Copy Protecting Your Software, Part 1
Introduction
So you’ve written the next great killer app. It’s going to be huge. iFart huge. But this is a .NET desktop client or PHP server product. You don’t have the advantage of a locked platform like the iPhone. You need to implement your own copy protection.
This is written with the assumption that any copy protection can be cracked eventually. Hackers have been cracked the copy protection for computer games for years. You can’t prevent your software from being copied if somebody really, really wants to. However, for our purposes, it’s probably much less likely for a cracker to spend large amounts of time trying to crack a niche business application.
Copy Protection != Licensing
Licensing is defining how you want to license your software. Copy protection is implementing controls or DRM to enforce that license. Sometimes you purchase a license for a program. Sometimes you purchase a license for a feature of a program. I’m not sure how many versions of Windows 7 there are, but when you purchase a license for Windows 7 Starter, you’re not going to be able to run Windows 7 Ultimate until you give Microsoft some more money.
When you purchase a license for a desktop application, you’re usually purchasing a license to use all the features of that application. If the vendor wants to license desktop apps on a per feature basis, or have some other way to up sell the customer, they will usually provide different versions of the application and charge accordingly.
Server applications sometimes license on a per connection or even per CPU basis. You have a license for n number of database connections, and if you go over that, any more connections to the database will be refused.
Copy Protection Mechanisms
Floating licenses are a pool of licenses that live on a license server somewhere. When a new instance of a program is started, it talks to the license server and tries to allocate a license from the pool. If all the licenses are taken, you’ll have to wait. The advantage is the licenses are not locked to a particular computer, as they are with node locked licensing.
Node locked licenses are usually locked to the MAC address of the network adapter where the software is being run. When the software is installed, you either send the MAC address and get a license key in return, or the software itself sends the MAC address to a server over the internet, which responds with a license key.
Obfuscation
Nowadays, much of the software out being sold is at a higher level than native code. PHP code is text. You can open it in Notepad and mess with it. .NET executables are byte code. You can download .NET Reflector and disassemble it.
If you integrate or write your own copy protection in one of these interpreted languages, it will be trivial for somebody to circumvent your protection mechanism. Obfuscators encrypt your source code or byte code in a way that prevents attackers from looking at it. Like anything else, it can probably be cracked if somebody really wants to, but it will prevent the majority of people from trying.
Newer obfuscation products are implementing copy protection. We’ll read more about this later.