How do you protect your software from illegal distribution? [closed]

There are many, many, many protections available. The key is:

  • Assessing your target audience, and what they're willing to put up with
  • Understanding your audience's desire to play with no pay
  • Assessing the amount someone is willing to put forth to break your protection
  • Applying just enough protection to prevent most people from avoiding payment, while not annoying those that use your software.

Nothing is unbreakable, so it's more important to gauge these things and pick a good protection than to simply slap on the best (worst) protection you are able to afford.

  • Simple registration codes (verified online once).
  • Simple registration with revokable keys, verified online frequently.
  • Encrypted key holds portion of program algorithm (can't just skip over the check - it has to be run for the program to work)
  • Hardware key (public/private key cryptography)
  • Hardware key (includes portion of program algorithm that runs on the key)
  • Web service runs critical code (hackers never get to see it)

And variations of the above.


Whatever route you go, charge a fair price, make it easy to activate, give free minor updates and never deactivate their software. If you treat your users with respect they'll reward you for it. Still, no matter what you do some people are going to end up pirating it.


Don't.

Pirates will pirate. No matter what solution you come up with, it can and will be cracked.

On the other hand, your actual, paying customers are the ones who are being inconvenienced by the crap.


Make it easier to buy than to steal. If you put mounds of copy protection then it just makes the value of owning the real deal pretty low.

Use a simple activation key and assure customers that they can always get an activation key or re-download the software if they ever lose theirs.

Any copy protection (aside from online-only components like multiplayer games and finance software that connects to your bank, etc.) you can just assume will be defeated. You want downloading your software illegally, at the very least, to be slightly harder than buying it.

I have a PC games that I've never opened, because there is so much copy protection junk on it that it's actually easier to download the fake version.


Software protections aren't worth the money -- if your software is in demand it will be defeated, no matter what.

That said, hardware protections can work well. An example way it can work well is this: Find a (fairly) simple but necessary component of your software and implement it in Verilog/VHDL. Generate a public-private keypair and make a webservice that takes a challenge string and encrypts it with the private key. Then make a USB dongle that contains your public key and generates random challenge strings. Your software should ask the USB dongle for a challenge string and send it up to the server for encryption. The software then sends it to the dongle. The dongle validates the encrypted challenge string with the public key and goes into an 'enabled' mode. Your software then calls into the dongle any time it needs to do the operation you wrote in HDL. This way anyone wanting to pirate your software has to figure out what the operation is and reimplement it -- much harder than just defeating a pure software protection.

Edit: Just realized some of the verification stuff is backwards from what it should be, but I'm pretty sure the idea comes across.