“Over half of the world’s computer users (57%) admit they pirate software,” according to BSA in their global software piracy. That is pretty scary, but try not to let piracy concerns be the be-all and end-all. In the real world there is probably very little you as an application producer can do to prevent the really determined cracker from breaking your protection; even the ultimate protection can and will be potentially compromised by doing some research. Being in the security industry for over a decade, here are five protection tips and tricks to consider when designing your next project:
- When writing your protection functions try to avoid using very obvious names (i.e. LicenseFound(), IsValidSerialNumber()). Instead use less intuitive or even misleading names, and never place the entire protection inside a single DLL or module.
- Avoid helpful (or should I say error) message boxes (i.e. “License is not found”, “Invalid Activation Code”) that would provide hints to where the protection routine is located.
- Prevent crackers from heuristically reversing jumps by decrypting application data based on the return of the protection functions .
- Use CRC or integrity checks to ensure that key sections of the program have not been modified. It might also be worth reading a copy of the program into memory and checking for modifications at random times, again be subtle.
- And finally, all serious crackers will use SoftICE to break your protection and remember that most anti-debugging tricks are well documented and ultimately with any anti-debugging trick a way around will be found.
So, invest the time to reverse engineer your own software and make changes at the machine level if necessary and strengthen your protection – a general rule of thumb is that the longer it takes you to protect, the longer it will take a cracker to de-protect. Whilst no protection will ever be completely cracker proof, treat software protecting like you treat your car (or any other prized possession), if you can implement enough deterrents most thieves will find an easier target or they will wait until a more skilled thief decides to turn his hand too it.
What tips and tricks have you implemented to prevent software piracy and to protect your IP?
