My Copy Protection concept

Chrysalid

Chrysalid

Newbie
Joined
Jun 13, 2004
Messages
160
Reaction score
0
This might sound stupid at first, but I hope you get my point.

I've been looking on several methods of how to implement an effective and half-standalone ( requires Internet usage on first time but not after that ) copy protection. My idea is as follows.

As some of you may know, modern hard drive serial numbers are very unique. They are also, to my knowledge, so hardcoded into the firmware that they cannot be changed without screwing up the drive's control software. My idea would be that the user wanting to buy my product is first required to download an executable ( shipped with usage agreement, stating that the tool sends required authentication information to me, the user has to accept that or not to use my software ). This program would extract the user's hard drives' serial numbers, then email them to me for processing. Then, I could build a special version for each registered user. My product's code would then include the crypted serial number, which it would decrypt during installation and execution, comparing the hardcoded serial into the one with the user's hdd.

What do you think? Is this sensible at all or worth trying?
 
I'm not sure what you're trying to copy-protect, but it sounds crazy enough to work. From what I've seen, though, most copy protection generates a complicated key based on a user's name and details.

-Angry Lawyer
 
Angry Lawyer said:
From what I've seen, though, most copy protection generates a complicated key based on a user's name and details.
Click to expand...
Only problems is that the program also contains the instructions on making sure that its a valid key. So it still makes it possible to learn the rules and make a key on your own.
How? I have know idea, I leave that to people smarter than me.
 
It's probably only worth it if a large amount of people are actually going to be interested in your program. You won't find anyone sharing it over bittorrent if it's a program that hardly anyone uses, but things like Photoshop are different.

Honestly, if I knew I had to use some HD auth tool to use a piece of software, I wouldn't buy it.
 
Essentially, this is dongle-protection, except using your hard drive as a dongle. A very limited dongle at that, since the hard drive only provides a single constant number while a proper dongle can have complex behavior or actually store a vital part of your program. (A dongle is a hardware device that ships with the software and is required to be attached for the product to work. In the old days, often on the parallel port, now usually USB.)

It takes some doing to make this hard to crack, since you're likely to have something like this in machine code (perhaps cleverly hidden):

1) compare this machine's number with the one it's supposed to be
2) if they're the same, go somewhere and run the program
3) otherwise, complain about legitamacy and exit the program
(in the code, this may be convuluted and obfuscated but it's still there)

The only change that needs to be done is change the comparison in step 2 to jump if the numbers are different. Voila, program cracked. It'll work on any machine that DOESN'T have that hard drive.

A lazy cracker could also just write a really really simple device driver that does nothing but pretend to be a hard drive with the proper serial number. He then distributes the software he "cracked" and the driver that his software works for. While easier for the cracker and foolproof, this method is less convienient for illegimitate users of the cracker's distribution.

Also, imagine this scheme catches on an several products on your machine use it. You have a hard drive crash and need to reinstall on a new drive. You have to install your drive and get brand new copies from the manufacturer, since your old installation CDs don't work anymore (or you redownload everything). Serious pain in the behind.

Your scheme is not worth implementing because it is inferior to the already existing and more easily accomplished technique of shipping the software with a dongle (which is still crackable itself).
 
Thank you for commenting. Afterall, it seems that ALL copy protections can be cracked, it's just a matter of how much time you want to spend on it. Still, if I use this on limited scale it will work against those who don't know how to crack and reverse engineer / debug things.
 
You could go retro and make one of those code-wheel things. Man, Zool, for the Amiga, had one of those. Awesome stuff.

-Angry Lawyer
 
already done, except it stores the registration key/value pair on a hidden sector of the hard drive.

CrypKey
 
Honestly, if I knew I had to use some HD auth tool to use a piece of software, I wouldn't buy it
Click to expand...
.

coz then you couldnt pirate it and sell it at blackbushe market.
 
Wouldnt take long for a HDD emulator to pop up that hooks whatever you're using to scan the drive and feeds it different numbers.
 
but isnt the point of the software so that when you buy it it takes the number and so chrysalid knows if someone gets it illegaly. but anyway what software would you use it for thats worth all the trouble that people would want to download from a p2p software or bittorent or whateva.
 
copy protection doesnt impact pirates anyway- its like this:

Copy protection is a burden and hassle on the legitmate user (think invasive starforce drivers that dont work, FADE systems that mistakenly activate and wreck your game, Securom games that dont install because of your CD drivers being "suspicious", copyprotection that does not completely uninstall with protected software- theres a lot!... etc etc)

Copy protection is removed by the crackers (doesnt take long, nothings foolproof. The rule of "build a smarter mousetrap & you get a smarter mouse" applies.)

Copy protection is never seen by the pirates (its already gone once its downloaded or theres a simple crack available. The very people who are meant to be thwarted never meet their foe)

Call me cynical, but thats how it usually goes down.
 
Chrysalid said:
This might sound stupid at first, but I hope you get my point.

I've been looking on several methods of how to implement an effective and half-standalone ( requires Internet usage on first time but not after that ) copy protection. My idea is as follows.

As some of you may know, modern hard drive serial numbers are very unique. They are also, to my knowledge, so hardcoded into the firmware that they cannot be changed without screwing up the drive's control software. My idea would be that the user wanting to buy my product is first required to download an executable ( shipped with usage agreement, stating that the tool sends required authentication information to me, the user has to accept that or not to use my software ). This program would extract the user's hard drives' serial numbers, then email them to me for processing. Then, I could build a special version for each registered user. My product's code would then include the crypted serial number, which it would decrypt during installation and execution, comparing the hardcoded serial into the one with the user's hdd.

What do you think? Is this sensible at all or worth trying?
Click to expand...

Then someone would decompile your program, determine through external API calls where you are trying to verify that their HD serial is the correct one, jump to the "correctly authed" address, and recompile it.
 
You must log in or register to reply here.

Similar threads

Krynn72
You guys, what the **** is up.
Replies
11
Views
2K
Tollbooth Willie
Tollbooth Willie
bbson john
Hi everyone. I am new to this forum!
Replies
11
Views
6K
Tollbooth Willie
Tollbooth Willie
B
Valve offers more core virtual reality technologies to device manufacturers
Replies
0
Views
23K
Barnz
B
B
Site security update (March 6, 2017)
Replies
1
Views
17K
*?snah!#
*?snah!#
MFL
Fascinating look at the ongoing psychological evolution of flat hieirarchies.
Replies
2
Views
2K
Tollbooth Willie
Tollbooth Willie
Back
Top