SecureIt v1.0 for OS/2 (C) Copyright 1997 Allan Mertner Shareware Registration Protection for everyone *** DEMONSTRATION PACKAGE *** Contents: Introduction About SecureIt and what it does The Clock example An example of SecureIt security in action FAQ The most frequently asked questions, and answers to them Contact addresses How to get support for SecureIt Introduction There are a great many shareware programs that get used without the author ever seeing a penny in registrations. The purpose of this program is to provide good and reliable protection against piracy for all OS/2 shareware developers. The widespread pirating of shareware is due mainly to the fact that good security is cumbersome and difficult to implement, and you would rather spend your time improving the application itself. A very simple system is usually not enough, and why bother if it gets pirated anyway? Using the instructions and programs in the full SecureIt package, you can implement a very high level of security against pirating in your software. No protection scheme, whether it is implemented in software or hardware, is 100% secure - but SecureIt is about as close as you can get. SecureIt does not work by the principle of "security by obscurity". Information about what SecureIt does and how it works is available in the documentation of the full package, and it works even if a pirate has access to this information as well. In contrast, an obscure protection scheme is probably not very secure: If a protection scheme works by being so complex that even the programmer cannot figure out how it works, it is probably no good. SecureIt makes no secret of how it works - and it still does. SecureIt can make you sleep better at night, and hopefully help ensure that you get paid for your work: - Your program can NOT be cracked by someone who does not have access to a valid Name/Password combination, - This includes getting access to "registered only" functions, even if a potential pirate attempts to change the executable file itself by "patching" the code, - If the would-be pirate has access to a valid Name/Password set, he will be unable to produce valid keys for another user name. - The SecureIt algorithm for generating passwords ensures that the password for a given name is unique for each SecureIt registration. This means that two shareware developers can both use SecureIt for protection, and sell their software to the same person. The password strings for one program will not work with the other. The one thing no protection scheme can safeguard against is simple copying of the key. If a user gets the name and password from a friend, and can live with it displaying his friend's name every time the registration information is show, there is nothing anyone can do - not even SecureIt. For information on SecureIt, contact addresses and answers to Frequently Asked Questions, please refer to the FAQ section of this document. The Clock example The included CLOCK program has been protected with SecureIt, and features a high degree of security (if not useability). In the unregistered version, the CLOCK program can display the current time in analog format; only registered users will be able to see the Digital clock as well. CLOCK uses the SecureIt library, located in SECUREIT.DLL, and can be run simply by typing CLOCK at the command line. If you wish, feel free to try to "break" it and make the digital clock appear without "registering". Be warned that you will be wasting your time though. To register the CLOCK program, you can use the following valid name and password combination, generated by the MakeKey utility that comes with the full SecureIt product: Name Allan Mertner Password vVOJw0Q90HLNfafg-EuEQfzS6grAsTIntadU You can enter these values by pressing ALT-R or by selecting the Register menu item. If you enter the values correctly (use cut and paste to do it easily), the values are stored in the Clock.Ini file and the program will be registered every time you run it thereafter. The full source code and documentation for the Clock example is included in the full version of SecureIt. Frequently asked questions about SecureIt Q: Who can use SecureIt? A: Everyone writing shareware programs for OS/2 can use SecureIt to get good protection against pirating. SecureIt is written using Virtual Pascal for OS/2, and includes header files for both Pascal and C/C++ compilers that make integrating SecureIt into your program very easy. Q: What do I need to do to use SecureIt? A: If you have an existing program that you wish to protect, you first need to think about some of the issues discussed in the SecureIt technical document, and then of course implement them in your code. Changing a working program to work with basic (ie quite good) SecureIt protection can be done in less than half an hour, and implementing the highest level of security typically takes 2-3 hours worth of effort. Q: How does SecureIt work? A: This is covered in depth in the documentation that comes with the full SecureIt package. The truth is, that good software protection consists of about 50% technology and 50% common sense - SecureIt provides the technology, and comes with a document where the common sense issues are discussed as well. Q: What makes you think SecureIt is any good? A: SecureIt rests on a solid foundation that is in essence uncrackable. I have many years (about 12 to be precise) worth of experience in copy protections - both breaking them and writing them - and SecureIt implements most of what I have learned during that period. Q: So... it takes a really good pirate to crack SecureIt? A: Not at all. It takes a very, very lucky pirate. *I* cannot crack a program properly protected using SecureIt, even if I set my mind to it - and I even have the source code for it. The algorithm is safe, and no amount of guesswork or clever code tracking and patching will suffice to break the protection. Q: How has SecureIt been tested? A: I know a few people who enjoy removing copy protections, just for the sake of doing it. I used to be one of them myself, actually; this is probably my main qualification for writing SecureIt! Three of these people have tried to crack the simple Clock example for a couple of weeks, but have given up and say that it is probably impossible to crack it... Q: What overhead is involved in using SecureIt? A: You need to include the 9kB SECUREIT.DLL with your program, and you need to make some calls to some of the entry points in it. No other overhead in terms of run-time or files is required. Q: Why hasn't this been done before? A: People who know how to break software protections are usually not in the business of writing them. If they are, they work for companies that do not produce shareware, but commercial software. And shareware has the advantage that it can be personalised with a name and a password required to unlock it - something that is not feasible when selling off-the-shelf commercial software. In other words, it probably has not occurred to anyone in a position to write a good security product that there might be a market for it. I myself wrote the first version of SecureIt in 1992 (It was called AMKey back then :) but never released it. It was used to protect my first shareware program, AMOS, which to my knowledge has never been cracked. Q: Will there ever be a Windows 32 version of SecureIt? A: Definitely. The Win32 version of SecureIt, compatible with Borland Delphi and major C++ compilers, is expected to be ready in July 1997. The upgrade will be free for existing customers, although there will be a premium to get both versions once they are both released. Q: Where do I buy SecureIt? A: BMT Micro, http://www.bmtmicro.com, sells SecureIt online and SecureIt is available for purchase through the CompuServe SWREG facility as well, Shareware ID 15231. Unless you send me cash (either Danish Kroners or UK Pounds), you cannot register the software directly from me, since the UK banks system charges unreasonably high fees for cashing cheques and handling money transfers. Q: What does it cost? A: SecureIt costs US $149. Thus, if your program sells for $30, you have to sell just 5 extra copies in order for your investment in security to have paid off. Q: What do I get for my money? A: First and foremost, you get the means for implementing a very high degree of security against piracy into your shareware program. This means, that if your software is being used, you will get paid for it! You also get... access to free support and upgrades to SecureIt via e-mail. I will gladly answer both general security and protection questions as well as more specific questions about how to best protect your software using SecureIt, a comprehensive document on shareware security and how to best implement it in your program, the source code and documentation for 6 examples of using SecureIt, including the Clock example included in this demonstration package, the right to use and distribute the SECUREIT.DLL in all of your programs as well as a program for generating valid passwords for your SecureIt-protected software. a free upgrade to the next version, SecureIt v2.0, which includes many new features while retaining compatibility with v1.0. Licence and warranty SecureIt is shareware. You are allowed to test the demo version for as long as you wish. Electronic bulletin board system operators and webmasters are encouraged to make the SecureIt demo package available to their users, if no special fee is necessary to access the SecureIt files, although a general fee to access the BBS or www page is acceptable. SECUREIT IS PROVIDED AS IS AND COMES WITH NO WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. IN NO EVENT WILL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE. All trademarks are recognised. Contact addresses You can contact the author on any of the addresses below - Internet e-mail is preferred. Snail Mail: Allan Mertner Flat 2, St Elmo Mansions Gondar Gardens London NW6 1HB United Kingdom Internet: mertner@ibm.net (preferred) CompuServe: 100327,2035 or 100327.2035@compuserve.com FidoNet: 2:235/100.1 or 2:254/283 WWW: http://www.bmtmicro.com/catalog/secureit/