* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!

Links:

» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)

Moderators:

Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Exe Wrapper for Fastspring

Hi - I'm considering switching my eCommerce provider to Fastspring.  I've been using Regnow/MyCommerce with the free version of Software Passport for DRI.  But I've been very unhappy with the quality of the service and now that Software Passport and Armadillo seem to be disappearing, I figure this is a good time to switch provider.

Fastspring seemed like a good option.  For my software, I need a means of protection that does not rely on embedding code because it's a non-compiled application.  It consists of a Filemaker Pro database with is bound to an executable that Filemaker generates.  So I need an exe wrapper (unless someone knows of a better way).  And the exe wrapper needs to work with FastSpring to do license generation.

Fastspring seems to be setup with some third party solutions but not clear to me if they do wrapping and they seem pretty pricey.

Would appreciate any suggestions. 

Michael
Michael Jasper Send private email
Saturday, August 02, 2014
 
 
We have a few different customers doing what you want to do. Namely, they have "assets" they want to license, but they aren't typical applications.

The short answer is that yes, we support that type of behavior and LimeLM works with FastSpring: http://wyday.com/limelm/help/automate-license-generation-with-fastspring/

I can get into the nitty-gritty implementation details here if you'd like. There are about a dozen ways you can do this, each with trade-offs.
Wyatt O'Day Send private email
Saturday, August 02, 2014
 
 
Hi Wyatt - I had looked at LimeLM but couldn't see how to use it to wrap an exe.  I just looked at your links and still can't see how to do that.  What I've been doing up till now is using Software Passport to protect the exe, then using Centurion Setup to create an installer (included the protected exe file). 

Can you explain how this would be done or send me a link to that information?

Thanks!
Michael
Michael Jasper Send private email
Saturday, August 02, 2014
 
 
Oh yeah - I'd love to hear all the nitty gritty stuff on different ways to do this if you don't mind posting!

Thanks!
Michael Jasper Send private email
Saturday, August 02, 2014
 
 
Sorry to leave you hanging, Michael. I'll write an explanation later today.
Wyatt O'Day Send private email
Tuesday, August 05, 2014
 
 
I'll keep it Windows-centric, but just know that these concepts all have unix equivalents.

There are 2 broad ways to "wrap" assets or an executable that you have no control over.

1. The simple way.

Use an installer that extracts the assets (and/or 3rd party executable) into a temporary folder and then executes it. The installer waits around and then deletes the "asset" once it has finished executing.

This can be done relatively easily with NSIS or InnoSetup or any one of the other installers out there. You integrate whatever licensing you're using in the installer (for first time activation and for subsequent verification). Here's one way to do it with LimeLM: http://wyday.com/limelm/help/using-turboactivate-with-inno-setup/



2. The hard way

Re-implement the operating system executable loader. This is a multi-step process that goes something like this (in very broad strokes):

- Map the executable into memory.
- Satisfy dependencies (static & dynamic).

This is what "wrappers" / compressor / "protectors" like UPX do.

Does this extra work of rebuilding what the operating system already does add extra protection? Nope, none at all. The protection is illusory. All "wrappers" can be unwrapped.



So, which should you use? They can both be cracked easily. But the point of licensing isn't to stop crackers; the point of licensing is to increase revenue by preventing key-sharing.

So, use the easy way.
Wyatt O'Day Send private email
Saturday, August 09, 2014
 
 
> the point of licensing isn't to stop crackers; the point of licensing is to increase revenue by preventing key-sharing

The point of cracks is so people don't need a key share in the first place.  ;)

You can do the simple way all you like, but it means nothing if a user just applies a crack to it and then shares the cracked exe with millions of others.
PSB136 Send private email
Sunday, August 10, 2014
 
 
I feel like I've had this argument with you before, PSB. But I don't mind re-treading old ground. It's clear I didn't get through to you the first time.

Will I get through to you this time? Probably not, but what the hell? Maybe it'll help someone else.

First, let's start with the false assumption. You wrote:

>> "You can do the simple way all you like, but it means [...]"

This presumes that the "hard way" is harder to crack than the "simple way". It's not. There's a negligible time difference in cracking of the 2 different ways.

I think you misunderstood what I meant when I said "simple way" and "hard way". I'm talking about how "simple" or "hard" it is to implement. I'm not talking about cracking.

So, how "hard" is the hard way to crack? Not hard at all. An hour or 2 to crack for a "new" protection and for a cracker with moderate to low experience. (None of these wrappers are really "new", which is why they're so easy to crack. They're all virtually identical to the crap from the 90's.)

What about an existing "wrapper protection" that has already been cracked? Well, for that, a script kiddie with the ability to use google could crack it in about 30 seconds. Why? Because unpackers exist.

Short answer: learn how to reverse engineer.



>> "The point of cracks is so people don't need a key share in the first place.  ;)"

Is there an emoticon for a loud sigh and putting my face in my hands? Maybe I need a reaction gif: http://www.reactiongifs.com/wp-content/uploads/2013/03/incredulous.gif

Oh, I guess I should answer you with words too.

1. Customers don't cracker.
2. Crackers don't buy.
3. Stopping "casual piracy" (key sharing) actually increases revenue. (This is empirically true).

I've covered this before a few times in this forum. Also, we cover it here: http://wyday.com/limelm/features/why/



>> "[...] shares the cracked exe with millions of others."

This sentence fragment was part of a larger falsehood. But I'll pretend it wasn't and give you a real solution to the cracked app problem. What do you do if a cracked version of your app shows up in Google and Bing? Use the DMCA to get the results removed.

You don't know how to do that? Google it. Or Bing it. (But really, Google it). All major search engines have a quick process to get these pirated links removed quickly.
Wyatt O'Day Send private email
Sunday, August 10, 2014
 
 
>> "1. Customers don't cracker."

Oops, should be "customers don't crack".

Customers do eat crackers.
Wyatt O'Day Send private email
Sunday, August 10, 2014
 
 
> I don't mind re-treading old ground

We all know you don't, because you tirelessly pimp your product here every chance you get.  My comment was just to keep it real: what you offer does NOT in any way guarantee to increase sales or prevent casual sharing at all.  You keep saying it does, but that sounds like a Snake Oil merchant to me.

I can see I've p*ssed you off with my reply, so yeah, I better stop now.  Wish you'd stop with the spam here, too, though.
PSB136 Send private email
Sunday, August 10, 2014
 
 
>> "[...] what you offer does NOT in any way guarantee to increase sales or prevent casual sharing at all.  "

It does, and it's measurable. That's what "empirically true" means.



>> "sounds like a Snake Oil merchant"

Uh huh, ok. Again, words have meanings. Our claims are testable, have been tested, and have been proven true again and again. Don't believe me? That's OK. You can test our solution yourself. Prove us wrong.



>> "I can see I've p*ssed you off [...]"

Nah, I was just teasing you. If I hurt your feelings, then I'm sorry. I wasn't trying to be mean. I was trying to bring levity to an otherwise dull topic.
Wyatt O'Day Send private email
Sunday, August 10, 2014
 
 
Okay.  Until your next thread.  <Salute>.
PSB136 Send private email
Sunday, August 10, 2014
 
 
OK? You realize that I'm not Michael, right?

I was the only person to answer his questions. You did offer some advice, but it was ill-informed and, frankly, wrong. I don't know you, but I'm sure you didn't offer bad advice with malicious intent. It just comes from your inexperience in these areas.

I also seem to recall you taking my advice at least a couple of times in the past. Of course, you only took it after first accusing me of being a shill, pimp, and other nonsense.
Wyatt O'Day Send private email
Tuesday, August 12, 2014
 
 
> You realize that I'm not Michael, right?

I didn't say you were.  Why on earth would I think that?  Have you got something to confess?
PSB136 Send private email
Tuesday, August 12, 2014
 
 
I can't tell if you're a troll, or if you don't fully grasp the English language.


>> "I didn't say you were.  Why on earth would I think that?"

>> "Until your next thread."
Wyatt O'Day Send private email
Tuesday, August 12, 2014
 
 
Neither.  I meant till your next thread when you gleefully answer someone else's query about how to prevent piracy.  So, until that thread: <salute>.  LOL!
PSB136 Send private email
Thursday, August 14, 2014
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz