• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Copy-Protection with Java-Preferences

 
Greenhorn
Posts: 27
Netbeans IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Programmers,
I want to create an commercial app in the near future and wondered about copy protection recently. I dont want the app to be dependent on an internet connection or a CD, but is it even possible to create an more or less efficient copy-protection without one of these?
I thought about saving a random-generated number in the registry of Java-Preferences (http://docs.oracle.com/javase/7/docs/api/java/util/prefs/Preferences.html) and inside the jar. The two numbers could be compared with every launch of the app and would show, if anybody copied the jar to another computer.
The main problem of this approach is, that the jar could be copied before it is launched the first time, because it needs to configure in the first start of the program.
Does anybody have a solution for this problem or an alternative approach to copy-protection?

Thank you,
Will
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Will Ashton wrote:
The main problem of this approach is, that the jar could be copied before it is launched the first time, because it needs to configure in the first start of the program.



Actually the main problem is that you cannot copy protect the program. Somewhere in your code you will have logic that asks "is this genuine" and by decompiling the jar this code can be replace so that is ignored. You should note that this is not just a Java problem; the binary of any program can be patched so that the check for validity is ignored. Patching exe files is generally more difficult than decompiling and modifying Java but not difficult enough to deter a determined cracker.
 
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Will Ashton wrote:Does anybody have a solution for this problem


Nope. At least not a foolproof one.

or an alternative approach to copy-protection?


Yup. Don't sweat it. At least not at this stage.

As Richard said (and it's something you learn very early on if you ever get involved in IT security): If someone has time and money enough, they WILL crack your system/program. The best you can hope for is to either:
(a) Slow them down.
(b) Make it not seem worth their while.

There are several things, like obfuscators, that can help with the first, but my main advice is still not to worry about it at the moment. Get your app running and working; and write your code just as you would for any other. Then, when you're ready to deploy, worry about things like signing and obfuscating that might give you some level of protection; but don't assume that it will stop everyone.

Indeed, you'll probably notice that a lot of companies actually give their software away for free these days. What they charge you for is support.

There might also be some level of protection at the intellectual property level (ie, by the threat of lawsuits if someone is stupid enough to simply copy your code), but it's notoriously difficult to patent a piece of software.

Winston
 
Will Ashton
Greenhorn
Posts: 27
Netbeans IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hm, dont get me wrong: I didnt ask for some unhackable and perfect protection, just about something that will hinder EVERY customer to freely distribute my software. To give some more details: we are talking about a game, that wont cost more than 5 bucks. I want to create an obstacle, which would make people think: "Hm, I could crack the protection and copy this software, but hey, its just 5$ so I wont do it, because its not worth the price".
 
author
Posts: 23840
141
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Will Ashton wrote:Hm, dont get me wrong: I didnt ask for some unhackable and perfect protection, just about something that will hinder EVERY customer to freely distribute my software. To give some more details: we are talking about a game, that wont cost more than 5 bucks. I want to create an obstacle, which would make people think: "Hm, I could crack the protection and copy this software, but hey, its just 5$ so I wont do it, because its not worth the price".




IMO, the easiest option is to create a hash that is locked to some hardware that the gamer has. For example, you can hash the computer's MAC address. And unless the user replaces the networking hardware, the game will run. This means that the user won't be able to run the game on any machine but the one that it was purchased for.

You also probably want to obfuscate your code (search the ranch for java obfuscators). This will make it harder to decompile your code, and figure out how to reverse engineer your hash.

Henry
 
Winston Gutkowski
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Will Ashton wrote:I didnt ask for some unhackable and perfect protection, just about something that will hinder EVERY customer to freely distribute my software. To give some more details: we are talking about a game, that wont cost more than 5 bucks. I want to create an obstacle, which would make people think: "Hm, I could crack the protection and copy this software, but hey, its just 5$ so I wont do it, because its not worth the price".


All the more reason not to spend too much time on it. And certainly not to do anything different than you normally would when writing it. This is a deployment issue, not a design one.

It occurs to me that you might also want to offer a "suck-it and-see" version that's only valid for a few days/weeks to allow people to try it by word of mouth. That way, you could supply a download link that people can give out on "Hey look at this new game. Totally cool" blogs.

Winston
 
Will Ashton
Greenhorn
Posts: 27
Netbeans IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Henry:
Thank you, using the MAC looks like an easier and more reliable alternative to Java Preferences. I will definitely think more about this

@Winston:
I want to bring out an early-access-version ASAP. For this reason I want to write my code in a way, that it is safely distributable from the very first.
Furthermore I personally like to clear out potential worries as soon as they occur, to keep my head free of any problems
The time-limited version is a good idea in terms of marketing and brings the additional bonus of (partially) solving the problem of "copy-before-launch": people will probably launch the game after download, because its free at this moment and will think about copying it (for their friends etc.) later.

The obfuscation of code is a good idea, I did just google it, because I never heard of it before Definitely an option for slowing down potential hackers.

Thank you guys a lot, you brought me a good way forward
 
Winston Gutkowski
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Will Ashton wrote:For this reason I want to write my code in a way, that it is safely distributable from the very first.


I'll say this one last time and then leave it up to you: DON'T.

Almost all the solutions we've discussed (eg, obfuscation) have nothing whatsoever to do with how you program your game. Indeed, I suspect there may be obfuscators around that don't even care what language it's written in; so don't go changing your style because you're worried about security - especially for something that's only worth 5 bucks.

It's the same advice as Michael Jackson's old chestnut about optimization:
1. Don't do it.
2. (For experts only) Don't do it yet.

Winston
 
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think there's anything wrong with considering how to protect my code before I write it, and I certainly don't see it as just an deployment issue. It might turn out to be one, but it could also have implications on how I write the code, so the sooner that is considered, the better.
 
Winston Gutkowski
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:I don't think there's anything wrong with considering how to protect my code before I write it, and I certainly don't see it as just an deployment issue. It might turn out to be one, but it could also have implications on how I write the code, so the sooner that is considered, the better.


Hmm. Well I guess we'll have to agree to disagree on that one ... but Will, at least you have an alternate viewpoint.

To me, changing your programming style (or even worse, your design) for "hardening" is just as bad as changing it for optimization. Understand that I don't include bad or "unsafe" practises in that - you should learn those as a matter of course. But most languages I know (and Java in particular), were never designed with security in mind, so most solutions geared towards "copyright protection" are likely to be extra-lingual anyway.

My 2¢.

Winston
 
Ulf Dittmer
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security needs to be considered from the start, trying to bake it in afterwards generally produces less than optimal outcomes in my experience. It's a feature, and should be considered as such along with other features, as it may well have an impact on the design.
 
Winston Gutkowski
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Security needs to be considered from the start, trying to bake it in afterwards generally produces less than optimal outcomes in my experience. It's a feature, and should be considered as such along with other features, as it may well have an impact on the design.


I would agree with you in general terms (I was a security admin for several years), but not when it comes to the subject of this thread. Java is notoriously INsecure when it comes to code (as opposed to its execution) - hence, presumably, all the 3rd party solutions available for "hardening" it - and changing your application design to include copyrighting is no different to me from premature optimization; it just has a different goal.

By all means, think about how you might go about copyrighting; but DON'T change the way you do something simply because you might want to copyright it. The fact is that the "Microsoft paradigm" is going out of style anyway.

Winston
 
Ulf Dittmer
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yup, we agree to disagree on this :-)
 
Winston Gutkowski
Bartender
Posts: 10777
71
Hibernate Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Yup, we agree to disagree on this :-)


@Will: And there you have it; two differing opinions by men of goodwill - and a fair bit of experience.

Winston
 
Get out of my mind! Look! A tiny ad!
create, convert, edit or print DOC and DOCX in Java
https://products.aspose.com/words/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!