Hacker News new | past | comments | ask | show | jobs | submit login

Gah, this is your standard 2 byte change_je_to_jne.

Perhaps, to people who program in higher languages this is not evident, but old assembly programmers know this stuff well. Even for the newer ASM programmers, we had Fravia+ (may he rest in peace) to teach us the ropes on reverse engineering and unprotecting 'nasty' code.

And those students of Fravia+ know something well: if it is viewable, executable, listenable on a device you own, you can do anything to it. He recommends taking what you would have put in for protections and make your program better by that much. Or prepare to protect the hell out of it (and release every day, munging the exe).




Oh no, I did not know that Fravia was dead. Spent a lot of time reading his stuff years ago. RIP Francesco.


Sadfully, he passed May 3, 2009.

Here was HN's article and responses: http://news.ycombinator.com/item?id=600523


Fravia materials are great, but they are outdated. Techniques are still valid, but the users have changed. Perhaps Mac users are still naive and ignorant when it comes to running random stuff on their machines, but on the Windows side anti-virus companies were fairly successful in educating people on this matter. Scaremongering works :)

So signed executable + few simple validity checks + a couple of well-hidden timebombs that activate when the .exe is messed with - then add witholding the support and automatic updates and this combo works as an effective piracy deterrent. Specifically, it provides enough incentives for those actually using the app to use the official version.

Fravia's great, but there are social anti-reverse engineering hacks to consider.


Subtly crippling the app may not be the wisest move, unless you make it obvious that it happens because the crack has been detected.

Otherwise, the pirates will get the impression that your program is buggy and will look at alternatives rather than opening their wallet.

And still... Even if you announce that the crack has been discovered before crippling, you may upset them and send them to your rivals anyway.

==> Potential good word of mouth replaced by bad one.

You may improve your "conversion" rate by being implicitly nice rather than hostile to pirates. Don't clamor it on the roofs, of course, there's no need to incite your paying customers to pirate.

Wait... Do clamor the lack of DRM! Protected programs are often more cumbersome to use than their pirated counterparts. This is especially true for music, movies and video games where drastic copy protection measure are taken. Punishing your customers for paying you is not a good idea (unless you hold a monopoly but it is probably not sustainable).


As someone who has been down this path I can offer a couple of comments.

1. Crashing or crippling the program indeed has an obvious negative PR side-effect. However it can be mitigated by inducing a very exotic crash, something like "Division by zero" or better yet - "Illegal Instruction", which would clearly point at mangled code being at fault. Also stick a thread titled "Illegal Instruction" in Support forums, explain why it happens and this will be the first hit in Google for a respective search.

2. While the trialware model is the way, it does not automatically mean it has to be an annoying nagware. What worked for one of my projects was to allow multiple consecutive trials. First was one month, next was two weeks, third and all subsequent trials were a few days long. These periods were configured on the licensing server, and the program did real-time license retrieval. So for me to be able to experiment with this model and get meaningful statistics, I had to ensure that the program at the other end of the licensing sessions is authentic. From that followed a need to safeguard parts of its code from modification and I ended up doing pretty much what eps described.

--

In other words ensuring integrity of the program is needed for more than just fighting pirates. Pirates are not a big deal, let 'em steal and crack. It's the legit customers that this protection ultimately benefits.


"Division by zero" and "illegal instruction" don't sound exactly exotic. And even with a proper error message, a crshy app is perceived as defective. Assuming that the users will google the message is a long shot. I'd assume that most would simply show your binary the trash can / recycle bin / dev/null and move on.

Your second strategy sounds very interesting. Especially because you can A/B test the licensing period and the text that prompt users to register even in people who have been using the trial version for a long time.

However, I don't understand how it helps paying customers.


> I'd assume that most would simply show your binary the trash can / recycle bin / dev/null and move on.

And this is totally fine. These are the users who consciously decided to run hacked version instead of the original. Why they would do that is beyond me, but I am damn sure I will not ever see a one of them as my customer.

The only drawback is that of that them making a fuss because of the crashes and this is easily mitigated as per above. You just have to keep in mind that checking Referrers in website logs and following up on any product related discussions out there should also be a routine. So for anyone complaining about the crashes - post a link to the support article explain why and when it does that.

> However, I don't understand how it helps paying customers.

Primarily by not needing to spend any time on support/PR issues stemming from the use of hacked versions.


> What worked for one of my projects was to allow multiple consecutive trials.

Awesome. I have always been annoyed at shareware who refused to run after a given time. I sometimes installed it just out of curiosity, then forgotten about it, then came back to it when I had a real need for it and a chance to really think whether to buy it or not and just then... it refused working.


You bring some valid points. As long as we don't go back to the nag-screens of shareware, I'm excited to see conversion attempts made in novel ways.

If a product is of value to me I will indeed pay for it, if I can connect to the developers, I will pay even more. That's where choose your own price really gets me, I often pay more than typical.

However it isn't true across the board.

Regardless, I have read that many companies which experience vast piracy of their products, e.g. Adobe, make much of their revenue from other businesses. Is this true?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: