😮 😮
How many time wlll it take for someone like him to decrypt an ‘mse’ file?
it can do everyone for 1 min and $20
(BTW. my friend doesn’t crack soft, he works on protection)
I have a friend that can do it in 45 seconds and $15. But he doesn’t crack software.
Who else?
it would Be More Secure to build a custom encryption but both the lock and key will always be present at the clients side and the script has the be decrypted in memory for execution so at some point it will always be availabe of you dig deep enough.
.MSE encryption was broken years ago. Nowadays a 10 years old kid can do it.
But you can implement our own encryption extension in C++.
It’s far from my needs… and from my know-how. But it’s not fair. We all know here how much time it takes to create a serious plugin.
But I’m curious: is it possible to create a personal encryption that generates an ‘.MSE’ file that anyone can run in 3dsMax transparently, I mean with no additional files? Or are you talking about an encrypted file that you load and decrypt with a decrypter and then ‘filein’ into a standard mse file?
I know you are not asking to crack anything, but to understand how vulnerable the .MSE encryption is. Neither are we offering to crack anything, in first place because I have no idea of how to do those things. It’s all a joke in this context of “how safe do you think things are”.
But I know one thing, all (or most) 3ds Max crackers are reading these lines, or at least are frequenters of this forum. So, if you would like, you can talk directly to them thru this thread and let them know how unfair you think this situation is.
Yes, it is possible but you would have to distribute the C++ plugin along with your scripts.
And yes, it would be something like that, you encrypt a file, then you decrypt it in memory and run the decrypted script. That’s basically how encryption works.
There are of course extra layers of protection when working with encryption, but they don’t apply to MXS. You would need to write your own scripting language.
Then, this rises another rhetorical question for all developers:
What do you want to protect, the source code or your pocket?
Good question…
I’m sure my code is nothing exceptional at all. Anything I can do, anyone can surely do it better and quicker.
So, what I’ll like to protect is, somehow, the idea (a problem that can be solved via coding)… and the time I have spent to find a solution to this problem.
A time that will be saved by users thanks to my time. And time == money.
I’m sure none of the users would work for a month for an income of 180$ in 8 years as @guruware has pointed. That’s the matter. That’s the truth.
That’s why I’m against free plugins, no matter how simple they are. They undervalue our work.
In 20 years as CEO of a 3D production company, I have met (and worked with) nearly a hundred 3D artists. None of them knew anything about coding. None of them wanted to learn anything about coding when I tried to provide training. None of them, of course, wanted to work for me for free.
I think you build your custom encryptor using c lang n make exe for it would do tooo… So script cannot be launched without run this exe…
If you will do it in C++ you should implement it using the SDK. There is no need and no advantage of using an .EXE file. Indeed, there could be security issues that you would have to circumvent.
Besides, there is almost no difference using the Max SDK or doing it using just C++. The Max SDK is very complex, but for other sort of things, not for this.
if people would just donate for things they like and got for free, there would be less need for protection, because you need to sell something to get a pizza
i got about 180 euros in 8 years, but more mails with questions about things that are clearly mentioned on a help page, no time to donate, no time to read – 25 bucks per year just to run a web-site, not even that comes in
other than that i get something like “keep up the good work”, “… for the community”, etc.
that doesn’t fill my stomach, so i need to sell stuffs and protect it in some way (will be cracked anyways)
or get a real job, and have no time to do free-stuffs ?
really thinking about retirement…
now you can stab me.
Client side, server side, what’s the difference?
I can’t solve the Rubik’s Cube in 10 seconds, but there are plenty of kids that can.
A problem by itself does not exist. It all depends on who is going to solve it. And if we talk about software security, crackers and hackers are at the top of the heap.
Andres,
First of all, let me say that I agree with most of what you say. I say most because this discussion is about Software Protection and not about Free or Paid Software, but if you want to know what I think, I fully support both. I am no one to judge what others do with their work, so if you want to do free stuff go ahead and do it. Do you want to get paid for your work, great go ahead and do it.
Either way you decide, learn how to live with it.
Going back to the main discussion, Software Protection, your answer is the same as what all or most of us would had answered “I want to protect my code and my business”.
The same way that you are not who you are but who you think you are, your code is not what it is, but what you think it is. And in this regard, I can’t judge it. If you think it has some value I fully respect and support it, whether or not your code or idea is good or bad to my eyes, that’s not relevant.
How to protect your business
If the idea is to use any sort of licensing system, I think I have mentioned all the options you have. Other than that, there is really not much you can do.
How to protect your source code
If you want to be on the safe side, do it in C++, there are no other options.
Is it bad that the .MSE protection was broken and made public?
No, it is not. Autodesk engineers have been able to decrypt scripts since it was implemented and I didn’t see anyone complaining about it. It is a lay to tell the users “you can protect your scripts by encrypting them”. Protect them from who?
The protection scheme should be a lot stronger and the user should be the one that has the ability of modifying the encryption parameters. Sorry, I forgot that we have a “secret key” to encrypt the scripts
C’mon, are you kidding?
Paradoxically, you will also read “somewhere”, that MaxScript is meant to be used as a sharing tool so there is no point in encrypting the code. Sure, then please release the full source code of 3ds Max (the core code, not the SDK), if you have such a charitable soul.
I’ve been on this business for almost 25 years including game, media and architectural as artist and developer, and it is really sad for me whenever I read things like “really thinking about retirement…”
I’ve seen many friends and colleagues left their dreams and passion just because of the frustration. I can really feel the pain behind the words.
I am not trying to be a “software priest”, but I want to share some of the little things I’ve learned in this very long time, especially for the new guys that are starting on this. You need to learn what the reality of this business is and how to deal with the frustration. The sooner you learn it the better for you and for your health. Otherwise you will one day, not too far, end up thinking about retirement.
Time==Money?
Ok, I eared this here and there and I often use it too. But this must be the only unequal equality that I know. Let’s say that for some people time is money, and for other time is time and money is money. But for none of us simple mortals’ money is time.
So, what is the difference of expending time developing a software or helping others in this or any other forums, or personally? Does one have more value than the other?
The same way, there are independent developers that create free software because it makes them feel good when helping others, or because they have the hope that the users will find the value on their tools and donate some money to keep the enthusiasm of the developer up.
The Good, the Bad and the Ugly
Who do you think they are?
Do you think Software Protection companies are the good and crackers are the bad?
Do you think Antivirus companies are the good and virus developers are the bad?
Let me tell you what I’ve learned, the good and the bad do not exist. The only one that exist and you should really care about is the ugly. And he/she might be sitting next to you right now.
You wanted to write! It’s a good practice time by time. :keenly:
I absolutely agree with you (and you know it).
When I’m talking about free plugins, I’m not talking about teaching and sharing know-how. I like to share too what I know to people who want to learn or need help. I’m the first that everyday is learning here and asking for help.
That’s different than to gift your work to everybody. As entrepreneur, I have much experience about gratitude from clients, workers and competitor firms: zero point zero. And I know too how many serious firms/frelances have closed/gave up because of prices decrease. There’s allways someone who can be cheaper than you. Most of them, using pirate software.
By chance, I have no big problems to live (I am very austere). I can easily gift my work. But I’ll never do it without a solid reason behind (publicity of my own work, people in problems, etc.). I think it wont be fair with colleagues that need to sell their work to live.
Coming back to protection, if there’s no a good solution, why should I care about it? My need is then just the basic protection to be able to know if someone is using my plugin whit or whithout permission. And .MSE + IMAC check is more than enougth.
Yeah, today I woke up feeling a writer.
I know what you mean. I just tried to elaborate on the subject “time==money” because there are many people that looks thru that glass only, and do not accept other realities, and I personally know a few of them.
When I mean “you” I am not directly talking to you, but to others reading this. I know what you think and that you differentiate “time to help” and “work for free”. And I also agree with that, they are different things. But some people think that the only valuable time is their time, and that the time other expend trying to help has no value at all. That is not your case, of course.
That’s exactly the point of all this. I wouldn’t say you don’t have to worry at all, but just don’t waste all your energy trying to protect your software, because in the end it doesnt really matter.
To put it in few words, you expend 1 week protecting your software, and it will be cracked in 1 minute. You expend 6 month protecting your software and it will be cracked in 5 minutes. Do you see the point? The only one that will suffer and feel a great frustration is you if you have wasted 6 months of your life on this. And in the end, if you can’t manage your frustration, your frustration will manage you.
If an .MSE and MAC is enough for you, then perfect, go ahead and use it.
You already know the pros and cons of it. Nobody can tell you that it is a wrong decision, not even the best expert in security, if you feel comfortable with that solution.
i spent about 2 month making my own encrypting system. the most complicated part was to hide “key” in my c++ plugin’s code.
as i told my friend found it for couple hours … but it was my first attempt.
the second time with new solution it took two days for him…
and he said that it should cost me $(…) for cracking, which was almost i price of my tool. ha-ha-ha!!! the mission was complete.
the funniest part of this story is that i never used this encryption (as well as MSE encryption) yet.
but i don’t think that the working on this project was wasting the time.
i’m absolutely sure that scripts should not be encrypted. it was a big mistake of MAX to provide this option.
it would be fair if Autodesk just opens this ‘universal’ key for everyone.
it will save time and money for both developer and thief
You already said that your tool is very expensive and the target audience is small. That makes things a lot simpler. Try making your tool publicly available and then we can discuss software protection.
When I said, in my previous post, “…if you have wasted 6 months of your life on this…” I am talking in a complete different context. If you take it as a learning path, then is not a waste of time.
Your friend broke the protection in two days?
There is people that can do it in a much shorter time. And I don’t need to even know what your code is to guarantee it.
It is expensive to do the work?
Many will do it for free or collect money to pay for it.
Again, try making your tool public and then we can discuss this further.
There is a lot more to say about all this, but some developers need to decide whether they will take the blue or the red pill to find out the reality behind.
And remember, the “ugly” is the one you should care about.
As for me, I’ve moved on. I was struggling a lot with writing encryption, managing licenses and dealing with subscriptions. I’m no security expert and I was definitely spending more than 1% on protection. Besides that, I didn’t feel my security solutions were actually that secure. So I’ve decided to use one of the many commercially available licensing systems. I’m currently looking at cryptlex but there are many others.
With the knowledge that anything will be cracked eventually I need to implement a solid level of protection quickly but also offer ease of use for my users and myself. I think buying such a solution works for me.
Does any of you have experience with third party licensing systems?