Implementing Licencing mechanism for a Software

algorithm licensing piracy-prevention
12,787

Solution 1

First of all, nothing is hackproof, so i wouldn't spend too much time on protecting your software.

The downside of a mechanism based on hardware IDs is when a user buys a new computer or upgrades most of his computer he needs to update the key too. HWHash is a pretty good HardwareID implementation, but i guess there are more (free) solutions. At work we use Hardlock and Hasp keys, but these are usbkey solutions which are not very efficient for small applications.

Solution 2

Ideally you need something that is OS independent.

I would recommend that you embed the license protection within your code or wrap your application within it in such a way that it cannot be run without the copy protection code having run first.

It would be best if your application needs a license key file in order to operate and that this isn't generated locally.

One way of doing this is that your application generates some form of image code based upon the hardware on it's initial run. This is supplied to you and in return you supply the license key which will allow the code to run. Best to base the hardware image around CPU and motherboard as these will change the least often.

Your app. should check against hardware image and license key whenever it is run.

If you want your app. license time limited then it should also keep track of how long it has run and embed it within the license key file.

Don't forget to encrypt the license file.

Also don't forget to make it more difficult to reverse compile your executable by use of a dotfuscator or similar.

Solution 3

Check this question: What copy protection technique do you use?

It also links to other related questions.

Solution 4

I am thinking of implementing a good licensing mechanism that has a good resistance against piracy. The required mechanism should not use an internet connection at each and every time the software is used.

Then how about a periodic online check of the licence?

When the user logs in the first time, the user verifies the install against his account and a licence file is stored on the users PC. This licence file is encrypted and contains all the data needed to uniquely identify the license. This is all stored on your server.

The licence file expires in set number of days or even months. Logging in after the file expires checks against the account and verifies its legitimacy. You might even consider generating a new licence file at this time.

There should be some smarts that give some leeway in the case that the users internet is down and the licence cannot be registered. Perhaps 7 days.

If the software is reinstalled on a new computer the user has to repeat the verification process.

As the others have stated there is no way to beat a determined pirate, since such a person will hack the code, but this should prevent or slow down casual piracy.

Solution 5

I'd be very wary of published software protection mechanisms, as they are much more likely to have published hacks. You are probably better off using some of the techniques to get a unique persistent ID and use this to roll your own protection mechanism. I also think that it is a poor idea to simple check the license whenever you run the program, as this leads the hacker to the location of your proection mechanism. IMO, your are better checking the license in a more random fashion, and more than once per session.

FWIW, I use hardware locks (hasp) for my high end desktop software, and device ID based licensing on mobile solutions. If you are selling small quantities of high cost software in a vertical market, IMHO, a good license protection mechanism makes sense, and hardware dongles work well. My experience has been that people will use more licenses than they purchase if this is not in place. For high volume, low cost software, I'd tend to live with the piracy based on increasing the size of the user base and product visibility.

Share:
12,787
Chathuranga Chandrasekara
Author by

Chathuranga Chandrasekara

A seasoned professional with 10+ years of Industry experience. The core competencies are, 1. Full Stack Solutions Architecture 2. Design and Implementation of Internet of Things (IoT) Software and Hardware/Firmware Programming Languages - Java | Python | NodeJS | JavaScript | TypeScript Front End Frameworks - Angular | React | Backbone | Bootstrap | Material Dependency Injection - Spring ORM - Hibernate Microservices - Spring Boot Batch Processing - Spring Batch Containerization - Docker Orchestration – Kubernetes Databases – MySQL | Postgres SQL | MS SQL Server NoSQL - MongoDB | Cassendra Build Tools – Maven | Gradle CI/CD – Jenkins | Ansible | Chef Testing - JUnit | Jasmine | Karma | RestAssured | Selenium Caching - Redis | Guava Dashboarding - Kibana | Banana Reporting - Jasper | Penthaho Health Monitoring – Prometheous | OpenTSDB | Ngios Messaging – RabbitMQ | Kafka API Gateways – Zuul | WSO2 API Manager | Nginx | Kong Cloud Services – AWS | OpenShift Identity Providers - KeyCloak | Apereo CAS REST Documentation - Swagger REST Security - JWT | OAuth2 Protocols - CoAP | STOMP | XMPP | TLS | REST | SOAP | MQTT | AMQP Source Management - Git | Subversion | Mercural Deep Learning & Numerical Calculation - Keras | Tensorflow | Caffe | Pandas | Numpy Image Processing and Computer Vision - OpenCV Project Management - Jira | ScrumWorks Programmable Hardware - Arduino | Rasberry Pi | PIC | ESP 32| ESP8266 GPRS & NB-IoT - SIM 800 | SIM 900 | SIM 7000 IoT Prototyping - NodeRed Search Engines - Elastic | Solr | Fast ESP Mobile – Android | Telerik NativeScript | Ionic 2 | React Native My other interests are, 1. Machine Learning 2. Deep Learning / Artificial Neural Networks 3. Artificial Intelligence

Updated on June 04, 2022

Comments

  • Chathuranga Chandrasekara
    Chathuranga Chandrasekara almost 2 years

    I am thinking of implementing a good licensing mechanism that has a good resistance against piracy. The required mechanism should not use an internet connection at each and every time the software is used. I am thinking of a mechanism based on hardware IDs etc. Do you guys have any better suggestions? What are the parameters/algorithms/characteristics that I need to concern to make a hack proof license mechanism?

  • AviD
    AviD almost 15 years
    I like the hasp keys - have used them in the past - but I would say not very good for BIG applications... And by the by, these are also quite hackable, I've done it with not very much effort.
  • AviD
    AviD almost 15 years
    I would point out that this all applies to installed software. Online services (obviously not your intent) can enforce better limitations.
  • Martin Brown
    Martin Brown almost 15 years
    "no licensing mechanism will protect you from piracy, or even substantially reduce it" I disagree with this. In the most part a simple copy protection will go a long way to keeping honest people honest and can make quite a dent in casual copying. For example, large companies often make HD images with licensed software on and then failed to buy more licences each time the image was used. It wasn't that they wanted to pirate the software, just kind of did it accidentally. This kind of thing is quite easy to stop and you can make a substantial reduction in it.
  • AviD
    AviD almost 15 years
    Martin, I agree - but I dont consider "casual copying" to be the dangerous kind of piracy that is usually being blocked... This is what I was saying about the good guys - you're right, licensing should be intended to keep the honest people honest, but it wont help much against the really bad guys.
  • sorin
    sorin about 14 years
    BTWm, hwhash.com link is obsolete.
  • dyesdyes
    dyesdyes about 9 years
    The most annoying kind of software are the one needing internet ONLY for the license. If you happen to be offline at some points and there is a check. It will be horribly annoying if you can't it anymore.
  • John Judd
    John Judd about 9 years
    You'll notice I did say there should be some thought given to how to avoid that situation.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Licensing web applications
How to prevent decompilation of any C# application
rank items in list of string in dart
How to implement a search bar in flutter E-commerce app with tons of products?
How to calculate the number of time an event occurs in any month if I have the weekly schedule?
Algorithm to solve this Maze game
Can't accept Android Licenses (Flutter)
Sort a dart list based on constructor parameter
Sort a List in Dart based on how another List was sorted
How facebook manages user profiles in database?