Home
Download
PurchaseCrack detection
These days as soon as any software acheives a certain level of success, it is almost inevitable that cracks for the software will start appearing on a multitude of illegal sites on the internet. The cracks can range from a posting of the software's registration code, to a full-blown generator that will allow the user to select any registration code of their liking. Many software companies, AutoUpdate+ included, choose to live with the problem of cracks rather then release regular patches and registration algorithm changes.
Managing software cracks
The difficulty with a client-side solution, such as an update to the registration algorithm, is that it takes time and money to implement, causes hassles for existing customers upgrading to the newer revision of your software, and ultimately it is only a matter of time before the new client-side fix gets cracked as well. Many times it is preferable not to correct the problem, but really just to detect that it is an issue in order to get a feeling for how wide-spread the problem is and what minor actions should be taken against it. This is where implementing an auto-update solution has an advantage. By their nature, auto-updates must make an HTTP request to your server in order to get a status check on the current version of your application. This 'phone home' action can easily be made to pass additional information about the client (within logical reasoning, of-course, as otherwise you risk being labeled as spyware). To detect cracks it would be most useful to include the end-user's registration code as an update parameter, and to compare that against a set of legal registration codes stored in your back-end database.
How we manage cracks
Our own update HTTP request is shown below:
www.AutoUpdatePlus.com/Updates/updateCheck.asp?IP=%Address%&Company=%Company%&Reg=%RegCode%
For our purposes, we pass in the end-user's IP address, company name and registration code (read from registry) as parameters into an updateCheck.asp script. Theoretically you can pass in as many parameters as you want, but of-course you must ensure you remain within reason or your software will (rightly) be labeled spyware. So now that you have seen the HTTP request structure, lets take a look at the back-end updateCheck.asp script that we use for the crack detection:
Dim IP
Dim company
Dim regCode
IP = Request.Querystring("IP")
company = Request.Querystring("Company")
regCode = Request.Querystring("RegCode")
' Reply with appropriate XML file
if IsRegistered(company) then
Set objFile = objFSO.OpenTextFile(Server.MapPath("FileUpdates.xml"), 1)
Response.Write(objFile.ReadAll)
objFile.Close
Set objFile = Nothing
else
Set objFile = objFSO.OpenTextFile(Server.MapPath("HackDetect.xml"), 1)
Response.Write(objFile.ReadAll)
objFile.Close
Set objFile = Nothing
end if
The code described for our asp script calls the function IsRegistered for each transaction. This function makes a SQL call to our database to confirm that the company name used was indeed from a legitimate user, and then replies back with the normal update XML file, called FileUpdates.xml. However, if a cracked company name is used, the response would use a different update XML file called HackDetect.xml.
What to do if a crack is detected
OK, so now that you have detected a crack, what should you do? AutoUpdate+ would strongly recommend that you do nothing more drastic than warn the end-user and disable them from receiving future updates of your software. That is what we do. Nothing could be worse for you to do then take drastic action, such as trying to disable the end-user's copy of your application, only to find out that due to errors those end-users were actually legitimate customers.
Try to keep the problem in focus and you will realise that cracked software cannot be put into wide-spread use (for example, because AutoUpdate+ is software that companies must distribute further to their own customers, few serious companies would take the risk of using a cracked copy of our software), and moreso cracked software tends to aid in the popularity of your application, which translates into more legitimate sales of your applications.