如何保护您的软件代码?
假设情况:
假设我从头开始构建了一个软件产品,它做了很棒的事情。唯一的问题是,一旦有人看了代码,他们就会很容易理解它,并且可以轻松地自己构建它。
现在,问题是我 100% 从头开始构建代码,并混合使用 API 调用。 没有其他人参与代码的开发。
如果我想出售该产品,如何保证比我聪明得多的人会对整个产品进行逆向工程并推出更好的产品?
现在我正在考虑将整个代码分段。添加大量冗余代码和大量注释。
是否有任何软件可以对软件代码进行加密,从而使调试、故障排除和理解代码的工作原理几乎变得不可能?但仍照常运行?让开发商安心?
Possible Duplicates:
How do you protect your software from illegal distribution?
Best practice to prevent software copy
Hypothetical situation:
Lets say I have built a software product from the scratch and it does wonderful things. The only problem is that, once someone takes a look at the code, they will understand it very easily and they can easily build it up themselves.
Now, the thing is that I built the code from the scratch 100% and uses a mixture of API calls.
Nobody else is involved in the development of the code.
If I want to sell this product, what is the guarantee that someone much smarter than me will reverse engineer the whole thing and come up with better product?
Right now I am thinking of fragmenting the whole code. Adding lots of redundant code and tonnes of comments.
Is there any software which encrypts the software code, that will make debugging, troubleshooting, and understanding how the code works virtually impossible? and yet runs as usual? so that the developer can have peace of mind?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(13)
程序中很少有东西是真正新颖的。几乎所有你可能放入代码中的东西,其他人都可以自己发明。通常比他们通过阅读代码更容易学习。阅读代码比编写代码更难,而且大多数程序员并不真正喜欢这样做。
因此,他们更有可能会看到您的应用程序并认为“我可以做到这一点”,然后“这很酷,我要阅读该代码,然后复制它!”。即使他们理解,你仍然拥有版权,你仍然可以首先进入市场。
我建议你忘记它。
Very few things in a program are truly novel. Almost everything that you are likely to put into your code, someone else could invent on their own. Generally more easily than they could learn it by reading your code. Reading code is harder than writing it, and most programmers don't really like doing it anyway.
So it's much more likely that they will look at your app and think "I could do that", then "That's cool, I'm gonna read that code and then copy it!". Even if they understand it, you will still own the copyright, you still get to market first.
I recommend that you just forget about it.
所以不要给任何人源代码。
(a) 因此,现在就开始销售并占领市场。逆向工程需要时间,在此期间您要占领市场和“思想份额”。 (b) 在您的许可协议中加入禁止逆向工程的条款。 (c) 确保获得产品的每个人都签署协议。
只有当您要分发源代码时,这才有意义。在这种情况下,甚至没有人需要进行逆向工程。他们有你的源代码。不要给他们。
有很多软件可以完成这项工作。然而,它是业务问题的技术解决方案。所有软件都可以进行逆向工程,因为在某些时候,所有软件都必须被解密和反混淆,直到 CPU 能够理解它。那时它本质上是明文。因此,从形式上讲,没有任何技术解决方案是可能的(缺少在防篡改 HSM 中执行的代码之类的东西)。
我要补充的是,您可以使用另一种业务机制来防止业务损失,这就是它的全部内容:价格。将价格定得太高,以致被许可人会重视其副本而不允许对其进行检查,或者将价格定得太低,以致逆向工程在成本上不可行;或者免费提供并通过支持合同赚钱。
So don't give anybody the source code.
(a) So start selling it now and capture the market. Reverse engineering takes time, during which you are capturing market and 'mind-share'. (b) Put a provision in your licence agreement that prohibits reverse-engineering. (c) Make sure everybody who gets the product signs the agreement.
That only has a point if you're going to distribute the source code. In which case nobody even needs to reverse-engineer. They have your source code. Don't give it to them.
There's lots of software that purports to do this job. However it is a technical solution to a business problem. All software can be reverse-engineered, because at some point or other it all has to be decrypted and de-obfuscated to the point where the CPU will understand it. At that point it is essentially plaintext. So no technical solution is formally speaking possible (short of something like code that executes in a tamper-proof HSM).
I will add that there is another business mechanism you can use to defend against business loss, which is what this is all about: price. Make the price so high that the licensees will value their copy and not permit it to be inspected, or make it so low that reverse-engineering is cost-infeasible; or make it free and make your money on the support contract.
一旦您真正具备了编写此类代码库的知识和经验,您就会清楚混淆是为了阻止随意的知识产权侵权。
想了解你的代码的人就会了解你的代码。
如果这成为金钱损失的问题,法院可以为您提供保护。
这就是它的工作原理。
Once you actually have the knowledge and experience to write such a codebase, it will be clear to you that obfuscation is meant to deter casual IP infringement.
Someone who wants to know your code is going to know your code.
If it becomes an issue of monetary loss, the courts are your protection.
That's how it works.
总有人能够理解并计算出你的代码。哎呀,如果你有 0 种方式获取代码,即使只是使用系统也足以让某人能够复制该过程。
示例:我拿一壶水,将其倒入杯子中,同时我的背对着另一个人。这个人知道水和重力非常适合让物体落入其他容器中,因此他们可以设计出一个举起罐子的过程,让重力(API 调用)对他们有利。他们可能不知道你的前臂到底使用了什么角度,以及你使用的任何超级偷偷摸摸的持杯技术,但他们可以复制相同的过程并随着时间的推移进行改进。
tl;dr:你无法保护代码。
Someone will always be able to understand and work out your code. Heck, if you had 0 way getting to the code, even just using the system is enough for someone to be able to replicate the process.
Example: I take a jug of water and pour it into the cup, while my back is facing to another person. This other person knows that water and gravity are awesome at making things fall into other containers, so they can then work out a process of lifting a jug to let gravity (API call) work in their favour. They mightn't know exact what angle you used in your forearm and any super-sneaky cup-holding techniques you used, but they can replicate the same process and improve on it over time.
tl;dr: You can't protect code.
要做的事情是发明更精彩的东西,而竞争对手正在对你当前的东西进行逆向工程。这就是所谓的通过创新进行竞争。
The thing to do is invent even more wonderful things while the competition is reverse-engineering your current stuff. It's called competing through innovation.
我不是律师
如果您真的担心它,以至于您愿意为此投入金钱,请不要保护您的代码(除了混淆或加密等合理的措施之外),而是为您的想法和艺术申请专利。然后,如果有人确实采用了它,对其进行逆向工程并根据您的流程制定更好的流程,您就有合法理由获得您的钱。
你需要做大量的事情,包括证明他们接受了你的想法(这并不容易),但如果这是解决世界饥饿和所有人文问题的方法,那么它就是你要做的事情。
现在,对于缺点,我会猜测,并且可能90%正确的是,您的方法是:
知识产权律师可以肯定地告诉你,咨询费用并不高。总的来说,咨询他们比投入大量时间隐藏代码要便宜。
祝你好运。
I am not a lawyer
if you are really worried about it, to the point you are willing to invest money in it, dont protect your code (beyond something reasonable like obfuscation or encryption) but rather patent your idea and your art. Then if someone does take it, reverse engineer it and make a better process based of yours, you have legal grounds to get your money.
There are tons of things you will have to do, include proving they took your idea (which isnt easy), but if this is the solution to world hunger and all of humanities problems its the thing to do.
Now for the downside, I will guess, and probably be 90% right that your method is:
An IP lawyer can tell you for sure, and the expense of a consult is not that much. Overall it will be cheaper to consult with them then to invest a lot of time in hiding code.
Good luck.
甚至不用打扰。如果您的代码确实“做了很棒的事情”,请放心它会被黑客攻击。并且只是出于好奇。
Don't even bother. If your code really "does wonderful things" be assured that it'll get hacked. And be it just for curiosity.
没有 100% 的方法可以保护您的代码免受逆向工程的影响。我们在谈论什么语言?如果这是 C/C++,那么逆向工程就非常困难,您可以从调试信息等中剥离它。但是,如果这是例如 Java,那么即使您混淆代码,也有一些非常酷的工具(例如 JAD)无论如何都会揭示您的大部分工作。
尽管如此,我认为你应该尝试改变你的态度。大公司为简单的解决方案付出了很多钱,现在看来服务是最重要的,而不是软件(因此基于开放软件的公司取得了成功)。所以,如果你有一个很棒的软件,不要担心有人会偷它,而应该考虑如何很好地销售它。
There is no 100% way to protect your code from reverse engineering. What language are we talking about? If this is C/C++ then it is pretty hard to reverse engineer, more you could strip it from debugging information etc. But if this is for example Java then even if you obfuscate the code, there are some pretty cool tools (like JAD) that will reveal much of your work anyway.
Despite all of this I think you should try to change your attitude. Big companies pay a lot of money for simple solutions and it seems that nowadays service is the most important thing, not the software (hence the success of open-software based companies). So, if you have a great software don't be scared that someone might steal it, rather think how to sell it good.
在我看来,这是完全错误的心态。如果你被公交车撞了怎么办?你们公司破产了?您的所有数据都在火灾中被毁掉了吗?对于您的每一位客户来说,他们在您的软件上的投资价值都会下降,并最终达到零,因为没有您,软件就无法进一步开发或排除故障。我已经看到如此多的钱被这样浪费了,我认为这是一个可怕的商业模式。
我靠自己制作软件谋生,所以我知道靠软件谋生的艰辛。尽管如此,混淆不能成为当今的出路。对您的客户实施严格的许可协议,吓唬他们,这样他们甚至不会考虑重新分发软件,而是保持开放。
This is the totally wrong mindset IMO. What happens if you get hit by a bus? Your company goes bankrupt? All your data gets destroyed in a fire? For every single one of your customers, the value of their investment in your software will drop, and eventually reach zero, because the software can't be developed, or troubleshot, any further without you. I have seen so much money wasted that way, I think it's a horrible business model.
I earn my bread with making software myself so I know the hardships of making a living with it. Still, obfuscation can't be the way to go nowadays. Impose strict license agreements on your customers, scare the hell out of them so they don't even think about redistributing the software, but leave it open.
这是徒劳的。总有人比你更聪明,因此他们能够对你的混淆进行逆向工程。
This is futile. There is always someone smarter than you and therefore they will be able to reverse engineer your obfuscation.
通常,足够聪明的人能够破解您的代码并以有意义的方式使用它,他们也足够聪明,可以自己完成这件事,并且可能认为他们可以比您做得更好,因此他们不会费心去窃取您的东西。
不要担心那些可以破解您的代码但无法有意义地使用它的人。如果你做得很好,这只会增强你所做工作的质量(想想所有蹩脚的触摸屏手机模仿者)。
Usually someone smart enough to hack your code and use it in a meaningful way is smart enough to do it on their own, and probably thinks they can do it better than you did, so they won't bother stealing your stuff.
Don't worry about the people who can hack your code but not make meaningful use of it. If you've done a good job, this can only reinforce the quality of the job you've done (think of all the crappy touchscreen phone imitators).
他们将对你的代码进行逆向工程。没有什么可以阻止他们……你唯一能做的就是让它变得更难。其范围从混淆本质上“开放”的代码(例如 PHP 和 Javascript),一直到用大量的自我修改来乱扔代码。
They are going to reverse-engineer your code. Nothing can stop them.. The only thing you can do is make it harder. This ranges from obfuscating code that is inheritely "open" such as PHP and Javascript, all the way down to littering your code with a crap load of self-modification.
我认为,在很多方面,让一款软件变得有价值的,并不是它所提供的疯狂的技术进步,而是我们认为可能认为是第三级的东西。软件本身。就像你会在那里支持它一样。或者它作为 Web 服务提供,您将在那里确保服务器正在运行。或者它是一个社区,您将在那里调节和建设社区。
虽然您实际上可能在销售代码,但代码所具有的价值并不是代码本身固有的,而是源自代码周围的功能和生态系统。
In a lot of ways, I think, the thing that makes a piece of software valuable, is not the crazy technological advancement that it provides, but rather the things that we think might think of as being tertiary to the piece of software itself. Like the fact that you'll be there to support it. Or that it's provided as a web service and you'll be there to make sure the server is running. Or that it's a community, and you'll be there to moderate and build the community.
While you may be actually selling code, the value you that your code has isn't intrinsic to the code itself, but rather derives from the features and ecosystem that surrounds your code.