Introduction
With the plethora of emergent software technologies,
methods for deploying those technologies, and with the
prospect of pay per use software on the horizon, there has
been a steadily growing trend of sites catering to users
who do not wish to pay for such services and as such
download them illegally. This has the after effect of
diminishing profits made by software companies and home
based software programmers. As the trend increases, there
is a progressive upscaling of the cost of software to the
end user as well as a decrease in the amount of profit that
a software company of freelance programmer is able to draw
from his or her work. One solution to this is the eventual
withdrawal of the software product from the market, which in
turn forces layoffs of programmers that were specifically
dedicated to that project. Another solution is the
implementation of copy protection, which serves to curtail
illegal software usage. Below, I will discuss a few
possible methods of implementing simple copy protection to
help avoid this problem.
Method One - DeadBolt Locking
The above name may seen somewhat strange, but in effect the
first method, functions almost exactly as a deadbolt on
your front door would. We can use a simple DLL which must
be present for the application to execute as it would
contain a null function ( basically just a void function that
goes nowhere and does nothing ) which the program would
need to see from the dll's exports. The main advantage of
this, is that when linked in the applications header files,
if the dll is not present on the system, the app will fail
to execute, which is true in any case where a dll is not
available. The main drawback to this is that the dll can
be easily passed from a legitimate version of the
application to an illegal warez version of the application
so that makes it unsuitable for our purposes.
Method Two - Keypad Locking
This method takes the DeadBolt Locking method a step
further and requires that the end user enter an
authorization code which is parsed by a auth routine inside
the dll and a corresponding counter code generated. This
has the advantage of getting past the "floating" dll
problem in that if the user enters an invalid counter code
at set number of times, we can simply not allow them to run
the program. It would do no good for them to keep trying
the to try to guess the counter codes as the dll would
generate a new authcode, countercode pair per each call and
the chances of a correct guess would be unrealistic
depending on the size of the authcode and it's respective
counter code. The draw back to this is the fact that if
someone where to sit down and disassemble the application
they could possibly see what values were being passed
between the dll and the main application and develop a key
logger, or determine a way to patch the dll to accept a
predetermined counter code each time.
Method Three - Remote Server Authorization
It is my personal opinion that the third and final method
is the most secure and reliable method. It incorporates
the previously defined methods and in addition some self
check methods, which would be specifically designed to
prevent tampering with the application files. The
application could scan it's own dll's looking for and
gathering information on file sizes, and send this
information to a remote server for processing...if the file
sizes or other information did not match, then the
application could take appropriate steps to disallow
running on the system it's installed on. This method is
the best in my personal opinion because it provides an
outside check which is difficult if not impossible to stop.
This method and the two previous will be elaborated on in
part 2 of this series. Stay Tuned.
P.S.
There are probably far better methods for implementing any
kind of worthwhile copy protection, I am merely writing
this series as a quick and dirty primer on methods for
implementing such things. I make no promise of 100%
correctness, and all concepts should be taken as written.
If you choose to implement a method I have described in
this article, don't blame me if it doesn't work....but if
it does...credit me all you want :-)
