How to secure application to prevent distribution to others?

[alex298]

Hello,

I wish to distribute a standalone application to some users. I don't wish them to distribute to other people.

How can I "lock" or "secure" the standalone application so that other people cannot use it except the distributed users? I don't mind to make the standalone application one by one if this is required as there are not too many users.

P.S. I can save some files to a hosting account if required.

Thanks and best regards

[Janschenkel]

Copy protection is difficult to implement, and there will nearly always be an inventive user that figures out a workaround. It's up to you to weigh the consequences of some wild copies floating around versus the impact of draconian measures on legitimate customers.
There's no easy solution, but you could setup some sort of 'phone home' function where you send some unique data to the server (such as the computer's name, MAC-address, etc.) along with a serial number, and compare that to what you have in a database on your server. If something doesn't match, you return an error string from the server to your application, and in your application, you check the return value to see if it was okay.
You should probably do that just once, upon first run of the application; and store the unique data in a preferences file somewhere other than the standalone directory (the user's home directory is a good choice). That way, if the executable is copied to another computer, the preferences file is missing, and you can regard it as a first run, and do the phone home procedure.

HTH,

Jan Schenkel.

[Mark]

Hi Alex,

There are many ways to do this. There is no fail-safe method.

You could use a dongle. You can register the IP address (if not dynamic), MAC address or another computer characteristic (if available). You can tie usage of the application to an on-line account with personal, sensitive information and require the user to enter a password when using the software. You could put someone's name and address in the About box.

Usually, registration systems are built in such a way as to leave the software itself untouched and to store the license information in a file elsewhere on the machine. If you do this in a clever way, the user may not even be able to find the license file and if the user copies the software to a different computer, it will appear unregistered. You can add tricks, such as a script on a server, which checks whether a license code has been used already.

The choice of the software protection mechanism depends on your investment, on the type of software, the type of users, and on how much money or time you want to invest in protecting your software. If you can say anything about the type of protection you need, we might discuss that in more detail.

Best,

Mark

[MikeinHawaii]

In the Rev store they sell a product called Zygodact. It lets you put password protection on your Rev based standalones. Here is the link for ithttp://www.runrev.com/products/related- ... /zygodact/
I think it is exactly what you are looking for.

[Janschenkel]

I was going to suggest Zygodact, but that only helps with the registration of a program on a local computer. It checks the name and serial number, but it won't be of help in preventing multiple copies on different computers.

Jan Schenkel.

[AndyP]

Hi Alex,

One method I have used in the past is to require an online registration which ties the install to the hard drives serial number.


1. You ask for an email address in a registration window (this becomes the username)
2. Get the hard drive serial number use shell("vol c:") encypt and put into the serial field of the registration window.
3. Write these details to local disc (A) and to an online database (B). Encrypt as required.

Now when the application starts it loads the local file (A) and compares to the online info (B).
If the compare is true then the application runs.
If the compare is false then the registration window is displayed.

Important

To help keep your customers happy provide a lost registration retrieval link to the registration window.

1. Ask for the email address used in the original registation.
2. Check this against the online database and if it exists email out the registration serial.

You also need a mechanism to cope with re-licencing if your customer needs to move the application to another computer.

As an online database is used it's not that difficult to add the facility for one customer to use the application on more than one computer by using the same email address for all installations. This allows you to offer multi licencing pricing.

Hope this gives you some ideas.

P.S.

I'm in the process of writing a plugin to automate this. This will include the plugin, php scripts etc to allow you to set up the online elements. I'm also looking into having a hosted version of the system if you do not want to set up the online side yourself.
It's early days for the project but progressing well.

[interactbooks]

Andy,

Did you ever write your plug-in? I was also curious if you knew how to obtain the serial number of the hard drive on a Mac?

Thanks in advance,

Ezra

[Klaus]

Hi ezra,

I do not know a way to get the Mac hd serial number like you can do on Windows!
But this web page may help: http://www.sonsothunder.com/devres/live ... env001.htm

And please check the other great infos on that website, too!


Best

Klaus

[interactbooks]

Klaus,

Thank you so much for pointing me to the website, that is exactly what I needed (just a unique way of identifying a system), and that really is a great website!

Ezra

[kotikoti]

You could supply your application using a USB drive and have the static serial number of the USB drive associated with the copy of the application.
This will mean, you will need to have the USB attached, and the application will check if it is and what serial number. Note with this method, you will need atleast, an aspect of your app to be loaded from the USB i.e. the application itself so as to get the originating drive letter incase several USB items are attached to the machine.

[wsamples]

Just a heads up...

The GetMACAddress function at Sons of Thunder, mentioned above, needs a little modification to work properly (in some cases) in Linux.

The line "get matchText(temp,"HWaddr[* ]([0-9A-Z:]*)",retVal)" is case sensitive and fails for me in Linux MInt 9 and 10. Strangely, it fails with a different result in each, and I don't know if this is related to the fact that my LM 9 is 32 bit and LM 10 is 64 bit or if it's due to some other factor. At any rate, changing that line to "get matchText(temp,"HWaddr[* ]([0-9a-zA-Z:]*)",retVal)" gets it working (for me) in both versions.

-- EDIT --

Ken has altered the script so it's no longer case sensitive, and should require no tweaking

[Mag]

Hi all, just a line to ask if there was news about this 2011 topic. Some of you would like to share their experience implementing a particular system (e.g. Zigodact or Aquaticprime)?

[islandeR]

We have developed a system analogous to the one Andy describes.
We will be selling it for 499 euro.

[richmond62]

All this is extremely relevant to a situation I find myself in right now.

[YogiYang]

For protection of your application try out TMS (http://www.trackmysoftware.com/)

They also have free version which you can use indefinitely without spending a dim!

I have used this in my application built in Delphi and WinDev.

Check it out for yourself.

Regards,