如何强制执行软件试用安装的到期日期?
我需要为我的定制软件提供试用期。我有一个 64 位 C# 应用程序,它使用 64 位多处理器支持 DLL。其他要包含的实用程序是用 C++ 编写的(exe 和 dll)。我必须能够加密 C# 代码、将软件加密为仅在特定机器上运行,并强制执行不能通过重置机器时钟来阻止的到期日期。
我评估了几种开源和 COTS 解决方案:Infralution Licensing System、Protector 和 ExeShield 仅举几例。它们都不满足我的所有限制。
有人知道我应该考虑的全方位解决方案吗?或者我是否需要进行一些注册表潜水并通过自定义代码强制执行?
I need to offer a trial period for my custom software. I have a 64-bit C# app, which uses 64-bit, multi-processor support DLLs. Other utilities to be included are written in C++ (exes and dlls). I must be able to encrypt the C# code, key the software to run only on a particular machine, and enforce an expiration date that cannot be foiled by resetting the machine clock.
I've evaluated several open source and COTS solutions: Infralution Licensing System, Protector, and ExeShield just to name a few. None of them satisfy all of my constraints.
Is anyone aware of an all-ecompasing solution that I should consider? Or do I need to do some registry diving and enforce it through custom code?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
经过几年尝试不同许可系统的过程,我发现安全性与潜在客户的疏远之间存在很强的负相关性。
您需要担心的盗版本质上有两种。一种是随意盗版——用户使用该软件而不付费只是因为他们没有真正考虑过付费。另一种是故意盗版——人们决心不付费,并且愿意付出真正的努力来不这样做。
偶然的盗版基本上可以通过温和的提醒来处理——激活密钥、时间限制等。另一方面,故意的盗版基本上是无法阻止的。正如索尼、苹果、微软、任天堂和许多其他公司会告诉您的那样,即使您拥有对硬件和软件的控制权,您的保护方案也会被打破。破坏它的人很可能是为了有趣的挑战,也可能是为了获得免费软件。因此,对于特定人群来说,加强保护并不会阻止他们,反而会起到相反的作用。
与此同时,您为实现强有力的保护所做的所有努力都在驱使合法用户爬墙。也许用系统时钟检测不公正划分的旅程是因为他们改变了时区而开始的。或者也许他们必须更换损坏的硬盘或 CPU 之类的东西,这会引发系统克隆机制。或者,也许 Microsoft 更改了 Windows 的默认安全设置,导致 Windows 在您的应用程序使用时弹出一堆 UAC 警告,因为它对您用来尝试隐藏存储许可数据的文件的某些技巧不友好。在工作中,我们使用商业解决方案,并且我们发现它们的保护机制可能会由于软件中的错误而发生故障,从而导致许可证数据损坏,从而将用户锁定在程序之外。由于他们的系统存储该数据的方式,这是一种无法恢复的情况 - 客户实际上必须在不再在该计算机上使用该软件和擦除硬盘驱动器之间做出选择。是的,这种情况已经发生过多次了。是的,我们因此损失了很多潜在收入。是的,一想到它造成的损害我就感到恶心,因为我们主要依赖口碑,而它产生了很多不好的口碑。长话短说,早年对海盗的天真偏执可能让我在加勒比海度过了很多次航行假期。
最糟糕的是,这只是合法用户的问题。如果万不得已的话,破解者可以借助调试器和反编译器轻松地(非常容易地)绕过它。如果该软件位于最终用户拥有的设备上,您可能会开始认为您的软件已经被破解了。正是这样,围绕着人们破解他们合法拥有的软件的想法而建立了一个家庭手工业,只是为了避免软件保护机制的烦恼。他们会给你钱,但他们仍然会破解软件,因为你的复制保护就是那么令人恼火,而且很容易规避。另一种选择 - 这就是我所走的路线 - 就是去购买不那么烦人的不同软件,或者使用免费软件。
因此,请遵循最低限度 - 注意时钟并暂停演示,因为您确实需要提醒用户向您发送支票。但不要以让他们决定不想给你支票的方式去做。如果您的目标是转化销售,请将此视为最优雅、最具成本效益且最高效的系统,可防止用户通过破坏系统时钟来违反演示期:使用具有以下功能的计算机确实非常令人恼火:时钟设置为错误的日期。这仅适用于家庭用户。对于(合法的)企业来说,这甚至不是一个可行的选择。任何不被这一点吓倒的人都可能是一个脚本小子,他们从一开始就没有真正有能力为你的软件付费。
I've discovered over the course of several years of trying out varying licensing systems that there's a strong inverse correlation between security, and alienation of your potential customers.
There are essentially two kinds of piracy you need to worry about. One is casual piracy - users using the software without paying simply because they haven't really thought to pay. The other is deliberate piracy - people who are determined not to pay, and are willing to put real effort into not doing so.
Casual piracy can be handled with what essentially comes down to gentle reminders - activation keys, time limits, etc. Deliberate piracy, on the other hand, essentially can't be prevented. As Sony, Apple, Microsoft, Nintendo, and a number of other companies will tell you, even when you have the benefit of control of the hardware as well as the software, your protection scheme will be broken. And the person breaking it is as likely to be doing it for the sake of a fun challenge as for the desire to get free software. So for a certain demographic, making the protection stronger doesn't discourage them, it does quite the opposite.
Meanwhile all the stuff you do to try and achieve strong protection is driving legitimate users up the wall. Maybe the trip for detecting gerrymandering with the system clock got set off because they changed time zones. Or maybe they had to replace a bad hard drive or CPU or something, and that set off the system cloning mechanism. Or maybe Microsoft changes Windows's default security settings in a way that causes Windows to pop a mess of UAC warnings while your app's in use thanks to it not being friendly to some trick you used to try and hide the file that stores the licensing data. At work we use a commercial solution, and we've discovered that their protection mechanism can trip in ways that, thanks to a bug in the software, can cause the license data to be corrupted, thus locking the user out of the program. Because of the way their system stores that data, its an unrecoverable situation - the customer literally has to choose between not using that software on that computer ever again, and wiping the hard drive. Yes, it's happened multiple times. Yes, we've lost a lot of potential revenue over it. Yes, I get queasy to think of the damage it's caused because we rely primarily on word of mouth and it's generated a whole lot of bad word of mouth. Long story short, the naive paranoia about piracy of earlier years has probably cost me quite a number of sailing vacations in the Caribbean.
And the worst of it is, it's only a problem for legitimate users. Crackers can easily - painfully easily - get around it with the aid of - if it comes to last resorts - a debugger and decompiler. If the software is on a device in the possession of the end user, you might as well start thinking as if your software's already been cracked. It's to the point that there's a cottage industry that has built up around the idea of people cracking software they legitimately own, just to avoid the annoyance of the software protection mechanisms. They'll give you the money, but they'll still crack the software because your copy protection is just that irritating, and just that easy to circumvent. The alternative - and this is the route I've gone - is to just go buy different software that's less annoying, or use free software instead.
So go with the minimum - watch the clock and time out the demo, because you do need to remind your users to send you a check. But don't do it in a way that makes them decide they don't want to give you a check. If your goal is to convert sales, consider this as the most elegant, cost-effective, and efficient system for keeping users from violating your demo period by mucking with the system clock: It's really, really irritating to work with a computer that's got the clock set to the wrong date. And that's just for home users. For (legitimate) businesses, it's not even a feasible option. And anyone who isn't deterred by that is probably a script kiddie who never really had the means to pay for your software in the first place.
为此,请使用 http://xheo.com/ 产品。他们提供了一个非常擅长保护代码的代码混淆器,以及一个可以完成您所能想象的一切的许可平台。他们提供了一个可以编译到您的代码中的版本。
加密 - http://xheo.com/products/code-protection
许可证 - http://xheo.com/products/copy-protection
Use http://xheo.com/ products for this. They offer a code obfiscator that is great at protecting code, and a licensing platform that can do everything you would ever imagine. they offer a version that can be compiled into your code.
Encrypt - http://xheo.com/products/code-protection
License - http://xheo.com/products/copy-protection
为什么不直接使用互联网来源的时间,例如 www.time.gov?您可以折叠 C++ Qt 应用程序并使用他们的 QtWebKit 库, http://doc.qt .nokia.com/4.7/qtwebkit.html,下载时间。 (事实上我从来没有做过这样的事情,但是看看文档,它看起来很有希望。)程序第一次运行时,您创建一个带有时间戳的小文件,或者,为了更加安全,将时间戳写入program-essential dll 并重新编译它。每次运行程序时都会检查这一点。如果他们没有连接到互联网,你会警告他们几次,但最终会中止加载。
我认为许多软件包都使用了另一种变体,即您将用户开始使用您的软件的日期存储在您的服务器上。使用特定于用户的代码为每个用户重新编译程序(您可以编写脚本),并且程序每次加载时都会根据服务器上存储的日期进行自我检查。
Why not just use the time from an internet source, like www.time.gov? You could fold in a C++ Qt app and use their QtWebKit library, http://doc.qt.nokia.com/4.7/qtwebkit.html, to download the time. (I've never in fact done anything like this, but looking at the documentation it looks promising.) The first time the program runs, you create a little file with a timestamp, or, for even more security, write the timestamp into a program-essential dll and recompile it. This gets checked every time the program is run. If you they're not connected to the internet you warn them a few times but eventually abort the load.
Another variation on this, used by a lot of software packages I think, is that you store the date the user starts using your software on your server. Recompile the program for each user (you might be able to script this) with a user-specific code, and the program checks itself against the date stored on the server every time it is loaded.
如何以不可恢复的方式存储它?注册表项和文件可以被删除。备用数据流不会复制到 zip 文件中,因此,如果您知道包含 ADS 的文件,其中包含软件的安装数据(用于引用当前时间来计算自安装以来的天数),您可以可以将其压缩为 zip 文件,然后再次解压,然后再见安装日期参考。将其作为原始数据存储在硬盘驱动器上(在文件分配表中不作为文件引用),并且当文件保存到硬盘驱动器上的该位置时,它将被覆盖。
因此,我确实看不到一种方法可以使删除复制保护的试用安装日期变得不可能。这是不可能的。
How can it be stored in a way as to be unrecoverable? Registry entries and files can be deleted. Alternate data streams don't get coppied into a zip file, so if you know the file that contains the ADS that contains the install data of the software (which is being used to reference the the current time to calculate days since install), you can just compress it in a zip file then extract it again and byebye to the install date reference. Store it as raw data on the harddrive (not referenced in the File Allocation Table as a file) and it will be overwritten when a file is saved to that location on the harddrive.
So I literally can't see a way to make an impossible to remove trial install date for copyprotection. It just can't be done.
也许更好的主意是免费赠送一个只有最少功能的较小应用程序。然后,客户为额外的功能或附加组件付费。
在我的申请中,人们建议我提供更多收费数据。该应用程序将是免费的,数据量最少。另一个想法是采用订阅费的方式来获得高级数据访问。
Perhaps a better idea is to give away, for free, a smaller application that has only minimal features. Customers then pay for extra features or add-ons.
In my application, people have suggest that I offer more data for a fee. The application would be free with minimal data. Another idea is to go the subscription fee route for the advanced data access.