8 Ways To Make Your Software Hacker-Proof and Crack-Proof
uses the latest military strength, state-of-the-art cryptographic technology
to generate secure and unbreakable license codes to ensure that your software
and intellectual property is protected. Cryptographic licenses are unbreakable
even when using brute force computing power. Furthermore, since the licenses
can only be generated using the private key (which only you possess),
this means that it is impossible for a hacker to develop a 'keygen' (key
generator) for your software. This is an excellent first line of defense.
It is upto you to provide the next line of defense. The following are
some useful tips and guidelines for designing effective licenses using
CryptoLicensing and writing effective license validation code using the
CryptoLicensing validation API. The philosophy is simple: to make it as
difficult as possible for the hacker to 'crack' your software and cause
the hacker to lose interest in your software or not make it worthwhile
Check license repeatedly
Instead of checking the license at software startup only, check the license
at multiple points of time during your software execution and from multiple
places in your code. Do not to use a single license validation routine
in your software. Check for a license from different places in your software,
but don't call a single license validation routine to do this. This ensures
that a hacker cannot bypass your licensing scheme by simply hacking a
single piece of code in your software and forces the hacker to locate
every piece of license validation code in your program.
Use multiple licensing checking layers
In addition to the normal license validation done every time your software
is executed, add another layer which checks for a license when a certain
random criteria is met. For example, you can check for a license on the
2nd Monday of each month, or every 63 days, or on the February 29th of
a leap year. If a hacker bypasses the normal license checking code, the
additional 'guerilla' layer is still present which will check for a license
and cause the check to fail.
Use encrypted dlls
Move some important part of your software in a dll and encrypt the dll
using a key. When generating licenses using CryptoLicensing,
embed this key in your license codes (use the custom user-data feature
of CryptoLicensing for this) and decrypt the dll using this key before
loading it. This ensures that even if a hacker bypasses licensing checking
code, your software will not function correctly since it will not be able
to load the encrypted dll file.
Check for the hash of your exe/dll to detect tampering
You can include the hash/checksum of your exe/dll in your license codes
generated using CryptoLicensing (use the custom user-data feature of CryptoLicensing
for this). When your exe/dll is loaded, you can recalculate the hash of
the exe/dll, and compare it with that included in the license code. If
different, this means that your exe has been tampered or modified. Similar
to license checking, perform this check at multiple points of time and
place in your software.
Do not display failures immediately
If a license check fails, note this but do not immediately display to
the user that the check has failed. Instead wait for some other part of
your software to run and notify the user there. This makes it more difficult
for the hacker to locate and bypass your license checking.
Don't use explicit error messages
When notifying the user of a failed license check, don't use explicit
and obvious messages such as 'License not valid'. Instead, display a generic
failure message and ask the user to contact your support department. He
may not know that the cause of the error is a failed license check, and
when contacted, you may try to make a sale and convert the illegal user
into a licensed user or even catch a hacker if he contacts you.
Crash or fail or output incorrect results when license check fails
In combination with above two, when a license check fails or when you
determine that your software has been hacked or your license scheme has
been compromised, note this and when your software perform some processing
at a later point of time, you can crash your software or output incorrect
results. Sometimes, a hacker may also lose interest in your 'buggy' program
which does not even display informative error messages!
Embed user information in generated licenses
When generating licenses, embed some data about the user in the license
such as the user's name, email or company name (use the custom user-data
feature of CryptoLicensing
for this). Display this information prominently at multiple places in
your software. This is a very effective way to discourage the user from
sharing his/her license code with others.
More Information About
CryptoLicensing - .Net
Edition | MFC
CryptoLicensing - .Net
Have a question? Email us.