Being a small time game hacker and software developer I know all too well about having software piracy/"cracking" issues. There are times when I agree that a program really should be free to the public, but I can also respect a price tag.
Now, if you're the one who makes a program and a price tag you have some pretty heavy weight on your shoulders to make it "uncrackable." While this might seem like a difficult matter, it really is not too hard. Here are some simple pointers on how to insure that your software is not at risk of being pirated:
- Login via your webserver (use a unique login link on the webserver which your program can access that returns a boolean value as to whether or not the user has successfully logged in).
- Make sure you use the preg_match function to verify that the information the user sends the server is not actually malicious and will not result in database corruption.
- Cipher information back and forth between the webserver and the client.
- For example, use a simple caesar cipher. When you send information change the char values to be +10 and then -10 on the recieving end.- Obfuscate. While obfuscation is called snake oil by some, it can be helpful as it makes reverse engineering to the source code a tad more difficult.
- Hide strings in your program using XOR or some type of cipher/encryption which makes a decompiled form more difficult to navigate. If when the user successfully logs in it pops up saying "Logged In", a reverse engineer could simply do a quick search in a decompiled application and look for "Logged In".
- Use timestamps and hashes where possible. To ensure data is unchanged by a middle man, use a timestamp and a hash with a salt. And example is to say "hash('sha512', $StringToReturn . ':' . $TimeStamp . ':' . 'A_Salt_That_The_Program_And_The_Server_Know');". This helps to confirm that text sent between two points isn't modified.
- Process on the server! By processing most information on the server and performing database checks each time before you return, you can help reduce the chance of piracy. For example if a program has to find the average of a few numbers, send them to the server separated by spaces, send the entered username and password and then on the server complete the processing after you check the database.
- Try to remove any sign of connecting to the server. In vb.net you can say "WebRequest.DefaultProxy = Nothing" and in JAVA your webrequests already don't appear in packet sniffers like Fiddler.
These are some tips and tricks that I picked up on my quest to prevent piracy. Hope they help.