Updated 2010-06-09 13:52:38 by CMcC

Harry Robinson I have heard Windows XP has a sort of protection so that it cannot be copied. I also heard of users having to phone to get the code. Does anyone know how this really works? Is it efficient?

Also does anyone know of a good system to protect a TCL software?

Thank one thank all (June 1 2004)

See source protection. It's a good idea to run a search [1] before creating a new page.

Source protection is a much more apt term. "Piracy" is inaccurate, because legally, what's happening is "misappropriation", meaning using something wrongfully, against the wishes of the author as expressed in the license. This is different than stealing or pirating something. If I take your car, you no longer have the car to use. If I copy your software against your wishes, you may (or may not) lose out on some money, but of course still own the software. - davidw

That page really doesn't cover this topic. Preventing an executable from being copied and used elsewhere is not the same problem as protecting source from prying eyes. One might argue day and night about the right & wrong of each, the possibilities for success, etc. But clearly they are not the same question, though both might come up in the same discussion.

To Mr. Robinson's question...my understanding is that XP obtains information on the hardware configuration and compares this information with the hardware present at boot time. This is, of course, an oversimplification, but that is the general concept. There is nothing to prevent a TCL app from doing something similiar, but to my knowlege it has not been implemented.

I know the Scriptics tools used a licence-key server system to control licencing. Perhaps something like this would suit your needs. Others would know more about it then me, and hopefully will chime in here ;-).

Harry Robinson ''Thanks so much for a very enlightening answer Mister ... (I'm sorry I did not see your name! :-)). I have been told the same thing about XP's protection: it does a sort of virtual digital prints. Very interesting!

The Scriptics tool sounds like the solution I am looking for. Thanks! No offense to supporters of open-code but bear with us we'll be trying to make a living with software so we just can't give it out.

Beware - I've often pondered the same thing. The way I see it, you need to choose some unique code on the computer (Hard drive serial number, Windows key, or some other piece of information).

What many/most small apps do is to encrypt that code into some other code and present this to the user on registering. The customer then pays, and is sent a second code to input and 'unlock' the program. The second code would be the first code, run through some algorithm.

So the code the customer is given can be stored with the app (it doesn't need encrypting or anything), and at run time, the app can get the original unique code from the computer, convert it into the second code (the one the customer sees), then convert that using the same algorithm that you used to give them their key. Compare the keys, and if they're the same, then run 'unlocked'.

The main problem is a resourceful hacker (the people that make keygens) might be able to figure out your algorithms, since they're in the applications' code...

AMG: Simpler still is to modify the program to bypass the check entirely. This can be as easy as inverting the sense of a conditional branch, or overwrite the first instruction of the test with an unconditional jump to the first instruction of the success handler.

Beware: True. You could do the test multiple times, which would slow them down... of course, you'd have to freewrap or starpack your code, so it couldn't be read or edited.

What unique serial numbers can tcl easily get from the system? My first thought would be the hard drive's UUID. Can tcl get that easily? How?

Beware: Just for fun, here's a simple version of my idea. It tries to create a key that's easy to read (ie, a constenant and then a vowel), from the serial number of the harddrive (Windows (XP?) only).

The generated code is just rot13, but it would be simple to implement something more complex.

The code for the application (ie the one the user has)
proc rot13 {line} {
        set text [string map -nocase {a n b o c p d q e r f s g t h u i v j w k x l y m z n a o b p c q d r e s f t g u h v i w j x k y l z m} $line]

set con [list b c d f g h j k l m n p q r s t v w x y z]
set vow [list a e i o u]

# Windows only
set inf [exec cmd << vol\n]
set suc [regexp {.*Number is (.+?)\n.*} $inf => uid]

set uidl [split $uid {}]

set sw 1
set key ""
foreach letter $uidl {
        if $sw {set sw 0} else {set sw 1}
        set n [scan $letter %c]
        if $sw {
                set n [expr $n%21]
                append key [lindex $con $n]
        } else {
                set n [expr $n%5]
                append key [lindex $vow $n]

# $key can now be displayed to the user...

set regkey [rot13 $key]

# $regkey is what the user should have to make it work

# is there a key file?
set curkey ""

if [file exists key.key] {
        set fh [open key.key r]
        set curkey [read $fh]
        close $fh

# do they match?
set registered 0
if {$regkey eq $curkey} {
        set registered 1

proc register {} {
        global enteredkey regkey registered
        if {$enteredkey eq $regkey} {
                set fh [open key.key w]
                puts -nonewline $fh $regkey
                close $fh
                set registered 1
                .reg configure -state disabled -text "Already Registered"
                tk_messageBox -message "Thank-you for registering"
        } else {
                tk_messageBox -message "Invalid key"


label .i -text "To register, please contact\nthe author quoting key\n$key\n\n"
entry .t -textvariable enteredkey
button .reg -command register -text "Register Me"
pack .i .t .reg
if $registered {.reg configure -state disabled -text "Already Registered"}

# And here's the key generator
proc rot13 {line} {
        set text [string map -nocase {a n b o c p d q e r f s g t h u i v j w k x l y m z n a o b p c q d r e s f t g u h v i w j x k y l z m} $line]
proc gen {} {
        global enteredkey regkey registered
        tk_messageBox -message [rot13 $enteredkey]

label .i -text "enter key"
entry .t -textvariable enteredkey
button .reg -command gen -text "generate"
pack .i .t .reg

CMcC - 2010-06-09 09:52:38

Keep it away from the south china sea and the east coast of africa, and also mount a watch to repel boarders.