Re: Registration Code
Steven D'Aprano wrote: > What are the odds that Vista will have it? Ross Ridge wrote; > About 100%. Steven D'Aprano wrote: > Considering that you can hardly walk into a university, school or > corporation without finding Windows or Office supplied without PA, would > you care to revise that number? No. Windows Vista is certain have product activation, just like Windows XP does. The fact that volume licence users of Vista won't be required to use product activatation, just like volume licence users of XP, doesn't make it any less certain. Ross Ridge -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
On Tue, 04 Apr 2006 12:02:24 -0700, Ross Ridge wrote: > Steven D'Aprano wrote: >> Look at Microsoft. Their first version of Word (for Macintosh, as it >> turned out) was copy-protected. Their second version of Word, and every >> version since, as well as Excel and Powerpoint, have not included copy >> protection, time-limitations, product activation, or any other barrier to >> keep users away. On the contrary -- Microsoft have turned a blind eye >> to piracy until fairly recently. Same with Windows -- although, a few >> years back when Microsoft felt secure in owning the desktop, they >> introduced product activation. > > Microsoft has been using product activation in it's office software for > a while now, before Windows XP in fact. You're right, Office has Product Activation as well as Windows, that was my error. However, consider how easy Microsoft make it to avoid Product Activation: if you purchase volume licences, and by volume I mean five licences or more, you don't have to use PA. I know plenty of people who have activated their version of Windows; I don't know anyone, home user or corporate, who has needed to activate their version of Office. It is so easy to legally avoid PA on Office that I wasn't even aware you needed to do so -- and let's not even talk about illegal installations. Presumably there are a few SMEs and home users who have had to do PA on their Office installs, but as a percentage, I'd be very surprised if it was more than a tiny minority. >> What are the odds that Vista will have it? > > About 100%. Considering that you can hardly walk into a university, school or corporation without finding Windows or Office supplied without PA, would you care to revise that number? (That's a rhetorical question, by the way.) -- Steven. -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Steven D'Aprano wrote: > Look at Microsoft. Their first version of Word (for Macintosh, as it > turned out) was copy-protected. Their second version of Word, and every > version since, as well as Excel and Powerpoint, have not included copy > protection, time-limitations, product activation, or any other barrier to > keep users away. On the contrary -- Microsoft have turned a blind eye > to piracy until fairly recently. Same with Windows -- although, a few > years back when Microsoft felt secure in owning the desktop, they > introduced product activation. Microsoft has been using product activation in it's office software for a while now, before Windows XP in fact. > What are the odds that Vista will have it? About 100%. On the other hand, the original poster is no Microsoft. He, as you said, should seriously consider whether requiring his software to be registered is going to be worth the effort. Ross Ridge -- http://mail.python.org/mailman/listinfo/python-list
RE: Registration Code
> On Behalf Of Dave Mandelin: > Second, I hear that in general it is very difficult to make a > time-limited demo, because the code has to be all there, so all a > cracker has to do is bypass the "if". It seems that even this method > won't work for that. Do you know of any way to make time limiting > secure? If the application is to be Windows only (and I assume this from statement about using py2exe), one fairly secure and easy method is to put some critical functionality into a plain DLL or (compiled) COM module, and use a commercial software-protection program like Armadillo on that. Armadillo is much more secure than just about anybody could make on their own, and instead of wasting time (and probably introducing bugs) implementing it yourself, you can use that time improving your application. Armadillo handles all sorts of protection schemes, from time limitations to machine locking and "crippling," and combinations thereof. (I have no commercial or other interest in Armadillo.) Another tack to take is to maintain content updates on a Website for download. The Website would check the registration code. This foils most cracking methods, and even shared codes can be blacklisted when found. Of course, this only works for certain types of applications, but when it is possible it has the benefits of not requiring significant changes to your application, remaining transparent to the user, and most importantly, not antagonizing legitimate users. And of course, it would enable cross-platform (commercial) use of your application. A variation of this strategy is the subscription model. Regards, Ryan --- Ryan Ginstrom http://ginstrom.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
On Mon, 03 Apr 2006 19:29:14 +0200, Math wrote: > Hello, > > I wonder if I can ask this particular question here... > I'm writing this piece of Python Software and I'm almost done...:-) > But now I want the end-user to register this software with a registration > code or perhaps something like an evaluation demo version which expires > after some period of time... > Is this the right place to ask or does anybody know where to look for more > on the subject? Is your application really such a gee-whiz super-duper can't-live-without-it program that your users will put up with all the inconvenience and hassle, not to mention loss of privacy, of having to register? Or will they just dump your program when the demo stops working? It seems to me that the hardest problem for any new application is getting people to use it: most users won't ever find out about it; of those who do most won't care about it; of those who care, most can't be bothered downloading and installing it; and of those who might have, most will probably know of an alternative that does the job as well or better, or at least that they are more familiar with. So every little barrier you put up to make it more difficult for users to use your application, the greater the chances that your application disappears into obscurity. Look at Microsoft. Their first version of Word (for Macintosh, as it turned out) was copy-protected. Their second version of Word, and every version since, as well as Excel and Powerpoint, have not included copy protection, time-limitations, product activation, or any other barrier to keep users away. On the contrary -- Microsoft have turned a blind eye to piracy until fairly recently. Same with Windows -- although, a few years back when Microsoft felt secure in owning the desktop, they introduced product activation. What are the odds that Vista will have it? -- Steven. -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Dave Mandelin wrote: > Ken Seehart wrote: > > Math wrote: > > > Hello, > > I encypted the bytecode of a few important functions with a key based on > > information required from the user. Without the key, these functions > > can't be decrypted. This is somewhat more secure than just testing the > > key with an "if" statement since the latter could easily be bypassed by > > a hacker. > > That's a really good idea. I have a couple more questions, if you don't > mind: I am going to distribute an app using py2exe. Is it reasonably > easy to apply this technique to bytecode stored inside the library.zip > file, or should I just include the encrypted Python files as separate > files? > > Second, I hear that in general it is very difficult to make a > time-limited demo, because the code has to be all there, so all a > cracker has to do is bypass the "if". It seems that even this method > won't work for that. Do you know of any way to make time limiting > secure? > If an attacker is determined to 'decompile' your application then it will be possible. Although decompiling python byte-code (even from py2exe wrapped programs) is easy, it's probably a less practised art than breaking C code. (Although I guess such dissasembly is usually done on an assembler level). The obvious way to make it more secure is to include several checks. Unless you are going to be writing a program used by tens of thousands of users, it is likely that it is not worth the effort of the hackers to bother. I'd release the early versions using simple protection mechanisms, and develop your protectionas your userbase grows. Again - there are commercial tools available that will handle this for you, if you want a higher degree of protectoin (although by no means infallible) immediately. Fuzzyman http://www.voidspace.org.uk/python/index.shtml > Thanks. > > -- > Want to play tabletop RPGs online? > Check out RPZen:http://koboldsoft.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Math wrote: > P..Philippe.. > Where can I find some sample code if any? > And I'm not a professional programmer... > This is going to be hard...and my native is Dutch.. > Thanks anyway Distributing your project using py2exe probably removes the need for bytecode encryption - unless you figure your programme is going to be attacked by determined hackers. If it will be, encyption won't be enough anyway. Just include a registration check in your code and make sure you provide a way to enter a key. At the start of the program check the date to see if the program has expired. There are several ways of doing this. You can write to the windows registry the date the program is first run and count the date from then, or hard code an expiry date into your application. Writing to the registry is not difficult - but you will need to learn how to do it. There are lots of resources on this and a standard library module to do it. (``_winreg`` I think ?) You will need a scheme to generate keys - a simple algorithm that can generate unique keys. Your program will need to include a way of checking that entered keys are valid. For example you could use the hexadecimal representation of two prime numbers plus an odd number and then reverse it - or some other obscure code. I'm sure there are lots of key generating algorithms documented online. Alternatively you could use CNET (or similar service) to sell and distribute your program. They will wrap your executable in code that does all of this for you. Fuzzyman http://www.voidspace.org.uk/python/index.shtml > > Hi, > > A suggestion: > > I would use encryption (ex: AES): > > Hide a secret key in your code and generate an encrypted (readable: ex 07 7B > 6F ) version of the correct info (such as full release, or demo expire > in ...) with that very same key. > > Have your software input that encrypted info (some GUI dialog box), decypher > the info then act accordingly. > > The trick is: where to store that ? I would use some binary data file > (encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious > tampering. > > Hope that helps, > > Philippe > > > > > > > Math wrote: > > > Hello, > > > > I wonder if I can ask this particular question here... > > I'm writing this piece of Python Software and I'm almost done...:-) > > But now I want the end-user to register this software with a registration > > code or perhaps something like an evaluation demo version which expires > > after some period of time... > > Is this the right place to ask or does anybody know where to look for more > > on the subject? > > > > Thanks > > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Ken Seehart wrote: > Math wrote: > > Hello, > I encypted the bytecode of a few important functions with a key based on > information required from the user. Without the key, these functions > can't be decrypted. This is somewhat more secure than just testing the > key with an "if" statement since the latter could easily be bypassed by > a hacker. That's a really good idea. I have a couple more questions, if you don't mind: I am going to distribute an app using py2exe. Is it reasonably easy to apply this technique to bytecode stored inside the library.zip file, or should I just include the encrypted Python files as separate files? Second, I hear that in general it is very difficult to make a time-limited demo, because the code has to be all there, so all a cracker has to do is bypass the "if". It seems that even this method won't work for that. Do you know of any way to make time limiting secure? Thanks. -- Want to play tabletop RPGs online? Check out RPZen:http://koboldsoft.com -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Math wrote: > Hello, > > I wonder if I can ask this particular question here... > I'm writing this piece of Python Software and I'm almost done...:-) > But now I want the end-user to register this software with a > registration code or perhaps something like an evaluation demo version > which expires after some period of time... > Is this the right place to ask or does anybody know where to look for > more on the subject? > > Thanks > One thing I tried some time ago: I encypted the bytecode of a few important functions with a key based on information required from the user. Without the key, these functions can't be decrypted. This is somewhat more secure than just testing the key with an "if" statement since the latter could easily be bypassed by a hacker. To encrypt the function, I saved the bytecode of the target function to a file. Then, in the version to be shipped, I substituted the encrypted version of bytecode for the original bytecode. The rest of the program (including the part that asks for the authentication information) works fine. If the authentication passes, the encrypted function(s) are decrypted. Normally the encrypted functions are never executed of course (if authentication fails, the user is notified). If a hacker bypasses the authentication test, the program will crash when the program attempts to executed the encypted bytecode. How to determine the key depends on your application. You may choose to include hardware serial numbers, for example. - Ken -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Hi, Use the DES example here (DES has been cracked but is definitly secure enough for your need): http://www.amk.ca/python/writing/pycrypt/pycrypt.html Can't help you with the Dutch ;-) Philippe Math wrote: > P..Philippe.. > Where can I find some sample code if any? > And I'm not a professional programmer... > This is going to be hard...and my native is Dutch.. > Thanks anyway > > Hi, > > A suggestion: > > I would use encryption (ex: AES): > > Hide a secret key in your code and generate an encrypted (readable: ex 07 > 7B 6F ) version of the correct info (such as full release, or demo > expire in ...) with that very same key. > > Have your software input that encrypted info (some GUI dialog box), > decypher the info then act accordingly. > > The trick is: where to store that ? I would use some binary data file > (encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious > tampering. > > Hope that helps, > > Philippe > > > > > > > Math wrote: > >> Hello, >> >> I wonder if I can ask this particular question here... >> I'm writing this piece of Python Software and I'm almost done...:-) >> But now I want the end-user to register this software with a registration >> code or perhaps something like an evaluation demo version which expires >> after some period of time... >> Is this the right place to ask or does anybody know where to look for >> more on the subject? >> >> Thanks > -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
P..Philippe.. Where can I find some sample code if any? And I'm not a professional programmer... This is going to be hard...and my native is Dutch.. Thanks anyway Hi, A suggestion: I would use encryption (ex: AES): Hide a secret key in your code and generate an encrypted (readable: ex 07 7B 6F ) version of the correct info (such as full release, or demo expire in ...) with that very same key. Have your software input that encrypted info (some GUI dialog box), decypher the info then act accordingly. The trick is: where to store that ? I would use some binary data file (encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious tampering. Hope that helps, Philippe Math wrote: > Hello, > > I wonder if I can ask this particular question here... > I'm writing this piece of Python Software and I'm almost done...:-) > But now I want the end-user to register this software with a registration > code or perhaps something like an evaluation demo version which expires > after some period of time... > Is this the right place to ask or does anybody know where to look for more > on the subject? > > Thanks -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Hi, A suggestion: I would use encryption (ex: AES): Hide a secret key in your code and generate an encrypted (readable: ex 07 7B 6F ) version of the correct info (such as full release, or demo expire in ...) with that very same key. Have your software input that encrypted info (some GUI dialog box), decypher the info then act accordingly. The trick is: where to store that ? I would use some binary data file (encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious tampering. Hope that helps, Philippe Math wrote: > Hello, > > I wonder if I can ask this particular question here... > I'm writing this piece of Python Software and I'm almost done...:-) > But now I want the end-user to register this software with a registration > code or perhaps something like an evaluation demo version which expires > after some period of time... > Is this the right place to ask or does anybody know where to look for more > on the subject? > > Thanks -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
[EMAIL PROTECTED] OKAY Sybren.. How does one get the job done? -- > Math enlightened us with: >> But now I want the end-user to register this software with a >> registration code or perhaps something like an evaluation demo >> version which expires after some period of time... > > Fair enough. What do you want to know from us? > >> Is this the right place to ask or does anybody know where to look >> for more on the subject? > > You never asked anything ;-) > > Sybren > -- > The problem with the world is stupidity. Not saying there should be a > capital punishment for stupidity, but why don't we just take the > safety labels off of everything and let the problem solve itself? > Frank Zappa > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Re: Registration Code
Math enlightened us with: > But now I want the end-user to register this software with a > registration code or perhaps something like an evaluation demo > version which expires after some period of time... Fair enough. What do you want to know from us? > Is this the right place to ask or does anybody know where to look > for more on the subject? You never asked anything ;-) Sybren -- The problem with the world is stupidity. Not saying there should be a capital punishment for stupidity, but why don't we just take the safety labels off of everything and let the problem solve itself? Frank Zappa -- http://mail.python.org/mailman/listinfo/python-list
Registration Code
Hello, I wonder if I can ask this particular question here... I'm writing this piece of Python Software and I'm almost done...:-) But now I want the end-user to register this software with a registration code or perhaps something like an evaluation demo version which expires after some period of time... Is this the right place to ask or does anybody know where to look for more on the subject? Thanks -- http://mail.python.org/mailman/listinfo/python-list