Geek Answers Handbook

USB piracy protection

I want to protect my Java product using some USB-based authentication and password management solution that you can buy here: aladdin This means that you need to plug in a USB drive with special software before you can run the application.

I would like a little experience here of users who used equipment like this.

  • How safe is it?
  • General: How much money do you spend on protecting software that will sell 100 times?

I will confuse my Java code and save some user OS settings in an encrypted file, which lies somewhere on the hard drive. I do not want to limit the user to do online registration, because the Internet is not needed for the application.

thanks

Comment: The company I'm working on is now Wibu for over 5 years.

+6
java authentication hardware protection piracy-protection
source share
9 answers

Please just don’t. Sell ​​your software for a price that represents its value, with a basic key scheme, if you have to keep honest people honest and leave it at that. Pirates will always steal it, and the hardware key will simply cause grief for your honest customers.

In addition, any circuit you create will simply be defeated by reverse engineering; if you hurt to use your software, you will motivate otherwise honest people to defeat it or look for cracks on the Internet. Just make the defense less painful than finding a crack.

+34
source share

Despite the fact that my opinion on this issue is not to use such anti-piracy protection schemes, I can give you a few pointers, since we used this solution in the past. In particular, we used Aladdin tokens.

From the point of view of security, this solution is quite reliable, since you have it either in the system or not. This is not something you can easily override, provided your code is also protected.

At the bottom, we encountered a problem that made us refuse to solve the equipment token. Our application is an intranet web application (for example, a web application running on a client’s local intranet rather than a hosting solution), and often clients would like to deploy our application on blade servers or even virtual servers where they did not have USB ports!

So, before choosing such a solution, consider such factors.

+6
source share

While I agree with most of the other answers, there is a case where hardware keys work, and this is for software with low volume and high value. Popular high-volume software will always be cracked, so it’s easy for you to annoy your customers with an expensive hardware system.

However, it is unlikely that anyone will worry about trying to hack specialized low-volume software. However, if you simply install it on another machine, many customers may “forget” to buy another license and you will lose valuable income. Here, security key protection works as if they should come back to you for another key if they want to run two copies at the same time.

I used Aladdin keys, but keep in mind that there are software emulators for them, so you should also program the key memory with something that the emulator cannot know about.

+5
source share

I used such products, and it’s a pain. I personally will not spend any money on a hardware circuit or a third-party protection circuit.

Resist the temptation of a hardware protection circuit.

One thing for sure:

  • Any protection scheme will be hacked.
  • You will annoy legitimate customers
  • You will lose time by supporting security issues.
  • There will be problems when a legitimate customer cannot use your product because of protection.
  • It is better to invest at any time and funds that you would spend on protection to improve the product or find more customers.

The golden rule of defense is to make it painless for your customers. Equipment protection schemes make life inconvenient for your customers and easier for those who ripped you apart, which is clearly not the case.

+4
source share

Just add evidence to what SoftDeveloper says. In the field of low-value software, protection is counterproductive. Similarly for a large volume.

Nevertheless, our earnings are a product that is sold for 10-25 thousand pounds for a user license. The vast majority of our customer base is very careful to be compatible - large corporations - and for some of them we sold unlimited unprotected products.

However, in the past we had evidence that, when used by smaller companies for short-term use, attempts were made to violate the protection. When you stand to lose 100 thousand pounds for each incident, you should at least talk about it.

In the past, we used SuperPro, but this product is now weak and outdated.

For our latest product, we are still evaluating, but Sentinel / Aladdin ( http://www.safenet-inc.com/sentinelhasp/ ), SecuTech Unikey ( http://www.esecutech.com/Software-Protection/UniKey-Family /UniKey-Drive/UniKey-Drive-Overview.html ) and KeyLok Fortress ( http://www.keylok.com ) are among the selected subset.

One thing we do is provide maximum flexibility in the model. Thus, when marketing comes up with the next bright idea, we will be ready. In addition, it is vital to ensure extremely reliable and informative license control. Protection should not mean poor customer experience (although this often happens!).

+4
source share

Just like another slightly different opinion:

There was one situation where I gladly accept the "key" approach. The MATLAB structure has a pricing structure, where if you install something on one fixed machine, it costs $ X. If you want to install it as a parallel license (network license server) for one person, to use it at a time, it costs $ 4X. This makes no sense for rarely used software.

A business model for buying an ultra-precise torque wrench should not matter how much a person wants to use it, and if person A wants to use it, but person B is already using it, then person B must finish using it before person A can use it. I have no problem with the software following this model using physical tokens if it is used on sites where it is used by several users. This is a much fairer business model than raising the price of a concurrent license. A physical marker approach may be less attractive to individual customers, but if you have a product that manages the price, then why?

If you do not have a product that requires this degree, I would not worry.

And you better have a mechanism to work with lost tokens. (alas, I have no idea)

+1
source share

First, make sure it is not counterproductive. It has an invaluable cost in the development, testing, maintenance and customer support. Cases where such protection is more appropriate is when your software is software, with almost a machine dedicated to it.

I know that the latest wibu products have pretty good reliability and are proven in practice by hackers. (Perhaps there are other similar products). In fact, parts of your code can be encrypted in the key itself, while the encryption key changes all the time. They held worldwide hacker contests where no one could use unauthorized versions of secure software.

+1
source share

I use OM-p to protect against piracy. They provide: - free pirate consulting - free anti-piracy monitoring - and they paid pirated copies

0
source share

Modern keys used correctly can provide very strong levels of protection against illegal copying. Wibu-Systems CodeMeter survived several public hacking contests (most recently in China!) Without winners.

The reason is strong encryption: the executable file is fully encrypted with 128-bit AES encryption, and the generation of the decryption key occurs only in the key. Since the half-life of the keys is short, even finding one key (which will require tremendous effort) does not provide a universal crack.

Crackers are very smart people and they won’t work harder than they need to crack the software. It is easy to leave software vulnerabilities if software protection is not the main focus of your research and development. Obtaining a good key and carefully following the manufacturer's recommendations for protection is the best insurance against illegal copying.

Some useful questions when evaluating a security system: 1. Does it support the OS versions that you want to configure your executable file for? 2. Does it encrypt the connection between the key and the OS? 3. Can it detect debuggers and block the license if the debugger is working? 4. Does it use a smart card chip (harder to sniff hardware)? 5. Does it use one key or several keys? 6. Does it support license models (payment for use, payment for time, etc.) that you want? 7. Is a rich set of tools available for ease of use? 8. Can it protect other types of files besides .exe files? 9. How good is their developer support? Has it been transferred to another country? 10. How many reference clients can they provide?

The cost can be from 50 to 100 dollars per copy (or less or more, depends on many factors). Most reputable providers will provide you with pricing information with a simple phone call.

Hope this helps.

0
source share

More articles:


All Articles