开发者

Can a checksum be used to prevent piracy?

开发者 https://www.devze.com 2023-03-04 14:06 出处:网络
Can using the checksum of a file somehow prevent (hinder) piracy? Perhaps I could calculate the checksum of my final exe and then at random intervals, have th开发者_StackOverflowe exe check the checks

Can using the checksum of a file somehow prevent (hinder) piracy? Perhaps I could calculate the checksum of my final exe and then at random intervals, have th开发者_StackOverflowe exe check the checksum of itself, to ensure that it hasn't been tampered with?

EDIT:

I guess I was a bit naive with my original question. There is a link to an interview with a cracker here: http://successfulsoftware.net/2011/04/07/interview-with-a-cracker/

" What are the commonest mistakes software developers make related to security?

In no particular order:

Not integrity checking against patching. "

So how would I implement the cracker's suggestion?


Checksumming a product doesn't stop piracy, it simply indicates that the item being checksummed may have changed. It doesn't stop people copying your application to a new machine. This means that you will have to use some other method to tie the product to a machine or user.

It can also be kind of difficult to calculate the checksum of a product, then insert that into the product somehow so that the product may check itself, and that action actually changes the application which will also change the checksum.... if you see what i mean.


Generally a cracker will modify your executable to remove your security checks (e.g. that check if they have a valid licence key). If your product is on Windows and has been digitally signed, you can use WinVerifyTrust() to check if it has been tampered with and then refuse to run. The cracker can of course remove your calls to WinVerifyTrust(), but it makes his job harder.

To make it harder for the cracker:

  • use a preprocessor/inlining to make sure the checks can't be removed by changing a single function
  • do a longjmp, goto or pass through the event loop before exiting, that makes it harder to locate the check
  • use random numbers to only make each check only run intermittently, then they can't be sure if they have removed all the checks

Note that it isn't worth obsessing too much about security. You are much better spending that time making your product, marketing and support awesome. A more secure product is just more of a challenge to a cracker. If Adobe can't stop people cracking Photoshop, what chance of you got? Just do enough to make sure it isn't too easy.

0

精彩评论

暂无评论...
验证码 换一张
取 消