Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C++ > Re: Trying to build a copy protection system

Reply
Thread Tools

Re: Trying to build a copy protection system

 
 
Lynn McGuire
Guest
Posts: n/a
 
      08-09-2012
On 8/8/2012 3:10 PM, jeff wrote:
> I am trying to build a copy protection system where the user authenticates to my server and the server sends a decryption key. Then
> without writing the key to the hard drive I want to load an encrypted executable in memory, decrypt it, leaving the decrypted form in
> memory and run the executable from there.
>
> I cannot have the decrypted executable or the key ever written to the hard drive because it is too easy for someone to get it from
> there. I have the encryption and decryption working, I still need to get the authentication system working which will probably be
> RADIUS since I do not know anything else that would work because the authentication is not custom built so I have either HTTP
> authentication or RADIUS authentication. The RADIUS should be easy to setup I found several libraries that have that I just have not
> gotten them to authenticate properly yet. The biggest thing is being able to run the executable from memory.
>
> Does anyone have any idea what to do for this? Any code examples to get me started?


No but I would advise using zlib ( http://zlib.net/ ),
a cross platform compression / decompression open
source utility for your encryption / decryption.

I have built a DRM system for our software package
and it has been cracked many times in the last
couple of decades. We use a digital signature
(sometimes the hard drive signature:
http://www.winsim.com/diskid32/diskid32.html )
and password system.

The problem is that locks are to tell honest
people where the limits are. If everyone was
honest then we software developers could use a
very simplistic serial number or password system.
Unfortunately, we have to design our software
distribution systems to limit the amount of
damage that the dishonest people can do. Just
cracking your software is bad enough, there are
actually people who will repackage software with
viruses inside it (been there, done that).

Lynn

 
Reply With Quote
 
 
 
 
none
Guest
Posts: n/a
 
      08-13-2012
In article <k00pkp$liv$(E-Mail Removed)>, Lynn McGuire <(E-Mail Removed)> wrote:
>On 8/8/2012 3:10 PM, jeff wrote:
>> I am trying to build a copy protection system where the user authenticates to my server and the server sends a

>decryption key. Then
>> without writing the key to the hard drive I want to load an encrypted executable in memory, decrypt it, leaving

>the decrypted form in
>> memory and run the executable from there.
>>
>> I cannot have the decrypted executable or the key ever written to the hard drive because it is too easy for

>someone to get it from
>> there. I have the encryption and decryption working, I still need to get the authentication system working

>which will probably be
>> RADIUS since I do not know anything else that would work because the authentication is not custom built so I

>have either HTTP
>> authentication or RADIUS authentication. The RADIUS should be easy to setup I found several libraries that have

>that I just have not
>> gotten them to authenticate properly yet. The biggest thing is being able to run the executable from memory.
>>
>> Does anyone have any idea what to do for this? Any code examples to get me started?

>
>No but I would advise using zlib ( http://zlib.net/ ),
>a cross platform compression / decompression open
>source utility for your encryption / decryption.
>
>I have built a DRM system for our software package
>and it has been cracked many times in the last
>couple of decades. We use a digital signature
>(sometimes the hard drive signature:
> http://www.winsim.com/diskid32/diskid32.html )
>and password system.
>
>The problem is that locks are to tell honest
>people where the limits are. If everyone was
>honest then we software developers could use a
>very simplistic serial number or password system.
>Unfortunately, we have to design our software
>distribution systems to limit the amount of
>damage that the dishonest people can do. Just
>cracking your software is bad enough, there are
>actually people who will repackage software with
>viruses inside it (been there, done that).


Disclaimer: I think the question is not really C++ related but...

There seems to be a witch hunt by DRM haters agaisnt the OP. From the
perspective of software DRM, I'd tend to agree that this is most
likely a lost battle and managing licensing through value added
service and legal (courts) means may be the better way to go.

However, there exists a space where DRM is almost essential. A
company like Netflix can't simply rely value-added customer service,
etc. It has to protect the content and make it as hard as possible to
access content without a subscription. This is most likely going to
be a constant battle where crackers will find a way in the current
system and the distributor will need to update their protection and
distribute a new client but as things currently stand, they simply
can't stream in a DRM-free format.

So I think the the OP question has some value even if it is not quite
in the original context.

Yan



 
Reply With Quote
 
 
 
 
Lynn McGuire
Guest
Posts: n/a
 
      08-21-2012
On 8/16/2012 3:37 PM, jeff wrote:
> On 08/14/2012 01:55 AM, David Brown wrote:
>> On 13/08/2012 18:47, none Yannick Tremblay wrote:
>>
>>> Disclaimer: I think the question is not really C++ related but...
>>>
>>> There seems to be a witch hunt by DRM haters agaisnt the OP. From the
>>> perspective of software DRM, I'd tend to agree that this is most
>>> likely a lost battle and managing licensing through value added
>>> service and legal (courts) means may be the better way to go.

>>
>> Let's be clear on this - there is /no/ witch hunt against the OP. There
>> is a general opinion that the encryption system proposed by the OP is a
>> bad idea - it will complicate matters and inconvenience people (such as
>> legitimate customers and not least, the OP himself), and provide no
>> protection. But people here are trying to help the OP by giving useful
>> advice - there is no witch hunt.
>>

> There sure seems to be a witch hunt since I have investigated everything that has been mentioned before anyone mentioned it here and
> I have said that many times. Also I have said specifically several times that I am working hard to make sure that it is not an
> inconvenience to the legitimate users, but no one seems to pay any attention to that part.
>>>
>>> However, there exists a space where DRM is almost essential. A
>>> company like Netflix can't simply rely value-added customer service,
>>> etc. It has to protect the content and make it as hard as possible to
>>> access content without a subscription. This is most likely going to
>>> be a constant battle where crackers will find a way in the current
>>> system and the distributor will need to update their protection and
>>> distribute a new client but as things currently stand, they simply
>>> can't stream in a DRM-free format.
>>>
>>> So I think the the OP question has some value even if it is not quite
>>> in the original context.
>>>

>>
>> The concept of DRM (taken to mean an encryption system that is decoded
>> at the end point) itself is ultimately broken - the user or customer has
>> the keys and the decoded result, even if it is a little difficult to
>> copy them. Time and again, DRM "protection" has been shown to be no help
>> at all against more serious copyright abuse - and it has inconvenienced
>> and limited users from using their legally obtained software or media in
>> the way they want.
>>
>> There are other ways to deal with the distribution of media. Many music
>> services now deliver files that are DRM-free, and seem to manage fine.
>> And an obvious way to protect video content is through watermarking. If
>> the film you download from Netflix starts with a warning message telling
>> you this copy is licensed to you, with your name and customer number,
>> warns that it is watermarked and traceable if it is shared "into the
>> wild", then customers will not spread the files. It is simple,
>> unobtrusive, and reliable - everyone should be happy.
>>
>>

>
> The key to this system is to give me a chance to monitor usage and to give me a change to see at least some unlicensed usage of the
> software. I would also like to point out that music services that sell DRM free music are limited because many recording companies
> will not let them sell the music without DRM and Netflix, Hulu and Amazon have the same problem they cannot show DRM free content
> because the companies that they license the content from would all leave, it has nothing to do with companies like Netflix deciding
> that they need to protect the content, but they would probably still put DRM on the content if they were not required to.
>
> In any case this protection that I am trying to implement has almost as much to do with getting information as it does with
> protecting the software.


Hi Jeff, If you want, I can tell you how to easily
build a phone home system for your software using
a website. It will not work through a firewall
that captures http though.

Lynn

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Trying to build a copy protection system goran.pusic@gmail.com C++ 1 09-18-2012 01:59 AM
Re: Trying to build a copy protection system Nobody C++ 11 09-15-2012 05:57 AM
Re: Trying to build a copy protection system Andrew Cooper C++ 7 09-15-2012 05:26 AM
Re: Trying to build a copy protection system Öö Tiib C++ 1 08-23-2012 12:19 AM
Re: Trying to build a copy protection system boltar2003@boltar.world C++ 0 08-09-2012 03:23 PM



Advertisments