Think of all the software houses out there trying to protect software and failing. Companies like Steinberg who have implemented complex dongle based authentication processes, with part of the software held physically on an external device!
Still these are cracked.
If a serious cracker want's to break your program, it's going to happen. They're just use a debugger to skip over the entire if branch so that the check and result doesn't even happen, your program will just continue running.
If it really was as simple as that to protect a program, don't you think they'd be a lot less software piracy!
There is no absolute way to prevent your code being hacked: Go to any warez site and look at the software available. Microsoft, Photoshop, all the big names are there - and the more expensive it is the more likely it is to be hacked.
The best ways to do it are expensive to implement, and annoying to the user - because they generally fail after the user has done something that they did not realize would cause your program to fail.
You can easily spend a lot more on developing protection for your software than you will save in lost revenue: ask yourself "how many copies of this will I sell?" "How much will I lose to piracy" and then work out how much effort you have to spend before it becomes uneconomic. Think about it: why do you think MS has a installation key and an occasional online check, but otherwise doesn't particularly bother about securing the software itself?
You know, for small software companies or single programmers the logic behind the software protection nowadays is quite simple:
- you either give it away for free, with an option to ask for donation;
- or you create some sort of protection/registration procedure.
Think of it this way, good people who want your program are probably also would pay for it, but may be will not do it if you ask for donation, because they can simply forget about donation fee, or (as in many cases) they don't have a way to pay via credit card in Internet. In many countries around the world, including such behemoths as China or Russia, it is still very difficult to do. Your program must be a very-very attractive and popular one to rely on donation. Something like a good media player (kind of Winamp), or a powerful image editor (like Paint.Net). Otherwise you can create some sort of protection thinking that people who need your program rather will pay a reasonable money than would search for warez version. Others will never pay, so forget about them. Thus, your protection scheme must correspond to estimated price of your software and time spent on developing. Do some research first, implement your protection, make it easy enough for a customer. And if you find your program on warez sites among many other famous programs, consider it as some kind of recognition.
The best protection that i know about is done by Microsoft for Visual Studio. They finally recognize that companies will always pay (well, almost always) for legitimate copies and support. And for others there are very good light versions of Express edition.
Updated 18-Aug-11 2:06am
v2
Many great suggestions here.
I do note a glaring omission of any mention of an EXE-encryptor. First you put your own security checks in the program, and compile it. Next you encrypt it with an exe packer/crypter.
The best types actually create virtual machines that they use to execute a 'translated' version of your exe file. These virtual machines are truly horrid things to debug. Often hooking all kinds of function calls to make your life as a debugger harder. VirtualProtect or VMProtect comes to mind, as does ASProtect and Armadillo.
As it stands, I'd be hopelessly depressed if I couldn't bust wide open your protection scheme in less than the time it took me to finish a cup of coffee. I'd be suicidal should it take me an hour!!
Also, a point worthy of mention is that you may find you're pushing up a hill to use the CPU serial number as an identification method. My understanding is that this is NOT implemented as intended when the feature was devised. Different manufacturers handle the functionality differently. (I believe AMD does not store a unique number) Try CPUID on wikipedia for more info.
Furthermore, the user needs to enable this feature in the BIOS. I understand that you may be in a position to dictate hardware and BIOS settings. Though if this wasn't understood you may get quite a rude shock.
Have a look at tuts4you.com, there's a series of 40+ cracking tutes. They make for good education when it comes time to keep your investment safe. Many techniques of obfuscation and making life hell for the pirate are shown - albeit from the perspective of the hacker.
Also, take a look at IDAPro debugger - this can re-assign MFC function names to dissassembled code. I mention all of these techniques as a way of impressing upon you just how large a task it is to effectively protect software. OriginalGriff has provided some wise information with regards to calculating an effective trade-off point
As a user I will never accept software that -once I payed to use- doesn't allow ME to change MY cpu, MY network card, MY bios settings, everything I already payed to get use be ME the way I want.
May be this look a bit egocentric, but I'm a stronger believer in the sentence of the US court against Sony: "It is your software, but that's not your computer".
Nerveless there are countries in the world whose legal system explicitly prohibit any intrusive mechanism of software protection, and explicitly allow the user to run all the copies he wants on the machines he owns. Such laws (I' referring in particular about the European directive about software copyrights) explicitly say that whatever software license denying those rights have to be considered illegal and hence without any value. A user in those countries can legitimately take you into a court to ask to disable such a protection if it make him unable to change its own machine.
Moral of the story: If you want to make money with software forget to make them by "selling copy" (copy is a basic operation that makes every machine working, you cannot pretend an exclusive): sell "support" instead, granting evolution and bug fixing only to who subscribed a license.
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)
Submit an article or tip