Implementing some form a DRM into my projects?

<p>What would be a safe and secure way to make sure my applications aren&#39;t being ran on un-authorized systems?</p> <hr/>**评论：**<br/><br/>Queue29: <pre><p>Turn it into an authenticated web service. If they have the binary, it&#39;s only a matter of effort before they modify it however they want. </p></pre>chvvel843: <pre><p>There is no perfect way to secure a binary. If you give someone your binary to someone they can bypass any protection given enough skill, time and desire on their part.</p> <p>Having said that, I recently implemented licensing for a project of mine. I concentrated on one thing - to make it easy for paying customers and not to punish them, while still providing some level of protection.</p> <p>I used asymmetric encryption (RSA) to sign licenses. This is roughly what I did:</p> <ol> <li><p>Generate private-public key pair.</p></li> <li><p>Wrote a simple keygen app that signs a license with the private key. A license is simply a text file, which describes the licensee and the feature that should be enabled in the app. For example:</p></li> </ol> <p>licensee = John Doe max_users = 3 expires = 10.10.2010</p> <p>The keygen adds the signature to the license and I ship it to the user.</p> <ol> <li>In the binary I have embedded the public key only, which I then use to check the signature of the license. If the signature is valid, I assume that the information in the license is valid and was issued by me.</li> </ol> <p>You can get creative about when and how often you check for the license to make it harder for crackers:</p> <ol> <li>Always compile with &#39;-w -s&#39; ldflags to strip any debug information from the binary.</li> <li>Check for license in a background goroutine.</li> <li>Embed the public key on multiple places.</li> </ol> <p>I have very basic knowledge about encryption, and yet I was able to make it work in about 2 days (including writing my key generator).</p> <p>As I said this can be cracked ... probably easy by a skilled cracker, but even large corporations that invest a lot of $$$ get their systems cracked in days, so I do not think that there&#39;s anything that we can do better :).</p></pre>earthboundkid: <pre><p>A cracker could just patch the binary to jump past the key check and into a function that always returns true. There&#39;s no good defense against it except obfuscation. </p></pre>SaturnsVoid: <pre><blockquote> <p>Always compile with &#39;-w -s&#39; ldflags to strip any debug information from the binary.</p> </blockquote> <p>Alright i will try making some system like this, Thank you!</p> <p>ALSO WHY DO I KEEP GETTING DOWNVOTED WHEN I POST?</p></pre>bestform: <pre><blockquote> <p>ALSO WHY DO I KEEP GETTING DOWNVOTED WHEN I POST?</p> </blockquote> <p>In this case I guess it is because DRM is universally considered to be a really bad thing. The only thing it does is harassing the honest buyer, while the idiot torrenting the software isn&#39;t bothered with it at all, because she uses a cracked software without the drm measurements.</p> <p>So relying on DRM isn&#39;t exactly a thing companies should even consider. On the surface it seems to be a good solution for the piracy problem, but in reality it only makes piracy more attractive as you do not have to deal with all those dongles, online systems, root kits etc you get installed if you buy it legally.</p> <p>Please remember: i do NOT want to endorse piracy! I am just describing the effect of DRM we&#39;re all seeing out there in the wild.</p></pre>j_d_q: <pre><p>+1. DRM is something many developers (and plenty others) fundamentally disagree with. If you want a pay to play model, charge. But people will bypass it whether you have DRM, or not.</p> <p>Don&#39;t spend all your time trying to make sure people won&#39;t steal, because they&#39;ll do it either way if it has value. The people who are willing to steal your software wouldn&#39;t have paid for it in the first place, and DRM will just drive more people away</p></pre>ApoMechanesTheos: <pre><p>Well, fuck you too.</p></pre>dlsniper: <pre><p>I just downvoted you because you care about that so much you yelled (capslock) about it.</p></pre>RickAndMorty_forever: <pre><p>Web service is your best bet. </p></pre>tscs37: <pre><p>There is none.</p> <p>The best options that even exist hold not even a year against dedicated groups.</p></pre>