How do I copy-protect my Java application?

java licensing reverse-engineering copy-protection cracking
27,042

Solution 1

The most common way to handle this is: customer gives you money, you generate a unique unlock key and provide that to the customer. The key should be a valid unlock key, and it should encode identification information about the user. Customer uses that key to install on as many of their computers as they like, or is allowed by the license.

Don't worry about reverse-engineering. Your product, if it's at all popular, will be pirated - you'll find unlock keys online if you look hard enough. If you like, you can take that as a compliment - someone liked your software enough to steal it. Cold comfort, I know, but the alternative is to get in an arms race with the pirates, and you won't win that. In the end, a few percent of the population will steal software, and you can't do much about that. You can use the key's identification information, if your scheme is strong enough, to trace who released the key in the first place.

Solution 2

Actually there are a number of license management solutions that can help, but the REAL problem is that all of they can be cracked. I've personally tried the most expensive to the cheapest. Finally I rolled my own, and I check the software's pc details (mac id, etc.) against the recorded details in my server every time the software is run. Because my software is tightly tied to the Internet, it is okay, but I am sure it will be cracked one of these days.

What you probably need is to police the Internet regularly, and find where your software is being pirated, contrary to the popular belief you can actually stop them in most cases. Just serve a DMCA to the downloading website (most of them will comply), and you will be able to get your software removed in about 80% of the cases. I've done and experienced it on my software. Some people do not remove, but I've found that in the 1.5 years I've been doing this, my sales have improved.

I also use a service -- http://spotpiracy.com which helps me find these links apart from my own manual research (i have a guy dedicated to this). :)

Solution 3

Everyone has their own opinion on this subject so expect lots of different advice. Here's my take on it:

  • 1. Obfuscate your code (proguard is recommended)
  • 2. Offer a FREE version with full capabilities for a trial period
  • 3. Use a serial number routine based on the registering users email or other unique info

Overall you will have to accept a certain amount of piracy, but if your application is worthy people will pay for it. Honest people will be honest and copy protection will not make dishonest people honest.

Solution 4

In my opinion, if you don't know exactly how you will protect your source code efficiently, then don't start trying to hash something together yourself based on hardware. It will be too easy to break, and most likely just annoy your customers.

I would sugest you have a look at how Atlassian does this. They happen to sell Java software, and apparently do quite well. http://www.atlassian.com/ Try downloading e.g. JIRA and play with an installation. This will give you a good idea of how their licensing scheme works, and what users can reasonably expect from professional software.

Solution 5

In my old c++ days i get in arms to front the piracy using MAC Address code protection, very nice and really no body stole my software uppone the mac address protection because i always force the OS to re-read the real mac avoiding mac overrides. That was on C++ coding having direct access to local resources.

thats not the case today, nither in java applications in which the code is located in .class files that can always being decoded back to the original source code (yes it is possible, and very easy to find tools to do so).

i think, as resume, it is impossible to protect java programs agains piracy. i find no way like the old golden c++ days :)

Share:
27,042
cragiz
Author by

cragiz

Updated on February 21, 2020

Comments

  • cragiz
    cragiz about 4 years

    I want to sell my Java application using PayPal. When a payment is received, the customer is mailed a one-time download link to my application.

    My question is, how do I prevent people from sending the .jar file to their friends/uploading it on the internet?

    Obviously I need some kind of check in the application which only allows it to run on one computer. And that's another problem, I don't want a customer to have limitations on one computer, they should be able to run it at home and work etc.

    Maybe some kind of cd-key would do the trick? Is there any cd-key resources for Java out there? Or should i build my own algorithm? Here comes yet another problem, reverse engineering..

    Please help me solve this :)

  • Colin Hebert
    Colin Hebert over 13 years
    It's easier to crack a version with a trial period. You already have the full version, all you need is to fake the time.
  • Paul Gregoire
    Paul Gregoire over 13 years
    That goes back to several of my points - keeping honest people honest, obfuscation, and accepting that you will not defeat piracy.
  • Stephen C
    Stephen C over 13 years
    not entirely true. In some cases, badly implemented DRM will prevent honest people from doing things that they are entitled to do (by law), and cause them to break your DRM. (Or throw your software out of the nearest window, and never do business with you again!)
  • Paul Gregoire
    Paul Gregoire over 13 years
    Very true Stephen, good point
  • cragiz
    cragiz over 13 years
    I'm going to need an online lookup service for the keys right?
  • Alba Mendez
    Alba Mendez about 12 years
    I really LOVE the second paragraph, especially the you won't win the pirates part. They want to copy (or steal, if you want to call it that way) your software, they'll do it. You can't oppose.
  • Vishy
    Vishy over 11 years
    You can check the key online, limiting how often they are installed, though a reverse engineered program doesn't have to do this.
  • Steve W
    Steve W about 3 years
    Michael - Do you have any example of how to implement your suggestion in Java?
  • LegendLength
    LegendLength almost 3 years
    @AlbaMendez It's bad advice in my opinion. I've used copy protection before and it helped tons in stopping piracy (product was popular). I didn't have any copies on torrent, only some keys that i continually disabled in future versions.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create a secure licensed Java EE application?
Finding out the licenses of JAR libraries
Hibernate tool to create basic mappings based on a mysql db
Netbeans 7.1 Hibernate Reverse Engineering wizard does not find database driver
Obtaining Java source code from class name
Reverse Engineering in Java
Jboss Hibernate Tools: Reading error schema - Probably a JDBC driver Issue
Need assistance to decompile a jar file, edit the a class, and save as jar file
Suggestions needed: Effective Java to C source code converter
protect Java Application by licence or key