> Let's be clear on this - there is /no/ witch hunt against the OP. There
    >> is a general opinion that the encryption system proposed by the OP is a
    >> bad idea - it will complicate matters and inconvenience people (such as
    >> legitimate customers and not least, the OP himself), and provide no
    >> protection. But people here are trying to help the OP by giving useful
    >> advice - there is no witch hunt.
    >>

    > There sure seems to be a witch hunt since I have investigated everything that has been mentioned before anyone mentioned it here and
    > I have said that many times. Also I have said specifically several times that I am working hard to make sure that it is not an
    > inconvenience to the legitimate users, but no one seems to pay any attention to that part.
    >>>
    >>> However, there exists a space where DRM is almost essential. A
    >>> company like Netflix can't simply rely value-added customer service,
    >>> etc. It has to protect the content and make it as hard as possible to
    >>> access content without a subscription. This is most likely going to
    >>> be a constant battle where crackers will find a way in the current
    >>> system and the distributor will need to update their protection and
    >>> distribute a new client but as things currently stand, they simply
    >>> can't stream in a DRM-free format.
    >>>
    >>> So I think the the OP question has some value even if it is not quite
    >>> in the original context.
    >>>

    >>
    >> The concept of DRM (taken to mean an encryption system that is decoded
    >> at the end point) itself is ultimately broken - the user or customer has
    >> the keys and the decoded result, even if it is a little difficult to
    >> copy them. Time and again, DRM "protection" has been shown to be no help
    >> at all against more serious copyright abuse - and it has inconvenienced
    >> and limited users from using their legally obtained software or media in
    >> the way they want.
    >>
    >> There are other ways to deal with the distribution of media. Many music
    >> services now deliver files that are DRM-free, and seem to manage fine.
    >> And an obvious way to protect video content is through watermarking. If
    >> the film you download from Netflix starts with a warning message telling
    >> you this copy is licensed to you, with your name and customer number,
    >> warns that it is watermarked and traceable if it is shared "into the
    >> wild", then customers will not spread the files. It is simple,
    >> unobtrusive, and reliable - everyone should be happy.
    >>
    >>

    >
    > The key to this system is to give me a chance to monitor usage and to give me a change to see at least some unlicensed usage of the
    > software. I would also like to point out that music services that sell DRM free music are limited because many recording companies
    > will not let them sell the music without DRM and Netflix, Hulu and Amazon have the same problem they cannot show DRM free content
    > because the companies that they license the content from would all leave, it has nothing to do with companies like Netflix deciding
    > that they need to protect the content, but they would probably still put DRM on the content if they were not required to.
    >
    > In any case this protection that I am trying to implement has almost as much to do with getting information as it does with
    > protecting the software.


    Hi Jeff, If you want, I can tell you how to easily
    build a phone home system for your software using
    a website. It will not work through a firewall
    that captures http though.

    Lynn
    Lynn McGuire, Aug 21, 2012
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Cooper
    Replies:
    7
    Views:
    475
    Robert Miles
    Sep 15, 2012
  2. Nobody
    Replies:
    11
    Views:
    625
    Robert Miles
    Sep 15, 2012
  3. Replies:
    0
    Views:
    382
  4. Replies:
    1
    Views:
    337
    Pavel
    Sep 18, 2012
  5. Öö Tiib
    Replies:
    1
    Views:
    330
    Öö Tiib
    Aug 23, 2012
Loading...

Share This Page