[Tfug] Code obfuscators and watermarking

Mon Apr 14 12:42:08 MST 2008

On Sun, Apr 13, 2008 at 3:06 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
>  Even hardware attempts are silly, nowadays.  You
>  can de-encapsulate and microprobe a die in many
>  college labs, etc.

Well, that's the thing.  If an attacker has access to the hardware,
the game is of course over again.  Even providing different encryption
keys on each dongle won't solve that, because once the program is
loaded into memory, they just save an unencrypted copy and now the
dongle is no longer necessary.  With physical access, there's nothing
you can do.  From my understanding though, these dongles have been
quite successful at combatting software piracy.

>  > Or... just skip all that and put the GPL on your
>  > code.  Much easier
>  > and more satisfying since other hobbyists can use it
>  > too.  That's what
>  > I recommend ;)  Companies have been bitten a lot
>  > lately by misusing
>  > GPL code, and I think it's having an effect.
>
>  I'll let *you* try to convince my clients that
>  they should "give away" the stuff they've paid
>  me to develop.  :>  (just keep my name out of it)

No, that's not my job.. it's yours :)  And you didn't mention you were
writing this for clients in your original message, so in the original
context (which seemed like it was code you were writing for yourself
that you wanted to distribute) my suggestion was valid.  But, since
you seem against the GPL idea (which is strange on a Unix group),
here's another idea: Shareware.  Consider the Wolfenstein 3D and Doom
games by iD software... what, back in the 90's I think?  Not only did
they give away the game for free, but they provided an entire set of
playable levels.  Once you played the game, it either wasn't your
thing, or you were hooked.. and guess what?  You bought a copy so you
could have the rest of the levels.  Obviously the scheme worked,
because iD software didn't go bankrupt by giving away software.  In
fact, it probably guaranteed their continued existence.  The point is
that if it's a quality piece of software offered at a fair price,
people will buy it.  Just offer a free trial or such.. long enough for
them to start relying on it.  Then when the trial period is over,
they'll buy a copy because they can't live without it.  Of course this
also doesn't make sense in the context of a particular vendor.

If you're writing this code for a single vendor, what's the point of
all the obfuscation?  Just sell them a license to the source and be
done with it.  They should be demanding that anyways, because if you
happen to get hit by a bus tomorrow and they need support, even
unobfuscated it'll be a pain for them to reverse engineer your code..
probably cheaper and easier to have someone else rewrite it rather
than go through all that.

Jeff