Re: Trying to build a copy protection system

Discussion in 'C++' started by goran.pusic@gmail.com, Aug 22, 2012.

  1. Guest

    On Wednesday, August 8, 2012 10:10:32 PM UTC+2, jeff wrote:
    > I am trying to build a copy protection system where the user authenticates to my server and the server sends a decryption key. Then without writing the key to the hard drive I want to load an encrypted executable in memory,decrypt it, leaving the decrypted form in memory and run the executable from there. I cannot have the decrypted executable or the key ever written tothe hard drive because it is too easy for someone to get it from there.


    It's not hard getting your executable from memory either. Your hard drive "worries" are a red herring - your attacker can do pretty erasioly with the memory access only.

    On a second look, Andrew Cooper's advice is by far the best you will get. ;-)

    I see that further on you say " it is going to be combined with other
    methods that are already in place and prevent people from running
    programs that will dump memory to disk" - first, I have to ask you, who do you think you are to even try to prevent people from running any kind of a program. How important you think your program is to even try the same thing!? You really should ask your users first "look, I want to have some copy-protection, and I want to do it so-and-so", and listen to responses. Second,you are sorely mistaken in suggesting that these "other methods" will ultimately work. Ultimately, you can't take away control of the target machine from it's administrator, and I believe you don't even realize why you can'tdo this (otherwise, you would not have believed in what you say you read about it on the internet).

    Leave it and focus of building something of value for your users (note thatcopy-protection has little to no value to them). For that, I say, listen to David Brown.

    Goran.
    , Aug 22, 2012
    #1
    1. Advertising

  2. Pavel Guest

    jeff wrote:
    > On 08/21/2012 11:47 PM, wrote:
    >> On Wednesday, August 8, 2012 10:10:32 PM UTC+2, jeff wrote:
    >>> I am trying to build a copy protection system where the user authenticates to
    >>> my server and the server sends a decryption key. Then without writing the key
    >>> to the hard drive I want to load an encrypted executable in memory, decrypt
    >>> it, leaving the decrypted form in memory and run the executable from there. I
    >>> cannot have the decrypted executable or the key ever written to the hard
    >>> drive because it is too easy for someone to get it from there.

    ....
    Consider explicit periodical audit approach instead of capability-disabling (IBM
    has used it to a great success):

    1. You do not risk disabling legitimate users (or the users who ran out of
    licenses without even knowing it). You said it many times that you are trying to
    avoid the annoying legitimate users but your selected approach has an inherent
    risk of doing just so. Audit approach, on the other hand, is not able to disable
    software.

    2. You have a great opportunity to talk to your users an extra time and at very
    least learn their needs better (I saw IBM consulting using this chance by all
    its 200%+). Beware: often it will turn out that you either actually save money
    to them (many organizations will just continue paying for the copies of software
    that they do not need; and they can run them without any load). Does not sound
    like much-in-it for you in the short term but nothing helps better in building
    relationships and bringing in new orders.

    You might also think of offering deeply discounted price models for
    development/QA/UAT instances. Sometimes big organizations try to entirely avoid
    or squeeze their non-production environments due to steep licensing costs they
    feel "non-productive"; but give them 90% break on these and they will buy tens
    of these licenses and then very well might *buy more production licenses*
    because they will have better experience with better-tested apps. As soon as
    your app becomes their profit-center instead of cost-center, rational
    organizations suddenly stop being stingy.

    -Pavel
    Pavel, Sep 18, 2012
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Cooper
    Replies:
    7
    Views:
    475
    Robert Miles
    Sep 15, 2012
  2. Nobody
    Replies:
    11
    Views:
    625
    Robert Miles
    Sep 15, 2012
  3. Replies:
    0
    Views:
    382
  4. Lynn McGuire
    Replies:
    2
    Views:
    423
    Lynn McGuire
    Aug 21, 2012
  5. Öö Tiib
    Replies:
    1
    Views:
    330
    Öö Tiib
    Aug 23, 2012
Loading...

Share This Page