I agree with the earlier posts; you cannot make something bullet proof 100% of the time. However, you can fool most people with a few little tricks. If I were protecting some intellectual property, I鈥檇 use a DotNet dll to extend the protection options beyond what MXS provides. It could check dates, check the number of times a macroscript was run, or whatever. The sky鈥檚 the limit, and using a more robust language means having deeper OS access for stuff like hidden, encrypted, or otherwise obfuscated INI files.
Note, however, that in any event you鈥檒l probably be relying on the EncryptScript function which I鈥檓 told is the weakest link in any protection scheme. The deeper you integrate a compiled component (SDK or DotNet class library), the better off you鈥檒l be.
2Mr-BlueSummers
so you say not to use script at all? because – how can I protect it if potencial enemy READS MY SOURCE?
I though that new crypt algorithm (max9sp1+) is better, it isn鈥檛 so?
And: plugin – be sure – will be hacked next day you upload it. .Net dll – also. One hope – encrypted maxscrypt is not so widespread as exe (and .net exe) files, and no so many people now how to hack it.
But – some of them work in Autodesk, so be aware! :)))
can anyone find out where this script stores the year, month and day ?
(this script will work in max 2008 and 2009 for sure don鈥檛 know about older versions鈥?
Yes, yes they can.
[wrzncgac]
ngjw=2008
etdh=6
aocn=7
And editing a user鈥檚 existing resources, regardless of how benign, is not only sneaky, but extremely frowned-upon. I鈥檓 glad I ran this in a sandbox, to be honest.
I don鈥檛 want to turn this into some sort of contest; we鈥檝e already mentioned that you -cannot- secure a MaxScript 100%. No more than you can a plugin, but at least with plugins you鈥檝e got a whole lot more to work with.
I鈥檒l give you one tip, though; even if I hadn鈥檛 used some of the readily available tools from Microsoft, it would have been easily found. You forgot to restore the datetime stamp.
Max 9 dies; probably because you鈥檙e calling a function not available in 3ds Max 9. Earlier versions won鈥檛 read the file at all, of course.
i wasn鈥檛 expecting for someone to use sandbox on this
would work the same without the sandbox – except without the sandbox you might try writing to a windows system file and, potentially, hose my system.
You could run a license server and expire it based on a WAMP or LAMP setup of some kind.
It would be subject to the usual weaknesses of encrypted maxscripts鈥?but it would keep the casual offenders at bay.
Everytime the script is run it pings the database and if it鈥檚 not an expired IP and machine ID then all is peachy.
That鈥檚 one way but i can think of a way to cheat that even if i know how to make just a part of the cheat but I鈥檓 pretty shure that a hacker or someone could figure that out :)鈥?if u can find out what鈥檚 the link that the script will ping or the ip ( there are a few ways doing that, one will be cheat engine ) you just add that to the local host file:
[b]
Windows Vista = [/b][b]C:\WINDOWS\SYSTEM32\DRIVERS\ETC
[/b][b]Windows XP = [/b][b]C:\WINDOWS\SYSTEM32\DRIVERS\ETC
[/b][b]Win 98/ME = [/b][b]C:\WINDOWS
[/b]
and add the address that it will check in the host file something like:
license.MaxScript.com localhost
and the part that i dont know is how to replay that your ip is good to go.
( but i think by running a local server should do the trick )
yep* – besides, people hate applications that 鈥榩hone home鈥?for licensing. We have a 鈥榗ommunication center鈥?script that shows people there鈥檚 updates to their software, new communiques from us, etc; but even that is disabled by default (despite the obvious advantages to both sides having it enabled).
- if an application phones home, people will set up a local server and make sure that it returns the correct response expected by the client software. It鈥檚 certainly more difficult, but nowhere near impossible (case in point: all the unofficial game servers for online games on a subscription model. The only reason -those- aren鈥檛 rife in the world is because they鈥檙e usually also laggy, infested with cheaters, etc.)
I don鈥檛 know if anyone has seen this:
http://blog.duber.cz/3ds-max/checksums-in-3ds-max
Could this be used to generate serial numbers through the hardwarelockID?
yes-and-no鈥?MD5, like CRC32, is a checksum鈥?it鈥檚 not an encryption method. Although it鈥檚 still unlikely to you will get a matching MD5 at random, especially if you take the input length into account, it is possible.
However, generating a unique serial number based on some information isn鈥檛 really the problem in MaxScript; it鈥檚 making it robust enough against even the toughest hackers that is likely to be impossible.
If all you need is a unique serial number based on some information to keep casual hackers out, you might as well write your own routine to do so. Although it may be 鈥榳eak鈥?from a cryptographic viewpoint, at least it鈥檇 presumably be a unique algorithm so they wouldn鈥檛 be able to just go 鈥渕aybe he鈥檚 using an MD5 hash of my hardwarelockID runs the pre-built code oh imagine that!鈥?
The only way to have fairly secure protection is if (parts of) your script is stored on a server and every time somebody runs your scripts, they would get bits and pieces of the script in memory, but they never actually have the entire script stored on disk.
Then every time a user requests to sue the script you can check if they are a valid user.
But guess how much legit users will like this method? not much鈥?/p>
Just about every other method ever created has been immediately cracked.
It is not worth your time. Put in a very simple time check or key check that is not to frustrating for legit users to deal with and not to much work for you to manage.
That is all you should worry about.
Somebody who does not want to pay, is not going to pay, no matter what protection you build in. You鈥檒l only frustrate yourself.
Unfortunately, you are in an industry that sees 鈥榣earning the software鈥?as a legit reason to pirate software, amongst other things. And you can literally find a website for just about every max plugin/script ever created in 5 minutes on google.
So what you want to do is treasure the few users that actually do pay for your software.
For example for Lumonix, legit users can re-register their plugins every 30 days automatically on a website without any delays. This helps reduce the frustration legit users have with key-code, changing computers, etc.
In short, imo, don鈥檛 bother with complex copy protections, they all fail or annoy legit users. Build in a small, simple time-key code check and expect to see your tool on many pirate sites in the first week your release it (if it is populair enough anyway)
Take care,