Ask HN: Copy protection?
My employer is worried that our clients will steal our application, and so want me to research copy protection methods.
The application is all client-side, must run without access to the network, and is written in Ironruby.
I'm having a lot of trouble thinking of a solution that I wouldn't be able to break. I know that it's impossible for it to be totally unbreakable, but could someone give me an idea of a pretty good solution?
Apparently cost is no object either.
Edit: Dongles are apparently cheaper than I thought, in the $200 range for a starter kit with five of them. Has anyone worked with them before? What do they do, just give you a small storage area that's somehow hard to access?
13 comments
[ 2.6 ms ] story [ 35.1 ms ] threadNote that the objective probably isn't something you can't break, but something that raises the bar high enough it's not worth it for any/many of your customers to pay someone to break.
We do have a way to keep the code encrypted until we run it, but we have to ship the key with the code...
And for a time-based license you'll need a dongle with a clock in it to prevent the simple workaround of setting the clock (and general system state, etc.) back in time.
Another method I've seen is to lock the software down to a particular hardware instance. In this method, the customer has to run a program on the computer that the program will be installed to, which grabs all sorts of unique things, like MAC address of any network devices, hard drive serial numbers, etc. The customer then sends the resulting info file back and a unique unlock key is generated.
But at the root of it, the protection is still done in software, which is very much still crackable to a skilled enough attacker. But for software you cannot download from the internet without a company provided password, skilled attackers are harder to come by. Compare that to something like winzip which was used as a teaching tool for how to write cracks.
My problem is that I've been thinking of a dongle as a secure-ish way to store a key, which still leaves the responsibility for using the key on my code.