The only way to totally prevent cracking is to use a pay as you go based hosted application accessed by users remotely. That way someone without a valid paid account can not use the application, and anyone handing his account credentials to other will pay for their use as well as his own.
No code (except possibly a stub to allow logging in) is ever sent to the client, let alone stored there, so the client can't ever operate without connecting to your server (which will hopefully not get compromised, but that's a sysop problem, not a coding problem).
Any other system you may adopt will essentially have to rely on the legal clout behind your license to deter people from cracking it.
You need to somehow protect your code against reverse engineering; there are many so-called executable file protectors and I will not name it here. Regardless of what you calculate, just two NOP instructions will push the flow of the protection check in undesired direction.
Of course, it really matters what kind of code you are protecting; for interpreted languages it is almost impossible to protect yourself.
Ah, sorry, I can name one, non-commercial: infamous Yoda's PE Protector.
You could calculate a hash from a hardware-specific value and check for that value in the registry. This way it wouldn't be enough to find which value you are looking for, but also the algorithm.
A mathematically sound way of doing this is would be to turn the computer-specific value (e.g. MAC address) into a prime number, multiply it with your own magic prime number and store the product.
Edit: Note, though, that it usually is not worth bothering with any protection scheme except very simple ones. Even large corporations are struggling with this problem.
任何本地运行的逻辑总是容易被规避。关于许可证的实际存储取决于您的应用程序,我将编写一个 Web 服务并运行您自己的服务器。让应用程序在每次启动时检查您的服务,确保许可证仍然有效。
这也为您提供了更大的灵活性,例如,如果付款不明确,您可以撤销许可证。
Any logic running locally will always be prone to circumvention. With regard to the actual storage of a license depending on your application I would write a web service and run your own server. Get the app to check with your service each time it starts that the license is still valid.
This also gives you much more flexibility for example you could revoke a licence if payment doesn't clear.
You can accomplish this using public/private key encryption. Have local signed file instead of the registry that contains information about the license and having a web server to check the license is valid once in while. This should give you enough protection.
This can be done with LicenseSpot. On the site there's sample code, although only in c#.
发布评论
评论(5)
完全防止破解的唯一方法是使用用户远程访问的基于即用即付的托管应用程序。
这样,没有有效付费帐户的人就无法使用该应用程序,并且任何将其帐户凭据交给其他人的人都将为其自己的使用付费。
没有任何代码(除了可能允许登录的存根)发送到客户端,更不用说存储在那里,因此客户端在没有连接到服务器的情况下无法操作(希望不会受到损害,但这是一个管理员问题,不是编码问题)。
您可能采用的任何其他系统本质上都必须依赖您的许可证背后的法律影响力来阻止人们破解它。
The only way to totally prevent cracking is to use a pay as you go based hosted application accessed by users remotely.
That way someone without a valid paid account can not use the application, and anyone handing his account credentials to other will pay for their use as well as his own.
No code (except possibly a stub to allow logging in) is ever sent to the client, let alone stored there, so the client can't ever operate without connecting to your server (which will hopefully not get compromised, but that's a sysop problem, not a coding problem).
Any other system you may adopt will essentially have to rely on the legal clout behind your license to deter people from cracking it.
您需要以某种方式保护您的代码免受逆向工程的影响;所谓的可执行文件保护器有很多,这里就不一一列举了。无论您计算什么,只要两个 NOP 指令就会将保护检查流程推向不希望的方向。
当然,您所保护的代码类型确实很重要;对于解释语言来说,保护自己几乎是不可能的。
啊,抱歉,我可以举出一个非商业性的名字:臭名昭著的尤达的 PE 保护器。
You need to somehow protect your code against reverse engineering; there are many so-called executable file protectors and I will not name it here. Regardless of what you calculate, just two NOP instructions will push the flow of the protection check in undesired direction.
Of course, it really matters what kind of code you are protecting; for interpreted languages it is almost impossible to protect yourself.
Ah, sorry, I can name one, non-commercial: infamous Yoda's PE Protector.
您可以根据特定于硬件的值计算哈希值并在注册表中检查该值。这样,仅仅找到您正在寻找的值是不够的,还需要算法。
执行此操作的一种数学上合理的方法是将计算机特定值(例如 MAC 地址)转换为素数,将其与您自己的神奇素数相乘并存储乘积。
编辑:但请注意,除了非常简单的保护方案之外,通常不值得为任何保护方案而烦恼。即使是大公司也在努力解决这个问题。
You could calculate a hash from a hardware-specific value and check for that value in the registry. This way it wouldn't be enough to find which value you are looking for, but also the algorithm.
A mathematically sound way of doing this is would be to turn the computer-specific value (e.g. MAC address) into a prime number, multiply it with your own magic prime number and store the product.
Edit: Note, though, that it usually is not worth bothering with any protection scheme except very simple ones. Even large corporations are struggling with this problem.
任何本地运行的逻辑总是容易被规避。关于许可证的实际存储取决于您的应用程序,我将编写一个 Web 服务并运行您自己的服务器。让应用程序在每次启动时检查您的服务,确保许可证仍然有效。
这也为您提供了更大的灵活性,例如,如果付款不明确,您可以撤销许可证。
Any logic running locally will always be prone to circumvention. With regard to the actual storage of a license depending on your application I would write a web service and run your own server. Get the app to check with your service each time it starts that the license is still valid.
This also gives you much more flexibility for example you could revoke a licence if payment doesn't clear.
您可以使用公钥/私钥加密来完成此操作。使用本地签名文件而不是包含有关许可证信息的注册表,并使用 Web 服务器偶尔检查许可证是否有效。这应该给你足够的保护。
这可以通过 LicenseSpot 来完成。该网站上有示例代码,尽管只是 C# 语言。
You can accomplish this using public/private key encryption. Have local signed file instead of the registry that contains information about the license and having a web server to check the license is valid once in while. This should give you enough protection.
This can be done with LicenseSpot. On the site there's sample code, although only in c#.