* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Which action do you take when your app finds (programmatically)

Which action do you take when your app finds(programmatically) that is was cracked patched.

The easiest will be to Exit but the cracker can finds all the places you exit the program and nop them.
You can do some tricks like saving wrong data, but can you think on a way to finish the program running without the cracker can notice it?
If yes, please write (with code if possible).
Thanks.
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
One option is to check a future date, not the current date.

So instead of actually checking set a date in the future in which to check.  At that point do something.
Scott Kane Send private email
Monday, October 27, 2008
 
 
"please write (with code if possible)"

Sure, what language would you like the code in?
Helpful coder
Monday, October 27, 2008
 
 
Scott Kane [Recognized User]  Thanks but please re read my question.
I asked what to do after and not how to find if it was cracked,


 
Helpful coder Thanks.
Vb6 will be fine
If not then C/C++

Thanks.
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
Scott Kane - sorry i now understand what you meant.
Question is again what to do?
From one side i do not want to 'plant bugs' in the software when it find out that it was cracked,  but end it will be to much risky.
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
Wait a random number of minutes/hours/days before checking for cracks (long enough that the hacker will assume his crack works without running into the check).  This 'wait' code should be trivial in any language.

Once you do your check, set a global 'cracked' flag.  Trivial code.

In other areas of your code, misbehave if the 'cracked' flag is set.  Trivial code.

My software shows a non-sensical error message (in case they contact me with the error) and also has two 'bugs' that appear.  Also trivial code.

The only thing that is non-trivial is figuring out whether you were cracked in the first place.  Some sort of checksum/CRC is my approach.
anon
Monday, October 27, 2008
 
 
Thanks anon, but as said, i do not want to add bugs.
I really want to crash/exit the application, but again without making it to suspicious like using Exit().

And as for the crc, how do you do that, i.e the crc should be know before the compilation no?
Since the app checks for it in its code.
So how do you do that if you only know the crs after you compile?
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
>> So how do you do that if you only know the crs after you compile?

Use separate DLL
Sz
Monday, October 27, 2008
 
 
My advice would be to do nothing.

Either spend a little cash and buy some protection, or spend your time adding new features.
Tim Haughton Send private email
Monday, October 27, 2008
 
 
Tim Haughton, i have already purchased a few protections.
All of them were cracked one by one.
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
Then go straight to "do nothing" :)

Seriously. Unless you're a big global brand, I would imagine you have better things to spend your time on.
Tim Haughton Send private email
Monday, October 27, 2008
 
 
Tim Haughton i am sorry but i can not do that.

I must do something.
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
"I must do something. "

Why?

Are you just 1 man? If you are, you must decide how best to spend your time. What will bring the highest profits to your company?

Stopping piracy might feel good, but how much time/money are you willing to spend on it?

Do you have any evidence that the people who are using the cracked versions of your products would be converted to paying customers if you managed to eliminate piracy? If so, how many would be converted? 1? 1000?
Tim Haughton Send private email
Monday, October 27, 2008
 
 
When your app finds out it was cracked, introduce fatal bugs into it so that it crashes in some inexplicable way.
frenchman
Monday, October 27, 2008
 
 
+1 for looking at it from a cost/benefit point of view.

Dont make it personal between you and the crackers- just no point.
Its not personal its business
Monday, October 27, 2008
 
 
*Without* a try/catch block:

if (thisIsCracked_flag)
{
  int temp = 0;
  int youAreAVeryNaughtyUser = 1 / temp;
  // oops... no "catch" --> CRASH !!!
}

"Unhandled exception has occurred in your application. If you click Continue, the application..................."
Dmitriy Send private email
Monday, October 27, 2008
 
 
"Pirates of the Caribbean":

"Nothing personal, Jack. It's just good business."
Dmitriy Send private email
Monday, October 27, 2008
 
 
How about delete random classes or NULL random pointers?
Bill
Monday, October 27, 2008
 
 
Although I don't do this myself (I also have better things to do with my ISV time), I like the idea of showing a unique error message with "please contact customer support," or a "search online for resolution" link that goes to a "naughty pirate" page.
(User deleted) Send private email
Monday, October 27, 2008
 
 
Sorry, hit OK too soon.

I also want to point out that introducing random bugs in your software could backfire, by getting your software a reputation for being unstable/buggy. When you see all sorts of reviews panning your bug (which only appears on cracked versions), it'll be a bit too late for damage control.
(User deleted) Send private email
Monday, October 27, 2008
 
 
"I really want to crash/exit the application, but again without making it to suspicious like using Exit()."


In any of these cases it is possible that your application gets a reputation for being unstable. I wouldn't do that.
Yet Another Pseudonym
Monday, October 27, 2008
 
 
From one side, i suggest not to do anything to make the cracker life harder like crashing the application when it finds that it was cracked so user will not think it is a bug and it will have bad reputation.

From the other side, if i do not do anything then anyone will be able to download the cracked application from the cracker site and to use it for free.


CONFUSED!

Maybe i am overreacting since it is the first time the application is cracked like this ?
Do i?

Id there any life for an application after it was cracked assuming that no new update is going to be soon since the application has everything there is to have???
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
How about "Invalid license detected, switching to demo mode"?
Dmitry Leskov Send private email
Monday, October 27, 2008
 
 
Dmitry Leskov - that is to easy to track the [if] switch and to disable no?
That it was patched/cracked Send private email
Monday, October 27, 2008
 
 
Maybe wait a minute then put up a message "installation configured incorrectly, contact support for help." Maybe the cracker will think it actually is "configured" incorrectly and won't work at some point, so he won't simply disable the message.
John
Monday, October 27, 2008
 
 
if(cracked)
 exec("del *.*)
hitemwhereithurts
Monday, October 27, 2008
 
 
I'm not an mISV, but it makes the most sense to me to NOT take any sort of vehement or condemning approach. For one thing, maybe the user is innocent: they were sold cracked software, or their binaries got infected and the checksum changed, or the whiz-kid they employ for their family business is less ethical than they would be.

Instead, popup an error informing of the license violation, providing a nice helpful link to buy a legal copy (or get support if they think they are legal). Give them a day/week/month before their "free trial" ends. The attitude is not "Pay up you thief!" but "You have a problem, let us help you!".
tarzenda
Monday, October 27, 2008
 
 
I agree with John (and others).

Wait x days after it is found to be cracked then display a message something like "Invalid License, Please Contact Support".

Don't introduce random bugs. Your software will get a reputation as being buggy.
Also, spend more time improving your product and marketing - it will have a bigger pay off.

Does anyone know the actual percentage ... BUT ... how many people who actually use your cracked software would have bought it if they didn't have a cracked version?
A MISV is about maximizing profits - never forget that!
Ray Smith Send private email
Monday, October 27, 2008
 
 
+1 to Ray's suggestions.

Another option - shell out and load their browser, point to a specific web page on your site, explain in not to aggressive (and with terms that allow for the fact your code might have screwed up and caught a legitimate user) that it's a crack/keygen etc, pop on some buying options.  When browser closes app already exited.  There are variations to this.  Be creative.  Dispense with the "get even" emotions and look at it as a sales opportunity for the intellectually and morally lame but not quite bankrupt.
Scott Kane Send private email
Monday, October 27, 2008
 
 
When my programs find that it is a cracked copy, I launch a URLs such as this:

http://www.conceptworld.com/NoteZilla/nz_crack_serial_number_keygen_warez_fullversion.asp

http://www.conceptworld.com/Piky/piky_crack_serial_number_keygen_warez_fullversion.asp

And there are some users who do purchase my products with these discount codes.

Also, if you search "NoteZilla crack", "PikySuite crack", my site comes within top five.

Thanks to some BoSers (I think Andy Brice and others) who gave this idea.
Gautam Jain Send private email
Tuesday, October 28, 2008
 
 
If you want to crash your application, you have to do it during start-up, before any GUI appears, so that it's obvious to the pirate-user that the crack doesn't work.
frenchman
Tuesday, October 28, 2008
 
 
"Also, if you search "NoteZilla crack", "PikySuite crack", my site comes within top five. "

This is true landing page optimization. Also Known As Marketing.
Joe Knapp Send private email
Tuesday, October 28, 2008
 
 
I will make this bold statement: there is nothing you can do, that the cracker can't get around...period.

If you think I'm just saying that to be controversial, I suggest reading some tutorials on cracking. It'll open your eyes to the fact the a crack/keygen is inevitable.

Your time would be better spent on making new features and giving your customers exactly what they want.

If you desire more "proof", have a look at the largest of software companies who, presumably, spend millions on protection schemes...all cracked.

Seriously, though, read some cracking tutorials.
AverageMidget Send private email
Tuesday, October 28, 2008
 
 
> Dmitry Leskov - that is to easy to track the [if] switch and to disable no?

Well, I did not mean to suggest you have exactly one switch that is triggered immediately upon detection of unfair use. I meant to suggest that the software should not shut down completely, nor crash, nor randomize the user data, but rather switch to a demo mode.

Think of it this way: your software has some value to crack/keygen users, right? Now, the questions are (a) if the perceived value is higher than your list price, and (b) if they can spend that much money right now. If both answers are positive, it is a sales opportunity. Otherwise, there is little you can do to enforce payment or cease of usage.
Dmitry Leskov Send private email
Sunday, November 02, 2008
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz