SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Addict Philip Toews's Avatar
    Join Date
    Dec 2001
    Location
    Kuala Belait, Brunei
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question full featured payware installers

    Hello advanced PHP'ers. I realize this question is not DIRECTLY PHP related... but I figured that advanced guys like you would be able to answer a question like this...

    I'd like to know if anyone can suggest a payware installer program. I've got a client who needs something that will create a reasonable amount of protection for his intellectual property while not annoying the software purchaser. He'd prefer something that creates an individualised License Key for each CD that is pressed and sent out.

    Here are my specific questions:

    1. What installer program can handle multiple installs off of the same CD?
    2. Is there an installer / license key generator combo that anyone can recommend?
    3. If there are no combo programs out there what can you suggest by way of license key generators?
    4. What's the best way to protect software from illegal copying... without going to the length of demanding "activation" keys over the internet or VIA 1-800 numbers...

    TIA for any responses!

    Philip Toews Professional esl Educator and ASP.NET wannabe

    http://www.philiptoews.com
    philip@philiptoews.com

  2. #2
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <?php $unique_key=md5( uniqid( ) ) ;?>

    is the application itself php based ?

    + look at the NSIS installer from http://www.nullsoft.com , in conjunction with a PHP script you could automate creation of installers

    but if the application is PHP based there are other considerations

  3. #3
    SitePoint Addict Philip Toews's Avatar
    Join Date
    Dec 2001
    Location
    Kuala Belait, Brunei
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The application is Flash based so there oughtn't be any PHP issues. What about things like WISE and VISE?
    Philip Toews Professional esl Educator and ASP.NET wannabe

    http://www.philiptoews.com
    philip@philiptoews.com

  4. #4
    public static void brain Gybbyl's Avatar
    Join Date
    Jun 2002
    Location
    Montana, USA
    Posts
    647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    WISE isn't bad -- But hey, Nullsoft made the PIMP installer , which is used on Winamp. And Winamp rules. Therefore, PIMP rules.

    It's also alot easier to customize their PIMP system than it would be to customize WISE. Some might argue, but you could probably take a PIMP-based installer and make it look *nothing* like the original. There are some good docs on the nullsoft site on how to do it, as well.
    Ryan

  5. #5
    SitePoint Addict Philip Toews's Avatar
    Join Date
    Dec 2001
    Location
    Kuala Belait, Brunei
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So if I use the NSIS installer I can have it call a php script? I agree that Winamp rules so the NSIS installer is probably great.


    I've never scripted an installer before. Could a script be written that would look at the unique serial number for the CD on which it is written. That is to say ... it looks at the CD serial number and uses that to creates the license key?

    I guess I'm just curious as to how to make software relatively safe from piracy...without employing intrusive licensing schemes such as contacting the software vendor for an activation key...

    I've found a few VERY fully featured installer programs, but nothing on license key generation... The trick is HOW to combine an installer with a key generatio approach that protects the software ... eg. CD's that can't easily be copied....

    Ideas oh great ones?
    Philip Toews Professional esl Educator and ASP.NET wannabe

    http://www.philiptoews.com
    philip@philiptoews.com

  6. #6
    public static void brain Gybbyl's Avatar
    Join Date
    Jun 2002
    Location
    Montana, USA
    Posts
    647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Philip Toews
    The trick is HOW to combine an installer with a key generatio approach that protects the software ... eg. CD's that can't easily be copied....
    Ahh... The classic dilemma. The only way you are going to be able to create a scheme that even works remotely is to generate the initial keys from an algorithm. Given this, anyone who is good at reversing this process will be able to generate a key that will check out fine with your checker.

    The only way to *really* do it is to verify them with a server. But even this isn't foolproof, if they just route all outgoing traffic to 127.0.0.1 and then catch it and send it a SIG_OK or something.

    I think one wa to do this might be to create a giant array on the server of all of the keys that you've sent out, and then have the user actually send in the key during the install -- That way you have a 1:1 keys:software ratio, and it would be harder to break it.

    I'm just really not sure how you would go about implementing this, still -- We distribute (I distribute) a php script for maintaining a clan online, and we just host the script ourselves on our own server. That way, there is no chance of foul play. Sure, we have to charge them a little extra for the bandwith and space, but it's better in the long run because no one can see the source code to steal it, and no one can distribute it illegaly.

    Best bet may be to host it locally? That *is* a huge hassle, though.
    Ryan

  7. #7
    Super Ninja Monkey Travis's Avatar
    Join Date
    Dec 2001
    Location
    Sioux City, Iowa
    Posts
    691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would say its not worth your effort. Someone would find away around it, if it was worth their time.
    Travis Watkins - Hyperactive Coder
    My Blog: Realist Anew
    Projects: Alacarte - Gnome Menu Editor

  8. #8
    public static void brain Gybbyl's Avatar
    Join Date
    Jun 2002
    Location
    Montana, USA
    Posts
    647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure -- Tons of people crack Flash and the like. But people who don't know about cracks will pay the money.

    People *will* get past, be sure of that, but if you add protections, then at least you will be a little closer.

    But Travis brings up a good (and quite frank) point.
    Ryan

  9. #9
    SitePoint Addict Philip Toews's Avatar
    Join Date
    Dec 2001
    Location
    Kuala Belait, Brunei
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is a flash exe project so hosting it can't work. We can't guarantee web access (on the customer's part).

    I suppose I can suggest that multiple versions of the CD be made... say 50 or so... each having a unique serial number... but what a pain...

    Any other suggestions folks?
    Philip Toews Professional esl Educator and ASP.NET wannabe

    http://www.philiptoews.com
    philip@philiptoews.com

  10. #10
    SitePoint Addict Philip Toews's Avatar
    Join Date
    Dec 2001
    Location
    Kuala Belait, Brunei
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are SWF protection solutions out there (anti extraction software)... I'm asking more along the lines of InstallShield combined with a way of generating unique license keys on the fly ... unique, but one use only keys... (it seems a bit overly hopeful).

    The other option is the obtrusive one... where a unique serial number is generated using say the hard drive serial number and a key provided over the web or telephone ... but that's a bit too intrusive for retail software sales...

    :-(
    Philip Toews Professional esl Educator and ASP.NET wannabe

    http://www.philiptoews.com
    philip@philiptoews.com

  11. #11
    ********* wombat firepages's Avatar
    Join Date
    Jul 2000
    Location
    Perth Australia
    Posts
    1,717
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Gybbyl
    if they just route all outgoing traffic to 127.0.0.1 and then catch it and send it a SIG_OK or something. [img]images/smilies/nod.gif[/img]

    I think one wa to do this might be to create a giant array on the server of all of the keys that you've sent out, and then have the user actually send in the key during the install -- That way you have a 1:1 keys:software ratio, and it would be harder to break it.
    ....a system I recently employed (there is a thread somewhere about it where I asked some probably daft questions)

    but that depended on the fact that the key was compiled into the application , (managed by bcompiling the PHP (and twas such a key that would not show up that easily in a hex editor))

    and again that relies on online (or phone) authentication.

    But thats the choice , `product activation` or no real security , if there were a better alternative I think the likes of Adobe etc would have had that cracked (no pun intended) by now.

  12. #12
    SitePoint Enthusiast
    Join Date
    Jun 2003
    Location
    El Toro, CA (USA)
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    My two cents.

    What it comes down to is:

    Is your project worth paying X amount of dollars for, or wasting Y amount of time searching for or developing a crack.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •