Status & Roadmap
Authors & License
Funding Ultimate++
Search on this site

SourceForge.net Logo

About Software Protection methods


There are many ways to try to protect your software from piracy... none of them is 100% effective.

Most protection schemes are usually composed by following parts :


Check if user has a license to run the software

This point can be accomplished by various means, like dongles, software licenses tied to one particular machine, lan/internet activation and original media checking.


Make difficult for malicious user to defeat the protection scheme.

This point can be achieved by various means, from simple code obfuscation, which makes debugging/disassembly difficult, up to code encryption, which makes disassembly virtually impossible if user hasn't a program license.


First step is the easiest to achieve, and its security degree depends almost only on authentication media chosen.

In my opinion, a good dongle or, even better, an internet authentication method are the most secure; in particular, internet auth, which has the obvious caveat of the need of a connection available to run the application, can be the most flexible one.


Second step presents most challenges.

If it's quite easy to make it impossible for an user to unlock a protected software without having a correct license, it's virtually impossible to have 100% protection against a malicious user with a software license; every software that can be run on a computer can also be copied.


The solution proposed here doesn't want to be a commercial grade protection scheme; its purpose is just to make it impossible for an user without a license to run the software, even if he has good skills in software debugging, and make is somehow difficult for an user in possession of a license to defeat the protection scheme.

This is accomplished by encryption of some software parts and on-the-fly decryption with a license key obtained in any usable way.

Beware that a mid-skilled programmer in possession of a right license key can defeat the algorithm in short time, as the decryption process is quite trivial and placed exactly before the encrypted software parts; it can anyways make the process of reverse-engineering not worth the time spent for it.


How it works


Do you want to contribute?