Cracks in figures

[VoltAirOhm]

I think it's as simple as that - man is opportunistic by nature, while ethics, morale, and the basic feeling for "right" or "wrong" are cultural add-ons that we all try to instill into our children because they've proven to work in societies over thousands of years. The current political and economic systems, however, present a totally different picture on a subconscious level - greed and selfishness provide the most "successful" prominent characters. That constantly nibbles away at the moral constraints we might have.

Given the possibility, and without any risk of being punished, the old opportunistic nature shows up, and the faint voice of conscience is easily ignored.

Just an old cynic here...

Very well said.. And (unfortunately) you're completely right

[Urs]

I just checked and it looks like I bought ACE on the 17th of the month last year.
I am pretty sure didn't buy it because of a reminder though, and I don't think I even demoed it so I don't fit with the statistics here at all.

No worries, we're aware that about half of the people who bought ACE on a 17th haven't had the crack.

We also can't track those clicks to actual sales transactions. We don't know who in our customer database came from a piracy background, and we also don't want to know.

[Delfinoverde]

I invite you to visit countries such as Brazil, Cuba or similar… you'll then maybe get surprised to see the "poorest" people making one of the best music of the world - even without any digital setups!

Are you sure that these are the poorest producers? From what I have seen there are many WEALTHY guys with big studios, even in Brazil and Cuba…

Man you misunderstood me!
I'm NOT talking about rich [white] producers but about the man on the street.

@ Urs - I believe some of you developers have put yourselves on a hamster wheel! The more effort you put in development of copy protections, which cost a lot of extra work and money, the less you have time and energy to concentrate on improvements. But customers expect improvements, not hassling protections, which make the software in many cases slower, heavier. The biggest "fishes" in the audio software market nowadays put their hopes and faith on iLok2 or similar… until it will be cracked again! I think it's a kind of reciprocal phenomenon…… Ouroboros!

[chk071]

The biggest "fishes" in the audio software market nowadays put their hopes and faith on iLok2 or similar… until it will be cracked again!

So? The question is not whether something is crackable or not, but how much effort has to be spent on cracking it. That defines better and worse copy protections. And of course a company will profit more from a good copy protection than from a weak one, as there probably will be less cracks with the better copy protection. Afaik, there is no fully functional warezed version of Cubase 6 so far e.g.

[do_androids_dream]

The worst offenders, and this isn't just music software - it is all software across the board, are the middle class trying to better themselves - better car - further holiday - they are just absolutely terrible. More people from this demographic use cracked software than even poor people. I'm poor. I go without hot running water and heating in winter to be able to indulge my little habit.

These people, some of whom I fix computers for or other stuff, they pay for nothing. It is a principle for them. Only mugs pay for software. We are talking about university educated people here with 100,000 euros a year career. The sort that will try to short change you or question you or be suspicious about what you did. The kind that will not even pay you after you spent time and were not able to fix their computer.

When i was doing my music tech degree it was this demographic of classmate who would often be showing off/bragging about their huge plugin collection that they hadn't paid for. The interesting thing was that they usually hadn't made any actual music with them! The 'only mugs pay for software' attitude was very prevalent even among some of my tutors. One guy was being particularly smug so i gently pushed him a bit on the issue during a tea break and told him that i don't use any cracked software - he looked at me like i was mad - 'why pay for it when you can get it for free?' was his response - which caused everyone else in the room to shut up - this made me look like the oddball for supporting developers. Surely an interesting thing to have happened and perhaps a reflection of how people clearly don't know how to 'handle' the whole digital revolution. Software 'stealing' does seem to be something that most people treat separately from stealing a physical object. If someone in the room says 'i just downloaded it for free' as was often the case when talking about software in the classroom no one seemed to even have an opinion about it let alone become judgmental about it (as most people certainly would if you announced you had stolen something physical).

[ras.s]

All of this sounds rather clever and it's nice that it's working out well for u-he.

A few things I didn't quite get from your descriptions, Urs.

a) How does the mechanism actually detect that it's dealing with a pirated copy? You mentioned it looks out for certain patterns and there's a chance that it sometimes gives a false positive..? It can't look through a list of real registration codes, so how does it recognize a generated one from a legitimate one? (I have no idea what kind of registration procedures you have, I have only your free stuff, but I take it there's a simple regcode to deal with?)

b) If the mechanism is hidden within several various tasks the software is bound to process when it's used (I think you mentioned something about it being hidden in ADSR for example) --- have you estimated how much more processing power it needs to have to do those tests? Is the mechanism processed every time a task in which it is hidden is done, for example, every time the software needs the ADSR envelope..? You also mentioned the mechanism acts based on time, so does it check whatever it's time to do the check or not? Simply put, does it add to the CPU demands in the slightest?



Anyways, glad to hear you've come up with a mechanism that works. If you do get the time and put the whole concept for others to share, do consider putting it in the public domain instead of licensing it with open source licenses, as that would make it available for everyone without restrictions. You've pretty much done that in this thread though, by describing its basic functionality. It should be applicable for all sorts of programs, not just this little audio bubble we dwell in here.

I've seen the "melted GUI" been mentioned here at KvR a few times and this was the first time I saw a picture of it, that's quite funny. If you could make the melted stuff appear outside of the plugin window (and even when the plugin is not open visually) it would probably scare a lot of people.

[Urs]

a) How does the mechanism actually detect that it's dealing with a pirated copy? You mentioned it looks out for certain patterns and there's a chance that it sometimes gives a false positive..? It can't look through a list of real registration codes, so how does it recognize a generated one from a legitimate one? (I have no idea what kind of registration procedures you have, I have only your free stuff, but I take it there's a simple regcode to deal with?)

I gave one example: We run the registration with a bogus serial number and check if the plugin is still registered. There is no need to check for a valid serial number, there's only need to check if the registration process was tampered with.

Another example is Team Assign (as do other teams) would typically have their name printed somewhere in the gui. For us, that's typically in the edit display that usually says "registered to so and so". We however have no single legit users who's first name is "Team". So by checking if the first name is "Team" we could sort out a lot of cracks in the past.

We have not had many false positives ever. Most happened during the transition of Zebra's old serial scheme to the new one, about 4 years ago. For some 10-20 people, Zebra suddenly was unregistered and they had to re-register it with a new serial number. Similarly, some ZebraHZs had to be reregistered with a new serial number if the owner had a really old one.

b) If the mechanism is hidden within several various tasks the software is bound to process when it's used (I think you mentioned something about it being hidden in ADSR for example) --- have you estimated how much more processing power it needs to have to do those tests? Is the mechanism processed every time a task in which it is hidden is done, for example, every time the software needs the ADSR envelope..? You also mentioned the mechanism acts based on time, so does it check whatever it's time to do the check or not? Simply put, does it add to the CPU demands in the slightest?

All of those mechanisms do not run in the audio thread. They don't use extra CPU. Most of the checks are event drive, i.e. they happen during user interaction (mouse click, preset load, midi event). None of those last longer than a few microseconds (that's a millionth of a second), and as I said, they usually happen something like once a month.

[Urs]

@ Urs - I believe some of you developers have put yourselves on a hamster wheel! The more effort you put in development of copy protections, which cost a lot of extra work and money, the less you have time and energy to concentrate on improvements. But customers expect improvements, not hassling protections, which make the software in many cases slower, heavier. The biggest "fishes" in the audio software market nowadays put their hopes and faith on iLok2 or similar… until it will be cracked again! I think it's a kind of reciprocal phenomenon…… Ouroboros!

Well, I've made copy protection a hobby of mine. I love it.

ACE day made us revenues of around 5000€. Implementing it took only 2 days. These were the easiest 5000€ we've ever made, albeit for sad reasons. So don't tell me to give up

If you look at the graph in the inital post, quite obviously we found a very efficient antidote towards R2R's new angle with our April release. We will improve further on this and we'll do more things along the lines of ACE day, i.e. get "them" earlier, more often.

The lack of a Satin crack for Windows looks to me rather like the opposite: They seem to have given up embarrassing themselves with cracks that don't work.

[ras.s]

Thanks for the clarifications. Good to hear the downside of this copy protection isn't extra CPU power (I understand that what you described can't amount to much).

Regards this one:

I gave one example: We run the registration with a bogus serial number and check if the plugin is still registered. There is no need to check for a valid serial number, there's only need to check if the registration process was tampered with.

Now, to be honest, years ago I did use pirated software. I haven't done that for nearly ten years now though, so I'm quite clean there.. But I remember that atleast back then how a lot of cracks functioned was that the crackers provided a key generator. I suppose that means they had figured out how the serial relates to the name it's registered to, or something like that. So if someone figures out how to generate legit looking keys for the software, that would circumvent this protection? The difference being, they don't tamper with the registration process (or the binary in general) but are able to fool the process as it is.

[Urs]

Now, to be honest, years ago I did use pirated software. I haven't done that for nearly ten years now though, so I'm quite clean there.. But I remember that atleast back then how a lot of cracks functioned was that the crackers provided a key generator. I suppose that means they had figured out how the serial relates to the name it's registered to, or something like that. So if someone figures out how to generate legit looking keys for the software, that would circumvent this protection? The difference being, they don't tamper with the registration process but are able to fool the process as it is.

We simply have found out how to make key generators impossible - it's a little, yet efficient crypto trick

The last key gnerator was the Zebra 2.1 one from Air, and that one didn't quite work all that well.

[ras.s]

Sounds like you've got a rock-solid solution here then. Now just start melting the cracked copies earlier and more often, like you wrote a few posts ago. I reckon what you guys have come up with is something that should interest a lot of developers, here and elsewhere.

[Tricky-Loops]

...and told him that i don't use any cracked software - he looked at me like i was mad - 'why pay for it when you can get it for free?' was his response - which caused everyone else in the room to shut up - this made me look like the oddball for supporting developers...

This kind of scene happens a million times between humans...

I desperately tried to explain to a relative why I don't want to use his cracked Cubase version. He looked at me as if I were a "moralizer", then he said:

"Why do you care about software developers - they already have enough money...and it's only software, they can copy it, anyway..."

(Then I said him that for all these programs they have to employ professional programmers who need something to eat, too, and they won't work for nothing.)

IMO there should be a way to delete ALL those warez on file sharing (cloud) services. A developer should be able to write them, prove that these are warez, and then it should be deleted immediately (and I mean: IMMEDIATELY!).

Or uploading software copies should only be allowed if the uploader has an distribution agreement from the developer, this would be much more easy!

As long as the free cracks are appearing in the first page when someone searches via Google for a plugin, they'll download the cracked version because it's just a few clicks and they don't have to be afraid of anything.

I had one case where I searched for a plugin and the FIRST (!) result of the Google search leaded to a cracked version!

[pinki]

I make my living through music and I have been saving up for about 2 months ( not two years!) to get Satin and today I can afford it and am a new customer at Uhe.

I will say this on the matters discussed.....the thing that I find really really disgusting is when I come across a fellow composer who starts talking to me about all the cracked software he has.

And Urs I will confirm your point that they normally have nothing to say and make cruddy music.

[kinwie]

Well, I've made copy protection a hobby of mine. I love it.

Well, Urs, and guys...i'll share another story,

i live in a country with high piracy habit, where people not care or maybe not understand enough about legal things. so...you can very easily find a soft-store in big mall/streets/business centers, to buy a latest releases. a cd/dvd with several app/plugins just cost you $5...

i once, knew a guy who work in a store and smart enough, which then he secretly sold directly to the customers he got from the store where he works. yeah, he did a very great customer-service job, like...do the software/plugins installation in their house or studio, deliver new releases/updates to their front door...etc. so, his sales ran very good as i heard from a friend.

and then...2 or 3 years later, i heard again...he already bought a brand new car and open his own shop! i just think, wow!

that kind of person maybe a lot everywhere...and i just realized, they stole from you the developers! so Urs, your full attention in copy protection is absolutely the top priority.

[fateamenabletochange]

.....the thing that I find really really disgusting is when I come across a fellow composer who starts talking to me about all the cracked software he has.

Just my luck, when I walk into music stores locally, the hoons working there seem to be always kind of showing off talking about all their cracked software, weird the way it always seems to happen.
So I stopped going, I buy online now, pay postage to the outer rim, and still get a better deal, kind of win win. [they also never seem to have the stuff I want, even simple things like TRS 1 m. or midi cables, presumably being so preoccupied they forget to re-order stuff.]

None of my three kids use cracked software, must of done something right . Just an attitude, "we" don't do that, something I don't think we have ever talked about except briefly in passing. Daughters boyfriends sure do.

Also, in skirting around I noticed the price for ACE which I had forgotten since buying it. Tis true I'm a fan, but for what it can do, it seems REALLY cheap to me.

Poor old ACE, sordid business somehow.

Some presumably a neighbourhood kid, kept stealing my $1.20 butt bin and the butts in it, right off the front porch where wife and I have the odd luxury length cigarette, numbers of times this happened.
So we moved to a shell from a beach visit as ashtray, that got knicked too. So, it looks like it is the butts that whomsoever is after.
Bloody ridiculous, why should I bother about someone knicking our butts off the porch, very annoying. I shouldn't mind, because said kid is no doubt poor.
So no worries, help yourself I say, the world is my ashtray, knock yourself out.