Effective licensing system

[Mad153]

Hello,

I am developing a c# program that I intend to sell and was wondering what DRM system to use. Many people say c# is easy to crack.

 

However, I have not heard much anout windows store. Is the DRM on it better or is there a good code solution?

 

Thanks

[Lurick]

All DRM can be cracked with time and effort. Make a good program, give people a reason to buy it, and don't worry about a few people who do crack it or whatnot. The amount of time you spend worrying that someone might crack it and a couple people download it is time you could have better put towards improving the product instead and bringing in new customers. Depending on what you're selling the platform you launch it will have a solution that won't annoy people but if you go too far down the DRM hole then you'll just drive away customers instead. Think Steam, that platform is like DRM but because it's convenient and easy to use people don't mind it.

[Mad153]

9 hours ago, Lurick said:

All DRM can be cracked with time and effort. Make a good program, give people a reason to buy it, and don't worry about a few people who do crack it or whatnot. The amount of time you spend worrying that someone might crack it and a couple people download it is time you could have better put towards improving the product instead and bringing in new customers. Depending on what you're selling the platform you launch it will have a solution that won't annoy people but if you go too far down the DRM hole then you'll just drive away customers instead. Think Steam, that platform is like DRM but because it's convenient and easy to use people don't mind it.

Any thoughts on windows store?

Or is it not worth trying?

[Dat Guy]

Mind that both the author of Total Commander and the author of WinRAR can survive despite mostly living off sold licenses.

[Lurick]

3 hours ago, Mad153 said:

Any thoughts on windows store?

Or is it not worth trying?

Haven't used it for much of anything myself but I think it could be worth a shot, yah.

[Mad153]

1 hour ago, Lurick said:

Haven't used it for much of anything myself but I think it could be worth a shot, yah.

UWP... Nearly dead

Need to think hard.

Thanks

[Mad153]

1 hour ago, Lurick said:

Haven't used it for much of anything myself but I think it could be worth a shot, yah.

Also,

Do you have any ideas for how licensing could could connect with an e-commerce website?

[Lurick]

4 minutes ago, Mad153 said:

Also,

Do you have any ideas for how licensing could could connect with an e-commerce website?

That I do not unfortunately

[Franck]

1 hour ago, Mad153 said:

UWP... Nearly dead

Need to think hard.

Thanks

Yes UWP is dead. Just look at large third party like Telerik and Syncfusion. They supply devs upon their needs and what they use and all updates around UWP have come to a near stop. Main focus are on WPF, Forms and Web (like Kendo and JS base)

 

For licensing i know someone used "Quick license monitor" or "Quick license manager" would need to check with him for the exact name. He liked it as it was simple to use and there was an API that i think was multi platform too.

[G1K777]

Option 2:
GNU v3 FREE FOR ALL = Donations (+ maybe patreon... + bitcoins?).

[Franck]

2 hours ago, G1K777 said:

Option 2:
GNU v3 FREE FOR ALL = Donations (+ maybe patreon... + bitcoins?).

License and licensing system are not the same thing

[straight_stewie]

On 1/22/2019 at 5:28 AM, G1K777 said:

GNU v3 FREE FOR ALL

It's GPL (Which stands for Gnu Public License).

The GPL is also, somewhat ironically, the reason that there is incentive for big companies to not contribute to your codebase when they inevitably steal your code (if it's useful).

Think about it: The GNU/Linux license clearly says that you cannot sell the source code or the binaries in any way. Yet everyone has to pay for their cable boxes, or their phones, or their cars, or those fancy lightbulbs that let you change the color, and indeed 1000's of other devices that run on Linux.

So what GPL does is basically one of two things: Either it's not useful enough to overcome being GPL licensed, and so only a few people ever use it, or it's actually super useful, and people just steal it anyway.

If you want to find out how big corporations are avoiding being sued for the GNU/Linux GPL violations, just look at who holds "board seats" on the "Linux Foundation". I'll give you a hint as to what you'll find: Every "board member" is also a rep for a big company who happens to be selling the Linux kernel, VMware, Cisco, Google, Samsung...

But that's not what we are talking about here:

On 1/20/2019 at 3:35 PM, Mad153 said:

am developing a c# program that I intend to sell and was wondering what DRM system to use. Many people say c# is easy to crack.

 

However, I have not heard much anout windows store. Is the DRM on it better or is there a good code solution?

DRM is actually quite hard. I'm not aware of any relatively easy, good way to handle it. My best guess would be to just distribute the minimum required for execution, being sure to have the program check some licensing database to make sure that you were the one who generated it's key.

If, in the end, it does get stolen, ehhh, maybe that's ok. If it's a big business maybe sue them, otherwise just enjoy the fact that people find your software useful enough to bother stealing it. That's not something that very many developers get to say.

[Mira Yurizaki]

26 minutes ago, straight_stewie said:

The GPL is also, somewhat ironically, the reason that there is incentive for big companies to not contribute to your codebase when they inevitably steal your code (if it's useful).

Think about it: The GNU/Linux license clearly says that you cannot sell the source code or the binaries in any way. Yet everyone has to pay for their cable boxes, or their phones, or their cars, or those fancy lightbulbs that let you change the color, and indeed 1000's of other devices that run on Linux.

You actually can sell GPL licenses software and the Free Software Foundation encourages you to do it https://www.gnu.org/philosophy/selling.en.html

 

The reason why for-profit developers tend to avoid GPL code is if they modify it, they must make those modifications available. And I think even if they use the source/binary without modification, they have to make the source available which adds overhead.

[straight_stewie]

16 minutes ago, Mira Yurizaki said:

You actually can sell GPL licenses software and the Free Software Foundation encourages you to do it https://www.gnu.org/philosophy/selling.en.html

The "free as in speech" vs "free beer" thing has always been confusing to me,

[Mad153]

I think, after all of these great suggestions, I will implement a small system where if you have a license key, it writes to a protected folder with settings, saying it is activated.

 

Seems best

[Franck]

54 minutes ago, Mad153 said:

I think, after all of these great suggestions, I will implement a small system where if you have a license key, it writes to a protected folder with settings, saying it is activated.

 

Seems best

Just so you know that is very easy to break. You cannot protect a folder more than the rights you run under which is what the user uses.

 

At that point you probably better once you validated the licenser create a text file with encrypted data containing 2-3 informations that is unique to the computer and ensure you can compare it every time you start the application.

 

You can use something like windows install datetime which will change upon full reinstall and chance 2 computer has the same is slim and add extra by using something like main network card mac address. Max can be spoofed but chances someone spoofed his mac that has the same freaking install datetime as someone else are let's say useless to waste time calculating the chances for it to happen considering the level of security you plan on using.

[Mira Yurizaki]

1 hour ago, Mad153 said:

I think, after all of these great suggestions, I will implement a small system where if you have a license key, it writes to a protected folder with settings, saying it is activated.

 

Seems best

You'd have to find a unique identifier about the computer, some examples are:

• MAC Address (which can be changed easily, but this may have consequences so it's likely not used)
• CPU serial number (which won't work on older systems, but probably NMP). 
• Storage drive serial number
• UUID of the storage volume, aka partition, that the program is installed on. (https://morgansimonsen.com/2009/01/26/displaying-the-volume-guid-of-a-volume-2/)

It would also be a good idea to encrypt or hash the unique IDs

 

Also there's no point in writing a protected folder, because anything a user creates can be edited by said user anyway or circumvented through other means.

[Mad153]

23 hours ago, Franck said:

Just so you know that is very easy to break. You cannot protect a folder more than the rights you run under which is what the user uses.

 

At that point you probably better once you validated the licenser create a text file with encrypted data containing 2-3 informations that is unique to the computer and ensure you can compare it every time you start the application.

 

You can use something like windows install datetime which will change upon full reinstall and chance 2 computer has the same is slim and add extra by using something like main network card mac address. Max can be spoofed but chances someone spoofed his mac that has the same freaking install datetime as someone else are let's say useless to waste time calculating the chances for it to happen considering the level of security you plan on using.

I plan to use isolated storage.

If you don't know about it, here:

https://docs.microsoft.com/en-us/dotnet/standard/io/isolated-storage 

[Franck]

8 minutes ago, Mad153 said:

I plan to use isolated storage.

If you don't know about it, here:

https://docs.microsoft.com/en-us/dotnet/standard/io/isolated-storage 

Yes i know all about it. Still i don't use it because it's not secure. Here a list specially from their site of things not to use it for :

 

Quote

You should not use isolated storage in the following situations:

• To store high-value secrets, such as unencrypted keys or passwords, because isolated storage is not protected from highly trusted code, from unmanaged code, or from trusted users of the computer.

• To store code.

• To store configuration and deployment settings, which administrators control. (User preferences are not considered to be configuration settings because administrators do not control them.)

 

BTW i'm not trying to start flame or trolling. I just want to make sure you are not misinformed.

[wasab]

Give a trial period for your app to see if users will want to use it first before worrying about DRM. If no one wants your software, no one is going to waste time cracking your DRM. 

[wasab]

On 1/27/2019 at 12:55 PM, straight_stewie said:

 

If, in the end, it does get stolen, ehhh, maybe that's ok. If it's a big business maybe sue them, otherwise just enjoy the fact that people find your software useful enough to bother stealing it. That's not something that very many developers get to say.

Not to brag but my paid software is so popular that countless people are pirating it everyday

[straight_stewie]

3 minutes ago, wasab said:

Not to brag but my paid software is so popular that countless people are pirating it everyday 

Kinda want to know what it is now.

[JacobFW]

I remember reading an article about this on CodeProject several years ago, and one of the points that the author brought up has always stuck with me. You could spend weeks, or even months trying to coming up with ways to protect your software, and even if they worked you have to bear in mind that all that time you devoted to is it time you could have spent designing new software to sell, maintaining your current product, or handling customer support issues, all of which are major factors that contribute to how likely it is your company and product will succeed, and ultimately how much money you'll make.  Again, even if you do end up coming up with a perfect solution, maybe in the long term it'll be worth it, but in the short term your company/product might not survive.

 

When you factor in the fact that you're pretty much guaranteed to not come up with a perfect solution, it's easy to see that dedicating a large amount of time to it, is in fact, a complete waste of time.  The general advice is to come up with a licensing solution that makes it difficult to break, but does not impose a huge burden on your average customer.  In addition to having a license, something else you can use is an Executable obfuscator, which makes it more difficult to reverse engineer your machine/byte code.  Not impossible mind you, just more difficult.  

 

Taking a step back though, you also have to ask yourself is, What is it I'm actually trying to sell here?  Where am I trying to make my money?

 

Many companies over the last few years have used the model of having one product that they sell cheaply or at a reasonable price that consumers want/need, and using it as a "gateway drug" so to speak, to get them to buy other items that have a higher markup which is where they make their money (why do you think MicroCenter sells their CPUs so cheaply).

In the software world, usually the software itself is the gateway product, while the monthly support fee is where they make their money.  There are many companies out there that have an open source product that they then provide support for.

 

Lately of course, the newest business model has been cloud computing.  It has a slightly higher risk to it, but also has the potential for a higher payoff.  Rather than having a huge, single cost the customer has to pay upfront, there's a monthly subscription fee.  So you do have the risk that someone will come in and use your service intensely for a few months then cancel, but you also are able to have more customers who might not have had the budget to pay for everything at once.   You're able to protect your IP easier this way, but there is a higher startup cost to you, but your own monthly maintenance fees, but the security risk of having to maintain your customer's information.

 

Of course cloud based computing doesn't work for all software models.  Some individuals might want software they run offline from the internet, or that can be used with script automation.

 

Sorry for the information dump, this is just stuff that I think about fairly often.

 

I think the TL;DR here is if you're goal is to come up with a piece of software, that you never have to maintain or do anything with again, just sit back and watch the money come in, you're delusional, and will almost certainly inspire someone to design a better version of your software that puts you out of business.  It will require vigilance on your part to maintain your software, take feedback from your users, and give them a reason to keep coming back to you.