There is no effective way to lock down an application, period. You can make it more difficult for users to use the program without a valid license from you, at the risk of creating false negatives, which can become a PR nightmare very quickly in the Internet age.
There are two ways to go about doing this. You can create some sort of DRM lock built into the software. These take no time flat for some talented hacker to reverse-engineer. (The best tend to last about 1 month.) Or you can create a validation system that requires the program to connect to a server. These are a lot harder to crack, but tend to have serious false-negative problems, and if your server ever goes down, all your paying customers are up a creek. In the end, neither is a good solution.
I created a "self-modifying" EXE by appending a data record to the end of my compiled application. The first thing my application did was get the machine id and the bios date from the computers memory. I would then compare these to the machine id and bios date stored in the appended data record. Seek to end... back up XX number of bytes... read to end.
This worked great. If a buddy passed on a program to a friend and it didn't recognize the machine id or bios date and reverted back to trial-ware. When they entered the key successfully I would update the appended record with that machines user information.
Then Norton started flagging my software as a virus because it was a self-modifying EXE. That put a halt to my app locking days. I haven't tried since.
I tend to agree that aggressive DRM is really bad and annoys legitimate users, but, at the same time, an incentive to keep honest people honest isn't bad either, provided it doesn't get in the way...
Not a real component reference, but some interesting reading on protecting software:
I have used OnGuard by turbo power in several projects, but do not rely on it being the only method to protect the software. You can also use the LockBox library to encrypt data, such as a record stuffed in a database your app controls, containing license registration data that you emailed to the user and they applied via cut and paste into the about box.
The strongest way to protect things is to have a piece that the user doesn't have access to, and have your software "call home" to validate that its still valid (very DRM like). Unfortunately, this is easy for anyone to block by turning on thier software firewalls and excluding your application from using the internet. Of course DRM like systems have a bad name right now, but its partly because they are a frustration point to the end user because they work... as long as the service which validates the license is up.
Having watched others have trouble in the past with third party licence & protection software, I think there is only one viable system. First, don't spend too much time on it, just make a good product, and update it often. Second, separate the install code from the protection. This way you can change the protection at the drop of a hat, without affecting any users. This basically means you have to write your own install code system, or use one like the old Turbopower one. Then use something that will protect your decoder a little. I currently use the Oreans Code Virtualizer which is quite sufficient.
Keeping them separate gives you flexibility, and less hassle.
I tend to prefer Armadillo from Silicon Realms (http://www.siliconrealms.com/). It has nice nice features and is integrated with Digital River/RegNow.com (being a subsidiary of them).
There are alot of Anti-Armadillo software available but custom builds a some additional prevention coded by you do magic.
I also not believe that it's worth to spend a lot of time and energy in a tecnical protection, the people who want steal your software wil doe it anyway.
Peldi Guilizzoni from Balsamiq have a nice blog post over this subject:
发布评论
评论(11)
目前还没有有效的方法来锁定应用程序。 您可以让用户在没有您的有效许可证的情况下更难使用该程序,从而冒着产生漏报的风险,这在互联网时代很快就会成为公关噩梦。
有两种方法可以做到这一点。 您可以创建某种内置于软件中的 DRM 锁。 对于一些有才华的黑客来说,这些逆向工程不需要花太多时间。 (最好的持续时间约为 1 个月。)或者您可以创建一个验证系统,要求程序连接到服务器。 这些问题很难破解,但往往会出现严重的误报问题,如果您的服务器出现故障,所有付费客户都会陷入困境。 归根结底,这两者都不是一个好的解决方案。
长话短说,如果你想制作一个能够盈利的程序,那么它的质量必须足够高,人们愿意为此付费,并且向那些愿意购买软件而不是窃取软件的人推销它。 没有任何捷径。
There is no effective way to lock down an application, period. You can make it more difficult for users to use the program without a valid license from you, at the risk of creating false negatives, which can become a PR nightmare very quickly in the Internet age.
There are two ways to go about doing this. You can create some sort of DRM lock built into the software. These take no time flat for some talented hacker to reverse-engineer. (The best tend to last about 1 month.) Or you can create a validation system that requires the program to connect to a server. These are a lot harder to crack, but tend to have serious false-negative problems, and if your server ever goes down, all your paying customers are up a creek. In the end, neither is a good solution.
Long story short, if you want to make a program that will be profitable, make it of high enough quality that people will be willing to pay for it, and market it to the people who are willing to buy software instead of steal it. There just aren't any shortcuts.
我通过将数据记录附加到已编译的应用程序的末尾来创建一个“自修改”EXE。 我的应用程序做的第一件事是从计算机内存中获取机器 ID 和 BIOS 日期。 然后我会将这些与附加数据记录中存储的机器 ID 和 BIOS 日期进行比较。 寻求结束...备份 XX 个字节...读取结束。
这效果很好。 如果好友将程序传递给朋友,但该程序无法识别机器 ID 或 BIOS 日期并恢复为试用软件。 当他们成功输入密钥后,我将使用该机器的用户信息更新附加记录。
然后诺顿开始将我的软件标记为病毒,因为它是一个自我修改的 EXE。 这让我的应用程序锁定日子停止了。 从那以后我就没有尝试过。
I created a "self-modifying" EXE by appending a data record to the end of my compiled application. The first thing my application did was get the machine id and the bios date from the computers memory. I would then compare these to the machine id and bios date stored in the appended data record. Seek to end... back up XX number of bytes... read to end.
This worked great. If a buddy passed on a program to a friend and it didn't recognize the machine id or bios date and reverted back to trial-ware. When they entered the key successfully I would update the appended record with that machines user information.
Then Norton started flagging my software as a virus because it was a self-modifying EXE. That put a halt to my app locking days. I haven't tried since.
我倾向于同意,激进的 DRM 确实很糟糕,并且会惹恼合法用户,但与此同时,让诚实的人保持诚实的激励也不错,只要它不妨碍……
不是真正的组件参考,但一些有关保护软件的有趣阅读:
防破解提示:
Fravia 如何更好地保护。
Pirate-Me-Not。
对盗版和 DRM 的反思:
盗版和非常规智慧。
盗版和盗版 电脑游戏。
I tend to agree that aggressive DRM is really bad and annoys legitimate users, but, at the same time, an incentive to keep honest people honest isn't bad either, provided it doesn't get in the way...
Not a real component reference, but some interesting reading on protecting software:
anti-cracks tips:
Fravia's HOW TO PROTECT BETTER.
Pirate-Me-Not.
reflections on Piracy and DRM:
Piracy and Unconventional Wisdom.
Piracy & PC Gaming.
我在几个项目中使用了 OnGuard by Turbo Power,但不要依赖它是唯一的方法以保护软件。 您还可以使用 LockBox 库来加密数据,例如填充在应用程序数据库中的记录控件,包含您通过电子邮件发送给用户的许可证注册数据,他们通过剪切并粘贴到“关于”框中来应用这些数据。
保护事物的最有力方法是拥有用户无权访问的部分,并让您的软件“回拨”以验证其仍然有效(非常类似于 DRM)。 不幸的是,任何人都可以通过打开他们的软件防火墙并阻止您的应用程序使用互联网来阻止这一点。 当然,类似 DRM 的系统现在名声不好,但部分原因是它们对最终用户来说是一个挫败点,因为只要验证许可证的服务正常运行,它们就可以工作。
I have used OnGuard by turbo power in several projects, but do not rely on it being the only method to protect the software. You can also use the LockBox library to encrypt data, such as a record stuffed in a database your app controls, containing license registration data that you emailed to the user and they applied via cut and paste into the about box.
The strongest way to protect things is to have a piece that the user doesn't have access to, and have your software "call home" to validate that its still valid (very DRM like). Unfortunately, this is easy for anyone to block by turning on thier software firewalls and excluding your application from using the internet. Of course DRM like systems have a bad name right now, but its partly because they are a frustration point to the end user because they work... as long as the service which validates the license is up.
Oreans 拥有非常好的生产产品(Themida & WinLicense),并且比其他产品推荐更多。
Oreans has very good production products(Themida & WinLicense), and recommended more than other products.
看到其他人过去在第三方许可和使用方面遇到麻烦; 保护软件,我认为只有一种可行的系统。 第一,不要花太多时间在上面,做好产品就好,并且经常更新。 其次,将安装代码与保护分开。 通过这种方式,您可以立即更改保护,而不会影响任何用户。 这基本上意味着您必须编写自己的安装代码系统,或者使用像旧的 Turbopower 那样的系统。 然后使用一些可以保护您的解码器的东西。 我目前使用 Oreas Code Virtualizer 这已经足够了。
将它们分开可以为您提供灵活性并减少麻烦。
Having watched others have trouble in the past with third party licence & protection software, I think there is only one viable system. First, don't spend too much time on it, just make a good product, and update it often. Second, separate the install code from the protection. This way you can change the protection at the drop of a hat, without affecting any users. This basically means you have to write your own install code system, or use one like the old Turbopower one. Then use something that will protect your decoder a little. I currently use the Oreans Code Virtualizer which is quite sufficient.
Keeping them separate gives you flexibility, and less hassle.
我更喜欢来自 Silicon Realms (http://www.siliconrealms.com/) 的犰狳。
它具有很好的功能,并与 Digital River/RegNow.com(作为他们的子公司)集成。
有很多可用的反犰狳软件,但定制构建了一些由你做魔法编码的额外预防措施。
I tend to prefer Armadillo from Silicon Realms (http://www.siliconrealms.com/).
It has nice nice features and is integrated with Digital River/RegNow.com (being a subsidiary of them).
There are alot of Anti-Armadillo software available but custom builds a some additional prevention coded by you do magic.
我过去曾使用过 ICE 许可证。 工具很容易使用 - 这很好,因为支持令人震惊!
这些类型的产品都不是完美的,但是,如果您确定这是您想要走的路线,那么您可以做得比该产品更糟糕。
I've used ICE License in the past. Tool was easy to use - which is good, as the support was shocking!
None of these types of products is perfect, but, if you've decided that this is the route you want to go, you could do worse than this product.
我也不认为在技术保护上花费大量的时间和精力是值得的,想要窃取你的软件的人无论如何都会这样做。
Balsamiq 的 Peldi Guilizzoni 有一篇关于此主题的精彩博客文章:
http://www.balsamiq。 com/blog/?p=382
I also not believe that it's worth to spend a lot of time and energy in a tecnical protection, the people who want steal your software wil doe it anyway.
Peldi Guilizzoni from Balsamiq have a nice blog post over this subject:
http://www.balsamiq.com/blog/?p=382
我可以赞同对 Oreans 产品的推荐。 他们的支持也特别好。
我也使用犰狳——这还可以,但我不会再推荐它了; 和 ASProtect,我真的根本不推荐它。
I can second the recommendation for Oreans' products. Their support is particularly good, too.
I also use Armadillo - which is ok, but I wouldn't recommend it anymore; and ASProtect, which I really wouldn't recommend at all.
我正在试用License Shield SDK,似乎能够实现想要的功能。
但它是一个DLL,而不是你希望的VCL Component。
I'm Trial License Shield SDK, seem to be able to achieve the desired functionality.
But it is a DLL, not you wish VCL Component.