Re: Trying to build a copy protection system

Discussion in 'C++' started by Öö Tiib, Aug 22, 2012.

  1. Öö Tiib

    Öö Tiib Guest

    On Wednesday, August 8, 2012 11:10:32 PM UTC+3, jeff wrote:
    > I am trying to build a copy protection system where the user
    > authenticates to my server and the server sends a decryption key. Then
    > without writing the key to the hard drive I want to load an encrypted
    > executable in memory, decrypt it, leaving the decrypted form in memory
    > and run the executable from there.


    As others have said, you possibly go too far with you being paranoid of your end-users. Such things add complexity, complexity adds bugs, bugs add misbehavior and the legitimate users will suffer and be annoyed.

    > I cannot have the decrypted executable or the key ever written to the
    > hard drive because it is too easy for someone to get it from there. I
    > have the encryption and decryption working, I still need to get the
    > authentication system working which will probably be RADIUS since I do
    > not know anything else that would work because the authentication is not
    > custom built so I have either HTTP authentication or RADIUS
    > authentication. The RADIUS should be easy to setup I found several
    > libraries that have that I just have not gotten them to authenticate
    > properly yet. The biggest thing is being able to run the executable from
    > memory.


    The reason of any phone-home-system should be to put most weight of it intoyou being helpful, not being paranoid or spying. Offer automatic patches, offer bug-reporting facility, offer transfer of crash dumps to you with fully guaranteed privacy. That sort of stuff available for legit users makes any hacks look worse and less trustworthy.

    > Does anyone have any idea what to do for this? Any code examples to get
    > me started?


    First switch your way of thinking like all around you are thieves (sadly there are countries in world where it is true) and so you have any to mount and build all sorts of booby traps against your users and install such into their computers. End users feel that you do not trust them and that you fight them and that you are are ready to bash down open doors for it so they have zero reasons to trust you.
     
    Öö Tiib, Aug 22, 2012
    #1
    1. Advertising

  2. Öö Tiib

    Öö Tiib Guest

    On Thursday, August 23, 2012 1:35:01 AM UTC+3, jeff wrote:
    > On 08/22/2012 03:01 AM, Öö Tiib wrote:
    > > The reason of any phone-home-system should be to put most weight of it into you being helpful, not being paranoid or spying. Offer automatic patches, offer bug-reporting facility, offer transfer of crash dumps to you withfully guaranteed privacy. That sort of stuff available for legit users makes any hacks look worse and less trustworthy.

    >
    > I still have not seen any evidence that shows that I am being overly
    > paranoid and since I am not getting any personal data from the user
    > there is no way you can claim that I am spying on them. Once again your
    > suggestions are already implemented.


    How can I provide any evidence about you? I can only tell to you that evidence provided by *you* makes me *feel* that you are being overly paranoid. All what you have said that you have plus all that you have said that we have no idea what else security you have on top of it and still looking for more. Just my feeling. For you that all may actually look like good evidence that you have not paid close enough attention to copy protection measures and so your software is loosely protected.

    That said your claims seem to contradict. If you already get core dumps of crash (already implemented) then those may contain personal data. Else thread you told that your phone-home system only gets you little information like IP address of people that use it. Only possibility how this all can fit together is that your software never crashes.
     
    Öö Tiib, Aug 23, 2012
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Cooper
    Replies:
    7
    Views:
    489
    Robert Miles
    Sep 15, 2012
  2. Nobody
    Replies:
    11
    Views:
    647
    Robert Miles
    Sep 15, 2012
  3. Replies:
    0
    Views:
    398
  4. Lynn McGuire
    Replies:
    2
    Views:
    441
    Lynn McGuire
    Aug 21, 2012
  5. Replies:
    1
    Views:
    347
    Pavel
    Sep 18, 2012
Loading...

Share This Page