CryptoLicensing Tips and Tricks To Eliminate Piracy And Cracking Of Your Software

Posted by: G. Himangi , on 12/1/2010, in Category Product Articles
Views: 59297
Abstract: This article shows how to use CryptoLicensing - a licensing and copy-protection system form LogicNP Software - to implement effective defenses against hackers and crackers and to reduce software piracy.

This article has been written by LogicNP Software and provides useful information about the CryptoLicensing Product

CryptoLicensing - a popular licensing and copy-protection scheme from LogicNP Software - uses the latest military strength, state-of-the-art cryptographic technology to generate secure and unbreakable license codes to ensure that your software and intellectual property is protected. Cryptographic licenses are unbreakable even when using brute force computing power. Furthermore, since the licenses can only be generated using the private key (which only you possess), this means that it is impossible for a hacker to develop a 'keygen' (key generator) for your software.

On top of this cryptographic validation, CryptoLicensing provides various locks and limits like machine-locking, activated licenses, trial licenses, floating licenses, leased licenses, domain-locked licenses, beta licenses, licenses with user-data, licenses with flags/features and more.

mainshotlarge 

These settings and limits along with the cryptographic validation form an excellent first line of defense. It is upto you to provide the next line of defense. The following are some useful tips and guidelines for designing effective licenses using CryptoLicensing and writing effective license validation code using the CryptoLicensing validation API. The philosophy is simple: to make it as difficult as possible for the hacker to 'crack' your software and cause the hacker to lose interest in your software or not make it worthwhile for him/her.

Check license repeatedly

Instead of checking the license at software startup only, check the license at multiple points of time during your software execution and from multiple places in your code. Do not use a single license validation routine in your software. Check for a license from different places in your software, but don't call a single license validation routine to do this. This ensures that a hacker cannot bypass your licensing scheme by simply hacking a single piece of code in your software and forces the hacker to locate every piece of license validation code in your program.

Use multiple licensing checking layers

In addition to the normal license validation done every time your software is executed, add another layer which checks for a license when a certain random criteria is met. For example, you can check for a license on the 2nd Monday of each month, or every 63 days, or on the February 29th of a leap year. If a hacker bypasses the normal license checking code, the additional 'guerilla' layer is still present which will check for a license and cause the check to fail.

Use encrypted dlls

Move some important part of your software in a dll and encrypt the dll using a key. When generating licenses using CryptoLicensing, embed this key in your license codes (use the custom user-data feature of CryptoLicensing for this) and decrypt the dll using this key before loading it. This ensures that even if a hacker bypasses licensing checking code, your software will not function correctly since it will not be able to load the encrypted dll file.

Check for the hash of your exe/dll to detect tampering

You can include the hash/checksum of your exe/dll in your license codes generated using CryptoLicensing (use the custom user-data feature of CryptoLicensing for this). When your exe/dll is loaded, you can recalculate the hash of the exe/dll, and compare it with that included in the license code. If different, this means that your exe has been tampered or modified. Similar to license checking, perform this check at multiple points of time and place in your software.

Do not display failures immediately

If a license check fails, note this, but do not immediately display to the user that the check has failed. Instead wait for some other part of your software to run and notify the user there. This makes it more difficult for the hacker to locate and bypass your license checking.

Don't use explicit error messages

When notifying the user of a failed license check, don't use explicit and obvious messages such as 'License not valid'. Instead, display a generic failure message and ask the user to contact your support department. He may not know that the cause of the error is a failed license check, and when contacted, you may try to make a sale and convert the illegal user into a licensed user or even catch a hacker if he contacts you.

Crash or fail or output incorrect results when license check fails

In combination with above two, when a license check fails or when you determine that your software has been hacked or your license scheme has been compromised, note this and when your software perform some processing at a later point of time, you can crash your software or output incorrect results. Sometimes, a hacker may also lose interest in your 'buggy' program which does not even display informative error messages!

Embed user information in generated licenses

When generating licenses, embed some data about the user in the license such as the user's name, email or company name (use the custom user-data feature of CryptoLicensing for this). Display this information prominently at multiple places in your software. This is a very effective way to discourage the user from sharing his/her license code with others.

Conclusion

Using the above tricks, tips and techniques along with a secure cryptographic licensing and copy-protection system like CryptoLicensing can thwart the efforts of the best of hackers and crackers and provide very good defenses against piracy of software.

Product Info & Fully Functional Trial Download: CryptoLicensing Website 

Developer: LogicNP Software

Give a +1 to this article if you think it was well written. Thanks!
Recommended Articles


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by Eduardo on Wednesday, December 1, 2010 7:59 AM
These tips are good but if by using these tips s/w could not be broken why do s/w still get cracked?
Comment posted by Nicolas on Friday, December 3, 2010 3:32 AM
"In combination with above two, when a license check fails or when you determine that your software has been hacked or your license scheme has been compromised, note this and when your software perform some processing at a later point of time, you can crash your software or output incorrect results. Sometimes, a hacker may also lose interest in your 'buggy' program which does not even display informative error messages! "

I would not try to make my program buggy even to a non licenced user. Even if the guy didn't pay for the product, if he like it, it will spread the word. And if he dislike it, even more. You don't want false bugs to destroy your reputation.
Comment posted by Nicolas on Friday, December 3, 2010 3:38 AM
@Eduardo

Because by definition security on client side doesn't work. Let say the hacker paid the full licence.

Then he has a fully decrypted version of the program in memory. All he has to do is to save the decrypted version of the program and remove the parts of the code that check the licence.

When doing security on client side, you can just make the work of the hacker harder and discourage the average guy, so fewer guys will use an unlicenced version. If you need high security, you need to take care of security on server side.
Comment posted by Aaron Brase on Monday, December 6, 2010 10:28 AM
"I would not try to make my program buggy even to a non licenced user"

Although I want to agree with Nicolas here I must say output incorrect results or crash your s/w is an interesting way to annoy a hacker.
Comment posted by joyl on Wednesday, March 23, 2011 10:10 PM
laiba@gmx.com

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel