Using a DONGLE to protect my software..?!

[SYRAU3]

Hello big-minds:

What is the best way to protect my software fro being used on many computers?

i tried | DriveGetSerial(@HomeDrive) | , but it seems not so good as it's able to change the drive serial number with a special software.

so how about a DONGLE? is it able to be used with AutoIt? if not, what do you the best way is?

thanx in advanced.

[JohnOne]

Voodoo is the only way.

[SYRAU3]

Voodoo is the only way.

OOPS !!

I'm sorry i'm not sure i understand what is Voodoo

[JohnOne]

Witchcraft.

You cannot protect your script.

[DicatoroftheUSA]

I prefer to sell with my script, guys that are like 7 feet tall and three hundred pounds to stand over their shoulder to protect my script from funny business. I charge enouph for my software they come complimentary, and renewel is garenteed.

[SYRAU3]

Can you please explain why i can't protect it exactly?

[JLogan3o13]

Hi, SYRAU3. This subject has been discussed many many times. Do a forum search for "protect script" and you'll find 250+ threads concerning what options are and are not available to you.

[SYRAU3]

Thank you..

[Belini]

@SYRAU3 look for MoleBox, Enigma, VMProtect and Armadillo , they should help you

Edited June 28, 2012 by Belini

[Spiff59]

I scored a Commodore 64 in the early 80's (to replace my Heathkit computer) and recall a game that came with this optical prism thingy. Each time you launched the game it would display 2 scrambled characters on the monitor. Just a bunch of line fragments and dots, but, magically, when you placed the prism over the dots they would transform into 2 letters. Different letters each time you launched the game. Type those 2 characters on the keyboard and the game would finish loading. I recall thinking: "Wow! They went to a lot of effort!". In my teenage boredom one night I decided to try and crack it. I used a monitor program to step through 6502 assembly instructions for about 20 minutes and after a couple of bad attempts finally flipped the correct byte from a BE (branch equal) instruction to a BNE (branch not equal). From then on, the game started if you typed in the wrong 2 characters, and would only lock you out if you happened to type in the 2 correct characters. All that effort by the manufacturer was overcome in an hour. I can't count how many Branch, or Jump, or Call instructions got flipped or replaced with a string of 90's (NOP's) back in my "troublesome" teenage years.

So the moral of the story, and what all the above posters are alluding to, and what all 250 posts they refer to will say, is:

What one person can do, someone else, given enough time, can undo. And what can be more disheartening, sometimes they can undo your efforts in one-tenth the time you took to put them in place.

[Yashied]

Look at the _WinAPI_UniqueHardwareID() function from WinAPIEx UDF.

[SYRAU3]

Look at the _WinAPI_UniqueHardwareID() function from WinAPIEx UDF.

Aha! this sounds interesting.. thank you

[water]

As JLogan3o13 already stated. There is no way to secure your code. If someone wants to use your code it's easy to retrieve the source and rip out the code parts where you protect your script.

[IanN1990]

I ant been on for a while as my pc as been in for a long repair, and though i don't normally post on these kind of topics i wanted to throw in my two cents. (PS This is not a rant, just my view)

I see allot of posts of people asking for ways to add security or protection to their software, which I think is a good idea. I agree with the general view its impossible to completely protect your work (This is mainly because any defences are static *Ie don't change* while a attacker is dynamic *can change*) but this doesn't mean everyone should just flame the topic saying don't do it. Last time i checked, this is a support forum for members to get support on topics *As long as its within the rules ofc*

So there we go, i agree people are allowed to there views but if everyone takes the view "its not worth the effort", then nothing would ever get done. At lest if some people try then maybe something could out of the works that would maybe at lest stop script-kiddies getting in or understanding. The Harder it is to break in, the faster they are to just give up and move onto something else.

Anyways (Turns on my Shields and i am sure i am now a walking bullseye to be attacked ^^)

[JohnOne]

Steady on there.

Asking the same question over and over again, and getting the same replies over and over again

is neither positive or productive, the way AutoIT is made means it cannot be protested, simple.

I'm not sure what you mean by "these kind of topics" but the OP has answers to his question

in both suggestion and the knowledge that it is indeed a waste of time.

[IanN1990]

by "these kind of topics" i meant, a question regarding security where the general reply is "Dont it" and all I can do is skim over topic as i don't have any security knowledge that i could give as assistance

[BrewManNH]

This question has been asked and answered at least a dozen times in the past year. A search of the forum would have turned up the results of those requests. As well as showing one way of trying to protect your script. Could be that the users are starting to get tired of answering the question over and over again.

[JLogan3o13]

Not to mention, I don't see anyone "flaming the topic". I believe we have endeavored to help the OP, by pointing out the inherent issues with believing you can completely protect any Intellectual Property, let alone an AutoIt script. We've also directed him to use the forum as the resource that it is, inviting him to go over some of the many posts and the pitfalls therein.

I don't disagree that security, to the degree you can reasonably attain, is a good thing. I just don't see where anyone has done anything but attempt to assist the OP.

[Spiff59]

I agree with EVERY single one of you!

I'm not discouraging some level of protection.

Basic protection is effective in keeping the average user from committing piracy and is worthwhile.

But I also think that going to extreme measures will never stop someone determined to crack your software.

I think the dongle route definitely falls into the category of "hardcore security" and is likely more effort than it is worth.

Somewhere in your code is going to be a test saying "Is the dongle present?". So, someone doesn't have to assault your security head-on to defeat it, they'll just bypass or reverse the logic of the test and step right around your elaborate protection.

[SYRAU3]

isn't checking the hardware using _WinAPI_UniqueHardwareID() before running the software a good idea to protect it from being used on many computers?