Is your expensive License Management System used to distribute pirate copies of your own software?
No? Are you sure?
There is no longer such a thing as ‘casual hacking’. The internet has ensured that if an application can have its protection removed once, then its availability will proliferate rapidly across the web.
Worse still, general purpose stripping programs exist that can remove license checks from DRM protected software in a matter of minutes. Not only do pirate copies themselves spread, the tools to create them are easy to find too.
This means that all a user has to do is use your own system to obtain a copy of your software, then simply remove the protection with a stripping program. In essence, you give your software to the hacker for them to steal. Not only do they take your goods for free, you pay the distribution cost of supplying it to them.
The only way to stop this is to employ an anti-tamper system such as MetaFortress to protect the license from being stripped.
Unlike other hard to deploy solutions, MetaFortress protects twice; once by armouring the license management application from compromise and again by protecting the software distributed using the license management system.
Subverting licenses is one of the easiest ways to crack software
Most license management systems rely upon encryption to protect their secrets and prevent illegitimate key generation. Whilst it is now largely true that license keys are cryptographically secure and should be unable to be generated, this is not the most critical or obvious security flaw in a license management system. Instead, hackers will attack the license check.
There are two key areas of weakness that are much easier for the competent hacker to attack:
- Spoofing
- Removal of Key Check
Spoofing is a technique where the licensed application can be tricked into believing that it has received authentication. This generally requires no more than a simple external program and one or two hooks into the compromised application.
A simpler attack is simply to remove the need for key validation by removing or subverting the key check within the application. This type of attack can take minutes to perform but will immediately unlock an unlimited amount of pirate copies of your application.
MetaFortress armours all areas of the application to prevent any tampering. This stops spoofing and key check removal attacks, leaving the application license intact. Further, MetaFortress License Management protection can be used to provide anti-reverse engineering support for the application, ensuring your IP is kept secure.