Quote:
Originally Posted by atom0s
....
I use a streaming setup with a client <> server communication approach. My client applications are 'stupid' in the sense that they are just enough to turn on, but they lack key functions and data required to make them operate. When they boot up, a validation handshake is performed with the server where some type of data is collected from the client machine, be it a login (username/password) or other random data like hardware ids etc. and is sent to the server for validation. If valid, the server will send back important information required for the client to run. It could be something basic like a key, or something intense like run-time ready code that can be compiled on the fly and so on.
A client can't just be manipulated with a single byte patch in this case as regardless if you make it assume it validated, it will not have the needed data to run without the server giving it back.
|
With all due respect, my dear friend...
The technique shown in this post here at :
Quote:
|
http://forum.exetools.com/showthread.php?t=17080
|
would defeat all the steps you have advised above, more or less in their
ENTIRETY , as the record and replay feature can be used right until all the server handshakes etc are over...
And after that the person can go "live" and use the app as normal !
You can try it out and see..
Of course, if you say that
ALL or
most of your code for
ALL the program and its features would run on the
SERVER ONLY, then of course, the program would be really a
WEB APPLICATION and hence though "
officially" its "installed" on the client computer, it would not be really a desktop application but a client-server app.
I believe our friend has asked about INSTALLABLE programs who do a MAJORITY of the processing on the client computer (as opposed to on a server), and hence I am discussing in reference to programs with such functionality. I draw this conclusion as he specifically asked for "software" to protect his software ...
One can argue that the checks can be done multiple times when the pogram is running, but surely, this would interfere more or less greatly with the functionality and speed of the program, and even then, those parts could be recorded and replayed as necessary, once they are known...
I would say that the BEST form of "protection" would be to sell your
FULL program only to customers whom you identify and know, in the form a Credit Card that they use to pay etc (A crippled Evaluation version can be given out if needed, to everyone else).
Then you can use
WATERMARKS so that you can identify the customers who have "leaked" them and then deny them updates as well as any future sales of programs. They can be legally "charged" as well, as you now know their identity.
Once can also build into their program, a facility to remotely DISABLE or cripple the program, if the "leaked" programs are ever on a computer connected to the internet (easily bypassed, but yet an additional protection).
Only a small minority of such customers have "genuine" issue of a lost program that got leaked, and are easily identified.
Again, these are not foolproof but they work almost 85% of the time or more, in most cases ( we used it earlier and it worked pretty well).