The Method of cracking/attacking software

Static analysis/attack by decompiler and disassembler tools

Attacker may use powerful decompiler, diassembler tools to analysis your application statically, to get internal logic, functionality, such as critical algorithm, by reverse your source code and further tampering, repackaging to create similar application;

Dynamic attack in runtime when application executed.

Attacker may use the debug tools or other analysis tool (Hooking or injection tool) actively tracing the application execution in runtime environment.

Attacker may use variety tools or other technology to analyze, trace the application execution, such as hook, injection, interception communication to get the critical information, data exposure in memory, license verification interface, for further tampering, repackaging or remove the license verification to create a mod application.

Software Protection Strategy

To protect application, project, safeguard the investment in money, time, resource, the protection need to be focus to following aspects:

The Target of software protection: To Prevent static and dynamic attack and analysis

Leverage multiple layer technology, such as obfuscation, virtualization to protect critical algorithm, functions, Intelligent property, code logic, or other source of your apps. to prevent attacker to decompile and reverse the source code;

The secured/protected software has capable to detect and against the third party cracker to use the decompiler, debug tools to attack/analysis software with static and dynamic tool in runtime when application execution, to further piracy behavior. and when such as kind of attack occured, the executed application has capable to detect and quit execution to prevent from for further attack, piracy.

To ensure application integrity, Prevent potential tampering, repackaging, dump your apps.

with signature, Virtual machine detection, Debug detection and other protection technology in runtime and accomplish Runtime application self protection.

To ensure and prevent potential unauthorized access and use.

Define the license terms and store the license file into the secure license container, when protected application start execution, the apps will check if the license valid and execute app with the license terms defined.

Protect/Encrypt relevant API, code logic to check and verify license process and communication, to prevent cracker or non licensed user bypass the license verification process and use the protected app illegally;

Protect the license file itself, Select the secure container to store the license, or other critical data/algorithm in the secure container;

How to choose right solution to protect your application? Depends on your requirement, you may select free tools or commercial software in the market,

Defend against the static analysis/attacked by decompiler, diassembler

Employ Latest protector, enveloper to encrypt/obfuscate/Virtualize your binary file, exe, dll, elf, so dylib etc. to prevent decompiling attack. for those critical function/method/algorithm with the most secure Virtualization technology to protect

Runtime protection

Protect your application when executed in runtime. includes File check, signature, anti injection, multiple protection option. etc. To detect the debug tool or other analytical tools to analysis your apps in runtime environment. To prevent your application being dumped, tampering, repackaging etc.

Provide GUI tools and CLI tool to protect project

Support developer to protect application in post protection, or protect project in build in process for those project in CI/CD pipeline.

For Moway SDK, Virbox Protector basic edition provided, as latest generation protection solution, Virbox protector (Basic version) support developer to protect application/project to defend static and dynamic attack with both GUI and CLI tools. If developer want to have more professional protection feature to get the most security performance. you may select Virbox Protection commercial version. for more details profession edition and Virbox Protector solution, you may refer:
https://appshield.virbox.com

Software Licensing

To against software piracy, there are enough reason to software developer to define license terms/policy and issue license to your software user to maximum software sales.

Flexible license terms: Issue license with different license terms to different market segment, to support multiple market strategy. To prevent software piracy and illegal using.

License system/platform No matter you decide to build up license platform by yourself (self establish license platform) or select the third party licensing solution in the market. The License platform should supports to define flexible license terms to meet your sales and marketing strategy; The license platform must capable to define and issue/renew/update/revoke the license based on the software usage, function, feature, time period, etc. So, here are some suggestion to developer when you find and select licensing solution in the market:

  • it is necessary to select a license solution support to define and issue the license with flexible license terms.

    Usually to avoid to select “key generator” which not contained and describe enough license terms and also can not be cracked/copied easily.

  • Support with multiple license form: License file, license code, to describe and present the license terms, which can be read and used/validated when application executed. with secure License API, library.
  • Support to activate the license in online, offline environment;
  • Support to multiple license container, then developer may flexible to select the suitable and right license container and issue to users. Developer may have following options be considered when you implement to your own software application licensing:

1. Hardware based, Use the secure hardware device(USB dongle) to store the license, data, key;
2. Cloud license, to store the license file in the third party license system in Cloud platform (SaaS);
3. Soft license, To generate the license and bind with local machine (generate the specific hardware fingerprinting correspondent with device)

The Philosophy of License enforcement: When user execute the licensed software application, the application will check if license available or not and read the license file and then application will executed followed by license terms defined: Function, feature, time period. etc.

Implement a customized protection & licensing scheme: Applicable scenario

Flexible license terms:

  1. Find and use the latest, multiple encryption layer protector to protect your apps.
  2. Plan & build up your customized license policy and license term, according to your software marketing & sales strategy: subscription, perpetual, network, feature based license. etc.
  3. Find and decide license system or other digital credential (key, data, code snippet or cryptographic algorithm) which stored in the USB device to validate the genie software or pirated.

  4. Select and decide right & proper license container to store the license, key, or relevant data, file; usually, following container, combine with license scheme can be used:

    Hardware based device: USB dongle; with secured hardware environment, when license store, license can be read and used, and can not copied and take out of USB dongle;

    Cloud license, by leverage the third party cloud base license platform, as a service platform, issue and store the license in cloud, or private online platform.

    if you want to prefer and select soft license or cloud license, you may refer Virbox LM solution or contact us to get more detail information.

  5. Implement license verification process in your project:

    Here we mainly focus to introduce the USB dongle, as a secure container to store the license, key or other data which used for license validation.

Add/write code in the software project:

Integrate related USB dongle API, to operate the USB hardware, verify/validate license inside and compile project;

Usually, the related coding will include following process:

When application execute, enumerate and find the USB device; Call related License API to access the USB device and read the license stored; Verify the license terms, if the license is valid, execute the application defined by license terms; if the license expired, the application will quit execution and close the device; etc..

for details, you may refer Moway sample case in the SDK;

Developer require to plan use the toolkits provided by USB dongle or employ the third party license platform to issue the license (file or key) and license update file and store it in the secure hardware USB dongle;

distribute the USB hardware dongle to your user who purchase the software;

Developer also require to plan/integrate the license issue process with existed e commerce system;

Learn More

Moway Product

Detailed product specifications/features, product-related SDKs, toolchains, APIs, etc.

Learn More

Moway Solution

Introduce typical protection and application scenarios to understand how to use the Moway USB dongle for creating and implementing protection and licensing schemes.

Learn More

Best Practice and Implementation

Provide 4 kinds of samples to show how to leverage and integrate the Moway API with project code.

Learn More

Overview of Software Protection & Licensing

Introduce methods for cracking/attacking software and strategies for software protection and licensing, as well as how to implement customized protection and licensing schemes.

Learn More