Wibu-Systems Blog

The secret of software copy protection

Posted by John Browne on May 2, 2012 12:31:00 PM

Copyright infringement--which includes software piracy--is a big deal, even if the numbers are inflated. The federal government is all over this, but I wouldn't hold your breath waiting for them to make it all go away. For one thing, I believe most of this happens in countries where either we have no sway over their internal laws and enforcement policies (can you say former Soviet Union kiddies?) or where they are our banker. (Small aside: the federal government has been trying to eliminate illegal drug use in this country as well since Nixon and that's worked well, hasn't it?)

So the problem will be with us probably forever. So only prevention will work. If I have to park my car in a bad neighborhood, I'm going to make sure it has a serious anti-theft system on it. Maybe I can't stop them from stealing it, but I can make it more profitable to go steal someone else's car.

And that's the secret of software copy protection. You have to make it hard enough to steal your product that the perps will go steal something else. It's not like they're going to go work at Starbucks. They're criminals--they do criminal stuff. Maybe you'll get lucky and they'll rip off your competitor's product and all the real sales will fall in your pocket. Maybe they'll switch to Rolex watches and Gucci bags. 

Container freighter

Sounds easy, right? But how to accomplish it? The key is thoroughness. Let's switch to a different analogy--protecting your house. It doesn't make sense to have five locks on the front door if the back door is unlocked. Or if there's a storm cellar with a unlocked door into the basement. You have to think about all the places where bad guys could get in and secure all of them.

Software crackers won't spend their lives trying to break your AES encryption to get a key; they'll see the front door is heavily fortified and wander around looking for a window to break. This is where people who roll their own software copy protection go astray--they haven't learned to think like crackers, so they leave vulnerabilities they aren't even aware of.

Then they get cracked. 

 Man getting keys from a monitor.

Even if they don't roll their own solution, depending on a third-party vendor to provide a solution doesn't mean you can stop thinking about it. You need to make sure that your vendor has not left openings by focusing too much on the front door. A classic misstep is to believe in the server-side authentication of registered users. Setting aside the annoyance issue (what if there's no Internet connection? What if the server is down?) anytime you reduce the protection to a yes/no test it can be cracked by patching the code to always return the "correct" answer. This is a common ploy and in these cases the cracker isn't interested in how robust your encrypted server sessions are because he's go in the open window next to the front door.

Want to know more? More secrets of software copy protection.

Topics: software copy protection, Anti-piracy, Copy Protection