copy protection with hardware dongles
-
- KVRer
- Topic Starter
- 20 posts since 25 Jan, 2009
Hi all, I know there are a few topics here about copy protection but I have one question about hardware dongles like iLok and eLicenser. I'm thinking of using a dongle for one of my future plug-ins and I'm interested if there is someone out there who uses a dongle already for his own project and can tell me a bit about his/her experience with it. I heard that even Cubase was cracked, but I'm not use if this is true.
Are dongle protected plug-ins uncracked for a longer time than plug-ins without (and are they cracked at all?)
Thanks.
Are dongle protected plug-ins uncracked for a longer time than plug-ins without (and are they cracked at all?)
Thanks.
-
- KVRian
- 1265 posts since 9 Sep, 2005 from Oulu, Finland
If the product is interesting enough, it will be available cracked on Windows within a month of product release. Both iLok and Syncrosoft dongles have been cracked already, there's not much extra effort the crackers need to take for new products. You might try counting on the crackers being lazy and not providing cracks for updated versions of your product. Some pirate users might get frustrated enough having to use an old version of the product to buy it or cease using it. (The latter will be the very likely case anyway.)mr2b wrote: Are dongle protected plug-ins uncracked for a longer time than plug-ins without (and are they cracked at all?)
Thanks.
The best course of action of course would be no dongle at all. You just cause more effort and expenses to yourself (licensing iLok/Synchrosoft etc is very expensive), that you must transfer in the cost of your product to your customers and high prices never make potential buyers happy.
- KVRAF
- 7397 posts since 20 Jul, 2004 from Clearwater
Instead of using a dongle why don't you just embed the registered user details in the purchased software. It's what Cytomic is doing with The Glue and Camel Audio is doing with Alchemy. It's way more cost effective and apparently works a hell of a lot better than dongles ever will. Don't burden your customers.
You are currently reading my signature.
- KVRAF
- 2686 posts since 5 Feb, 2004 from Nevada City, California
i will personally not buy any software with a dongle unless it is something vital like Cubase.. many people run out of USB space especially on laptops.. your other methods are basically just as effective - one very good tactic is to release plenty of updates and support restricted to the registered users..
- KVRAF
- 12555 posts since 7 Dec, 2004
cubase was never officially cracked from what i can see, rather they just modified the protection driver renaming it an "emulator". it's probably similar to the BD+ "cracks" where they just took an already decoded key and fed it to their "emulator". the "crack" only works with a specific version of the protected code included in those torrents and doesn't work with anything else at all. if the protection was really cracked or if it was a true emulator, you could run any software using it as if it was a real dongle, and that isn't the case.
ultimately, like any protection, the only way to really protect something is not to reveal it. if you actually let the code run on the host cpu, eventually it can be manually decoded and made to run without the protection.
considering it was around for so long without any problems i'd say it's a pretty secure protection. like BD+, they can just change the format and render the old "cracking" methods obsolete. unlike BD+, they don't need to support the old format anymore meaning it will be literal hell for the crackers to attempt the same trick twice.
ultimately, like any protection, the only way to really protect something is not to reveal it. if you actually let the code run on the host cpu, eventually it can be manually decoded and made to run without the protection.
considering it was around for so long without any problems i'd say it's a pretty secure protection. like BD+, they can just change the format and render the old "cracking" methods obsolete. unlike BD+, they don't need to support the old format anymore meaning it will be literal hell for the crackers to attempt the same trick twice.
Last edited by aciddose on Wed Mar 31, 2010 4:14 pm, edited 1 time in total.
-
- KVRAF
- 2393 posts since 28 Mar, 2005
Yep. But either it's just some string in your code that you search replace and it's easy to crack or you need to recompile the whole software for each of your clients and it's a bit painful to implement. You'll need to ask Andy or Ben if I missed something.djanthonyw wrote:Instead of using a dongle why don't you just embed the registered user details in the purchased software. It's what Cytomic is doing with The Glue and Camel Audio is doing with Alchemy. It's way more cost effective and apparently works a hell of a lot better than dongles ever will. Don't burden your customers.
As far as I know, latest version of both syncrosoft and iLok have not been cracked.(with non demo version)
No problem regarding implementation on our side.(iLok in our case)
HTH
-
Ben [Camel Audio] Ben [Camel Audio] https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=1122
- KVRian
- 757 posts since 18 Sep, 2001 from Edinburgh, Scotland
I don't want to go into too many details about exactly how we do things on a public forum, but ... we embed the information in many places and represent the information in different ways. For example, if you simply used 2 bytes and gave each user a unique number, and you put those two bytes in lots of place in the code, and performed different logical operations on those two bytes in different places - eg. xor... then clearly no one can search for that based on just having their licensed version of the program. Sure - they could hack out the information that was displayed visually, but that doesn't mean that if we got hold of the leaked version we couldn't figure out who leaked it, and lock their account, preventing them from getting all the benefits of being a registered user.otristan wrote:Yep. But either it's just some string in your code that you search replace and it's easy to crack or you need to recompile the whole software for each of your clients and it's a bit painful to implement. You'll need to ask Andy or Ben if I missed something.djanthonyw wrote:Instead of using a dongle why don't you just embed the registered user details in the purchased software. It's what Cytomic is doing with The Glue and Camel Audio is doing with Alchemy. It's way more cost effective and apparently works a hell of a lot better than dongles ever will. Don't burden your customers.
As far as I know, latest version of both syncrosoft and iLok have not been cracked.(with non demo version)
The great thing about this approach from a user perspective is that its just as little hassle as having no copy protection at all - they don't need a dongle, they don't need to perform challenge response... Its not copy protection in that I could take my copy and transfer it to as many machines as I like. In the last 10 months since we've been doing this, none of our updates have been released as warez versions (that we could find on the web/torrent trackers, anyway), so the only people who've been using all the new features, fixes and all the new soundbanks and additional free soundbank content have been legit users, which is good for them and good for us. Prior to that, our updates were cracked within less than a week. I'm under no illusions that this may change tomorrow, no system is uncrackable and of course someone may simply spread a licensed version.
Ben
-
- KVRer
- Topic Starter
- 20 posts since 25 Jan, 2009
Hey, thanks for all your replies, very insteresting! I see there are other ways of protection beside dongles.
Just to see, if I understand: if I embed user information, I have to do an individual compile for each download or write the information in the compiled binary to certain places bevore the user downloads its personal copy, right? If I distribute updates via a user area, that can only be accessed by registered user, there are just copies with individual signatures around. Then If a hack comes up I can retrace it back to a single license (if the hacker didn't erase all embedded personal information). That's a cool thing.
But what if one hacks the latest demo version that is free to download? Or are the demos limited in funcionallity in this scenario (e.g. no "save preset" implemented) ?
Just to see, if I understand: if I embed user information, I have to do an individual compile for each download or write the information in the compiled binary to certain places bevore the user downloads its personal copy, right? If I distribute updates via a user area, that can only be accessed by registered user, there are just copies with individual signatures around. Then If a hack comes up I can retrace it back to a single license (if the hacker didn't erase all embedded personal information). That's a cool thing.
But what if one hacks the latest demo version that is free to download? Or are the demos limited in funcionallity in this scenario (e.g. no "save preset" implemented) ?
-
- KVRian
- 644 posts since 17 Jan, 2007 from Australia
Thanks for the explanation Ben, it's why I'm a happy (paying) customer.
I just wish other companies would adopt your approach, and sell products, rather than protection schemes...
(I have the money for Blue AND Sub Boom Bass, but their e'crap prevents me from paying them... ).
I just wish other companies would adopt your approach, and sell products, rather than protection schemes...
(I have the money for Blue AND Sub Boom Bass, but their e'crap prevents me from paying them... ).
-
Ben [Camel Audio] Ben [Camel Audio] https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=1122
- KVRian
- 757 posts since 18 Sep, 2001 from Edinburgh, Scotland
Yes - thats all correct. We do the embedding on the server and its entirely automated - not at compile time. This is quite a lot of hassle tho to get right - mainly from the perspective of the server code. A good general rule is to make sure you are using less than 1% of your development time on copy protection issues. So unless this is quite a big product which has had several man years, I'd probably just go with serial or keyfile.Just to see, if I understand: if I embed user information, I have to do an individual compile for each download or write the information in the compiled binary to certain places bevore the user downloads its personal copy, right? If I distribute updates via a user area, that can only be accessed by registered user, there are just copies with individual signatures around. Then If a hack comes up I can retrace it back to a single license (if the hacker didn't erase all embedded personal information). That's a cool thing.
Thats certainly a risk. You could remove the save preset functionality. But if you want fully functional time limited demo, the only thing you can do to mitigate this risk is to put in lots of different checks - but of course its crackable if someone is prepared to spend enough time. The demo could exclude some features of the full version - such as containing only a small amount of the preset and sample content, for a start (the amount of content with our Alchemy demo is a small fraction of whats included in the full version). The demo updates could also lag behind the latest full version release too.But what if one hacks the latest demo version that is free to download? Or are the demos limited in funcionallity in this scenario (e.g. no "save preset" implemented) ?
Thanks for buying our stuff - I appreciate itThanks for the explanation Ben, it's why I'm a happy (paying) customer.
Ben
-
- KVRian
- 614 posts since 7 Jan, 2009 from Gloucestershire
Hey Ben, embedding user data is a really great idea, I'm guessing you use a map file to find unused program areas to do this, and update the server offset data every time you make a new release?
I use Share-it for my shop, as I've got little PHP knowledge - too many 'hats' to wear as it is!
I feel like I want to buy your checkout code!
Cheers,
Dave.
I use Share-it for my shop, as I've got little PHP knowledge - too many 'hats' to wear as it is!
I feel like I want to buy your checkout code!
Cheers,
Dave.
-
Ben [Camel Audio] Ben [Camel Audio] https://www.kvraudio.com/forum/memberlist.php?mode=viewprofile&u=1122
- KVRian
- 757 posts since 18 Sep, 2001 from Edinburgh, Scotland
I can't take the credit for the embedded data idea - it was Arne from Wallander who helped me get going with this approach. Urs started an area where developers can discuss issues like this which they would rather not discuss on a public forum - I gave more details about this approach on there, so take a look there. If you're not a member of that, email Urs about it.DaveHoskins wrote:Hey Ben, embedding user data is a really great idea, I'm guessing you use a map file to find unused program areas to do this, and update the server offset data every time you make a new release?
I use Share-it for my shop, as I've got little PHP knowledge - too many 'hats' to wear as it is!
I feel like I want to buy your checkout code!
Cheers,
Dave.
Ben
- KVRAF
- 2925 posts since 29 May, 2009 from New Zealand
...but then, lets say my PC gets hacked, unbeknownst to me... my account data is stuck in the file, and you close the account...HE'S the LEAKER BOYZ! Ye, job well done...?Ben [Camel Audio] wrote: and lock their account, preventing them from getting all the benefits of being a registered user
It won't be done this simple will it?
I know, hacking a system remotely, and downloading a complete and working version is virtually impossible seeing as I have the right measures in place on my system.... but lets just say, if? What then.
-GeorgeZ
PS: Not giving you shit in any way, shape or form Ben I love my Alchemy, and
wouldn't want anyone to get their grimy mits on it... and not needing
any other bullshit dangly bits to make it work, makes it even doubly more
special to me
-
- KVRAF
- 2583 posts since 26 Aug, 2002 from here
Shame this is almost entirely untrueXenakios wrote:If the product is interesting enough, it will be available cracked on Windows within a month of product release. Both iLok and Syncrosoft dongles have been cracked already, there's not much extra effort the crackers need to take for new products. You might try counting on the crackers being lazy and not providing cracks for updated versions of your product. Some pirate users might get frustrated enough having to use an old version of the product to buy it or cease using it. (The latter will be the very likely case anyway.)mr2b wrote: Are dongle protected plug-ins uncracked for a longer time than plug-ins without (and are they cracked at all?)
Thanks.
The best course of action of course would be no dongle at all. You just cause more effort and expenses to yourself (licensing iLok/Synchrosoft etc is very expensive), that you must transfer in the cost of your product to your customers and high prices never make potential buyers happy.
Modern dongles are not cracked and that is the end of it - cubase 5.1 is cracked (although it was about a year after relase before it was cracked)but rob papen's verb is not - yet they both use syncrosoft
sound toys is cracked yet waves (neither 6 or version 7 have been cracked - this is roughly 2 years) is not - they both use ilok.
Dongles are defeatable and will continue to be so, but the idea is i takes so long that it buys the seller some time to make money before it is try before don't buy.
I believe every thread should devolve into character attacks and witch-burning. It really helps the discussion.
-
- KVRAF
- 2583 posts since 26 Aug, 2002 from here
Surely the problem with the camel audio protection is that the crackers need to get hold of two legit copies - compare them and note the differences (and thats pretty easy) and go from there in obfuscating who's copy they used
But like a dongle it may well buy enough time to ensure that sales are made
But like a dongle it may well buy enough time to ensure that sales are made
I believe every thread should devolve into character attacks and witch-burning. It really helps the discussion.