The only way to not get it cracked is to not release the software. Once others can access the code they can find a way around it. I have yet to see any kind of protection scheme that is unbreakable.
The other thing to remember is that people who are using cracks would probably do so no matter what. So its not like spending all your time protecting the tool will result in more revenue, as you will probably spend more time trying to create the code than added revenue you might recieve.
-Eric
But protecting system has advantage , it鈥檚 called up the good people to paying it! even they already got the crack!
Not really, if they have the crack, they will typically only pay for it if forced to by the law. Why would they pay for something if they can get it for free? You may be better off with asking for donations, or only making the latest releases available to those who donate. You are the one who has to make the decision on how much of your time is worth trying to stop pirates. If you are spending more time trying to protect your code than you spent to code it, you are at a loss.
-Eric
forced by the law or if it鈥檚 hard to crack it (sure it has to be pretty cheap)鈥f it鈥檚 expensive they鈥檒l try harder ( ask someone for help ) or just give up.
a simple way to protect is to make a demo version鈥imited version鈥hen you buy it you鈥檒l get the full version with a simple key鈥?:)鈥?better when someone buys it just encrypt it with their name so they can鈥檛 realease it to hackers :)鈥?even that can be fixed but still鈥?
@ rappy : Of course you already know the issue of onyxgarden 2, They already cracked even they dont really give demo in their website(only in 3 month), but still it happen!! the sure thing is All soft has a crack or some medicine.
@PiXeL_MoNKeY : you already in Area.crackedSoft.user.com hehehehehe鈥?I don鈥檛 blame you or the other one. Couse if want to start big thing we need small thing. Like if we want to buy 3dsMax we need a cracked one before we can have ability to buy it and operate it to maximum (university student鈥?gt;Pro)
Life is like RPG game so play a RPG game鈥?what it鈥檚 meaning?
Are you waiting for it (crack) ? hahahhahahaha…
Hay rappy is your rappa script have an some new update yet? i’d like to see it and testing it since 1.54 ver!!
it’s 5.10am and I wasn’t going to peek back in ’til the weekend, buuuuuuuut…
Can everybody get back on-topic? The thread is clearly spinning into a warez discussion, including attempts at justifying piracy, which is against the CGtalk rules, for one.
( fwiw, imthatoneguy, I for one did buy mIRC, and not because it nagged, but because I was finding myself using it a lot. It was something like 15 quid (UK pounds) at the time – had to pay in guilders and have it sent to me by snailmail from germany on a diskette and everything – and I’ve used it for well over 10 years now. Less than half a cent per day – I think I’ll live )
We’ve already concluded that everything can and will be cracked if somebody with an agenda wants to pour in the time to do so.
On the other hand, there are people who want to create evaluation versions of their scripts. The starter of this thread merely asked if this could be done, and how well it could be done. Most of that has already been answered. However, it should still be perfectly possible to come up with protection that will thwart casual users; encrypted scripts (post max9sp1) being a big part of that.
If anybody wants to discuss further techniques, or post an example or template of proper use, etc. that would be far more beneficial to this thread and scripters, than the last half dozen posts. Example code/templates would lower the ‘time spent developing protection’ and make it more worthwhile to implement in the first place compared to the time it might take somebody to eventually crack it. In that time, you might have gotten a few registrations via a paypal button, enough to make you not care much if it gets cracked – perhaps even enough to open the source, but that’d be up to the developer.
=====
To that end… Rappy: encrypting with a name (if you could, out-of-the-box; you’d have to use a third party encryption solution / .NET) wouldn’t help so much. Presuming it then gets decrypted using known techniques into plain old maxscript code, that code can then be spread around the studio / to others. So one key thing is to keep things reasonably encrypted. I wonder if decrypted scripts living in memory can be read out as a string from a hibernation file, for example… that would be a simple approach even for casual users.
To that end… Rappy: encrypting with a name (if you could, out-of-the-box; you’d have to use a third party encryption solution / .NET)
i wasn’t referring to use the name for encryption… what i was saying is to add the buyers name… let’s say in the about dialog… “This was bought by Santa Clause”… so you know who released it… i know it can be removed though…
Hay rappy is your rappa script have an some new update yet? i’d like to see it and testing it since 1.54 ver!!
i’m not working on rappatools for now… i haven’t worked on it for a long time, i don’t know when i’ll start again…
I wonder if decrypted scripts living in memory can be read out as a string from a hibernation file, for example… that would be a simple approach even for casual users.
so that’s how you decrypt a script ? i know that the stuff inside the virtual memory cannot be encrypted !
Well presuming it’s encrypted and never gets decrypted (and then the string removed) and re-encrypted, that would work fairly well.
Keep in mind, though, that this doesn’t prevent infringement (e.g. there’s nothing stopping the person it was licensed to from giving it to a colleague/friend/whoever). In addition, although there’s a ‘name and shame’ element involved, imagine if your customer ends up being pointed to as a ‘pirate’ even though all that really happened was their network was broken into and that file was part of the hacker’s catch… or a disgruntled employee spreads it on purpose to make his/her boss look bad, etc.
Even if the above is not an issue, you’ll have to manually edit script files for each of the licensed users and keep their files separate. Imagine updating your script… you’ll have to update all of those files and re-issue them. Erp?
so that’s how you decrypt a script ? i know that the stuff inside the virtual memory cannot be encrypted !
I haven’t decrypted a script since Max9 SP1 – and before that I’ve decrypted just my own test files. Suffice to say that pre-Max9 SP1, it wasn’t particularly difficult to decrypt a script, using just maxscript itself.
But just for kicks I tried seeing if there’s anything useful in a hibernate file at all by following this procedure:
- encrypt a script on one system
- copy the encrypted script to another system that has never touched the original script
- enable hibernate (it was disabled on that machine already; otherwise… disable, reboot, enable)
- run that encrypted script
- hibernate
- reboot into another OS (Ubuntu Live CD in my case)
- copy hibernate file
- reboot
- examine the hibernation file copy
Steps 6-9 are necessary because hiberfil.sys refuses to be copied otherwise – even using e.g. HoboCopy. At least on Vista – not sure about XP.
Here’s the result… this is a chunk of the original script:
-- check if the sample image picked is valid (360x480)
fn checkSampleImage img = (
if (img != undefined) then (
local imageRequirements = "
Please pick or render a sample image between 360×480 and 720×960 pixels in size, with a 3:4 aspect ratio.
Examples: 360×480 384×512 450×600 540×720 630×840 720×960
( You can upload any additional example imagery to the server when you submit the material. )"
if ((img.width < 360) OR (img.height < 480)) then (
And here’s the data around where the only mention of ‘checkSample’ was in the hibernation file:
TweakLÿ+DotLoopw/ 2Z|ØÌxY ÿPDDr awtêÙ sf_matg¸ery.checkSampleIm age (getLastRà>eredª ()); Ç_roll.±þüýßPreviewo » Y¼ø+Y z|Y ecY aÀX B O uttonText maY 6(
idSelection
There’s a few bits and pieces you may recognize in there (I’m guessing CGtalk will strip some of it as well as it’s a lot of non-ASCII chars), but obviously it’s sufficiently garbled that you cannot infer any usable script code from it. There -is-, however, a chance that e.g. a variable name may survive. So any protection would do well not to use a variable named “isLicensed” as that would be a fair hint that one might want to set “isLicensed” to true.
Whether it warrants complete code obfuscation before encryption… perhaps. Sure would be annoying to debug though (given that the user can only give maxscript error output with those same obfuscated names).
Edit: just to note – if anybody’s curious whether the hibernation file -can- be ungarbled… yes, but you’ll need to know quite a few technical details to do so. ‘fortunately’ the ‘security community’ seem to have various utilities available to take the technical pains away. I’ve not checked if their output is any more useful, however.
What do you mean by all of this? If you are acusing me of being apart of some pirating or cracking website, I take that as a serious insult. You need to think before you make insulting comments like that.
It looks to me like it was just a joke that seems like an insult because of Fajar’s obvious lack of mastery of the english language…
you got a point there
hibernation file is one thing, but check this out http://www.hak5.org/episodes/episode-522 saved a dump with mdd now i have to figure out how to pull data out of it
Hay pixelMonkey don’t get mad so easly .it’s not what I meant.I don’t mean insult you,really.How can I insult if you already help me out so much?
forgive me if I do wrong, if what I say is wrong I never do that again OK?! I’ll watch my l language here next time!
@marco: thank for explanation, you got a point there, yes I don’t want to insulting everyone here!not to pixelMonkey or everyone!
@marco: mystery of english language , what’s that?well, explain me… never heard that before!
Sorry to everybody if I touch you all!!
Hey rappy too !!