This is to avoid having users run a single license on multiple machines. So it’s to “protect” a script I’ll be releasing publicly.
another ide maybe …using ipconfig /all in cmd …save it using “>” to some txt then read it, the term is physical address I think…
Thanks for the suggestion, but getting a list of all mac addresses is not a problem. The problem is identifying which macaddress from the list is the one I actually need. In my case I have the actual address of the physical network adapter (that’s the one which seems most stable) but there are also the addresses of a virtual machine and vpn. These three are very similar in their properties.
maybe these post can help you ?
you could also use some other hardware id. hdd id?
If you are planning to use the MAC address to make sure that your software will run in just 1 machine, then I would consider a few things:
1. Any sort of DRM must ensure in first place that it causes 0 (cero) frustration to the customers. You really don’t want a customer calling you Sunday morning because they can’t activate their software or the activation stopped working.
Software can have bugs, and that is understandable and tolerable, but software activation that fails can really piss off a customer.
2. Since the devices indexes are dynamically allocated, you can’t rely just on the index.
3. Devices can be enabled/disabled for different reasons.
4. There are plug-play network adapters.
5. The safest way to know which is the correct MAC address would be to use all the MACs to ping an internet address, but you must be 100% sure that all customers will have access to internet, which is not always the case.
Even though, what would happen if the user has a plug-play device and move it to another machine?
What would happen if for any reason they lose the internet access or your server is down?
How would you deal with Antivirus and Firewalls?
6. MAC addresses can be easily spoofed or cloned.
7. What would happen the main network adapter stop working or they have to replace it for any unknown reason? They would ask for a new activation code with the new MAC.
How many times will you allow a customer to do this?
Are they asking for a legit activation or are they trying to activate a second machine for free?
8. Will you run the check every time the user launches your software or just once?
If you will run it just once, then someone could activate all their machines with just 1 License.
If you will run it in every launch you must ensure that the machine will met the conditions in order to avoid fails.
9. Where and how will you store the License information? This is a hard one.
So, what options do you have?
One would be so create a fingerprint based on different devices and then evaluate if the amount of changes in those devices can allow or not to run the software. This must be very carefully planned, it is not as simple as it looks.
Some little advice:
Expend 99% of the time making a great software and 1% protecting it, not the other way around.
If you expend too much time protecting your software, a lot of frustration and headache are guaranteed.
Then, what do you think would be a good choice?
1. Poor software with poor protection
2. Poor software with great protection
3. Great software with poor protection
4. Great software with great protection
You are absolutely right, Jorge.
In fact, point ‘1’ is enougth to think about.
So… what to do?? Deliver unprotected code and pray?
No, I never mentioned that option and, unless you are creating a free or open source project, I think you should put some protection to it.
But you need to understand what are you dealing with and the problems and benefits it will give you and your customers.
A word for other developers reading this:
To be clear, from the last 4 options I mentioned, which one would you pick up? It is obvious that most developers would choose the option 4 (great software with great protection).
Now this rises another question:
Why would one think that option 4 is better than 3?
The common answer would be:
Because I expended a lot of effort creating my tool, and a good protection will ensure that it won’t be cracked so easily, so people will be forced to pay for my awesome product rather than wait for a lazy cracker to crack it. Even if it is cracked, I want to make those bastards suffer if they decide to crack my tool.
If you are one of the developers that think like this, let me tell you something, you better open a kiosk. There is nothing more away from reality that this sort of reasoning.
1. You will not make anyone’s life harder by implementing a good protection, except your own life and potentially the life of you customers.
2. If your software is good enough, IT WILL BE CRACKED. PERIOD!
3. If your software is ever cracked, you should consider it a compliment and not an offence.
4. If you are very lucky and have a very good software, by the time it gets to the front page of the pirate websites, you will be rich.
5. Don’t trust in your skills to create a good protection? Ok, go purchase a protection system and pray as well.
In order to create any good protection, you first MUST be able to break them. It is not the other way around. And if you ask how to protect your software, you are miles behind.
So, for anyone that might read this and is trying to create a good software protection, just don’t waste your life, and make it simple and solid. Remember 99/1.
Anyone that is whiling to break a simple protection, will also break any hard protection or will wait for a cracked version, or will simply go and use another software. There is no way you can force them to pay for your product, no matter how good it is, no matter how unfair you consider the situation.
- Any software with no protection
- No software with any protection
Speaking seriously, it’s a very interesting topic. It would be good to discuss it here…
I think a level of protection should depends on a price of the software you want to cell. If I cell 1000 bucks software I should be OK to answer my customers calls 24/7
Sure, but that is Corporative Level.
At that level:
1. They won’t ask this sort of questions in a forum
2. They will mostly purchase a Licensing product
3. They will kill your mother in order to get you pay for their product
4. They don’t care about QA or Customer Service
5. They don’t pray
Oh, 24/7 QUALIFIED customer service? Sure, hold on the phone.
I would list some examples here, but it is too hard to find one.
I can tell my situation… I have several tools (plugins) and some people are ready to buy them. They are pretty expensive because they are unique and need high level users. I don’t want to distribute them with a license of using on multiple machines. And yes, I want to control and track my users. What I have to do?
Is this a hypothetical or real situation?
You are an experienced developer, so let’s think this is a hypothetical situation for others that may be reading this.
Some possible scenarios could be:
1. You have a set of advanced tools targeted at a very specific and small audience
2. You have a set of advanced tools that every Max user would love to have
1. Create a fingerprint of several devices and hardcode the License for each version, then compile it.
2. Purchase a third party protection software
If the tools are too expensive, they will probably be purchased by companies and hopefully there won’t be any employ that “supplies” the software to the crackers in the case of using a generic protection software. However, consider that most of these protection software have already been cracked and it won’t be too hard to get your tool cracked as well.
If you hardcode the license and compile it, things get better regarding protection, but harder to maintain and support.
1. Well, you have a mine of gold in this case. Everyone wants your tools. It is very tempting for the guys to reverse it. In this case, get your pants down and try to partner with Autodesk. They will be very happy to have such a great set of tools included in their software. You may not get as much as if you sell them by yourself, or you may get a lot more than what you would get selling them independently. It all depends on what kind of partnership you can build, and you wouldnt need to care about almost anything but creating a solid software.
2. Any of the steps of Case 1 and also open a call center so you can offer 24/7 support. Don’t forget to train the supporting guys. Then go learn to fly and google for the next plane you will buy.
Additionally, if you don’t want to hardcode the licenses, you can build your own Licensing Server. Implement it as a Windows Service, and get ready to enter in a deep dark hole.
Other than that, shoot your foot. You will then have better things to be concerned than a Licensing System.
Any way you decide to protect your software, never forget to pray. :bowdown:
I agree 100% with Jorge.
I’m ‘hardcoding’ the license using any device’s ID provided by a client. Also using this ID I’m encrypting my scripts (if they go with the tool) with my own encryption algorithm.
So to crack the tool a hacker needs crack my system of ID verification and my encryption algorithm. It’s a pain. It needs time and qualification. (But my friend cracked it for one day :))
Usually my clients don’t share their tools with other who can compete with them in this area. In my practice it’s happened only once. So it’s very unlikely that the tool will meet its hacker.
Also a hacker has to wipe this ID from the code. Otherwise I can easily know where the tool was leaked from.
How many time wlll it take for someone like him to decrypt an ‘mse’ file?
it can do everyone for 1 min and $20
(BTW. my friend doesn’t crack soft, he works on protection)
Ohhh, those valuable friends.
I have a friend that can do it in 45 seconds and $15. But he doesn’t crack software.
.MSE encryption was broken years ago. Nowadays a 10 years old kid can do it.
But you can implement our own encryption extension in C++.
It’s far from my needs… and from my know-how. But it’s not fair. We all know here how much time it takes to create a serious plugin.
But I’m curious: is it possible to create a personal encryption that generates an ‘.MSE’ file that anyone can run in 3dsMax transparently, I mean with no additional files? Or are you talking about an encrypted file that you load and decrypt with a decrypter and then ‘filein’ into a standard mse file?