home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 10 Tools
/
10-Tools.zip
/
sidemo10.zip
/
readme.txt
< prev
next >
Wrap
Text File
|
1997-03-31
|
11KB
|
281 lines
SecureIt v1.0 for OS/2
(C) Copyright 1997 Allan Mertner
Shareware Registration Protection for everyone
*** DEMONSTRATION PACKAGE ***
Contents:
Introduction About SecureIt and what it does
The Clock example An example of SecureIt security in action
FAQ The most frequently asked questions, and
answers to them
Contact addresses How to get support for SecureIt
Introduction
There are a great many shareware programs that get used without the
author ever seeing a penny in registrations. The purpose of this
program is to provide good and reliable protection against piracy for
all OS/2 shareware developers.
The widespread pirating of shareware is due mainly to the fact that
good security is cumbersome and difficult to implement, and you would
rather spend your time improving the application itself. A very
simple system is usually not enough, and why bother if it gets
pirated anyway?
Using the instructions and programs in the full SecureIt package, you
can implement a very high level of security against pirating in your
software. No protection scheme, whether it is implemented in software
or hardware, is 100% secure - but SecureIt is about as close as you
can get.
SecureIt does not work by the principle of "security by obscurity".
Information about what SecureIt does and how it works is available in
the documentation of the full package, and it works even if a pirate
has access to this information as well. In contrast, an obscure
protection scheme is probably not very secure: If a protection scheme
works by being so complex that even the programmer cannot figure out
how it works, it is probably no good. SecureIt makes no secret of how
it works - and it still does.
SecureIt can make you sleep better at night, and hopefully help
ensure that you get paid for your work:
- Your program can NOT be cracked by someone who does not have access
to a valid Name/Password combination,
- This includes getting access to "registered only" functions, even
if a potential pirate attempts to change the executable file itself
by "patching" the code,
- If the would-be pirate has access to a valid Name/Password set, he
will be unable to produce valid keys for another user name.
- The SecureIt algorithm for generating passwords ensures that the
password for a given name is unique for each SecureIt registration.
This means that two shareware developers can both use SecureIt for
protection, and sell their software to the same person. The
password strings for one program will not work with the other.
The one thing no protection scheme can safeguard against is simple
copying of the key. If a user gets the name and password from a
friend, and can live with it displaying his friend's name every time
the registration information is show, there is nothing anyone can do
- not even SecureIt.
For information on SecureIt, contact addresses and answers to
Frequently Asked Questions, please refer to the FAQ section of this
document.
The Clock example
The included CLOCK program has been protected with SecureIt, and
features a high degree of security (if not useability). In the
unregistered version, the CLOCK program can display the current time
in analog format; only registered users will be able to see the
Digital clock as well.
CLOCK uses the SecureIt library, located in SECUREIT.DLL, and can be
run simply by typing CLOCK at the command line. If you wish, feel
free to try to "break" it and make the digital clock appear without
"registering". Be warned that you will be wasting your time though.
To register the CLOCK program, you can use the following valid name
and password combination, generated by the MakeKey utility that
comes with the full SecureIt product:
Name Allan Mertner
Password vVOJw0Q90HLNfafg-EuEQfzS6grAsTIntadU
You can enter these values by pressing ALT-R or by selecting the
Register menu item. If you enter the values correctly (use cut and
paste to do it easily), the values are stored in the Clock.Ini file
and the program will be registered every time you run it thereafter.
The full source code and documentation for the Clock example is
included in the full version of SecureIt.
Frequently asked questions about SecureIt
Q: Who can use SecureIt?
A: Everyone writing shareware programs for OS/2 can use SecureIt to
get good protection against pirating.
SecureIt is written using Virtual Pascal for OS/2, and includes
header files for both Pascal and C/C++ compilers that make
integrating SecureIt into your program very easy.
Q: What do I need to do to use SecureIt?
A: If you have an existing program that you wish to protect, you
first need to think about some of the issues discussed in the
SecureIt technical document, and then of course implement them in
your code.
Changing a working program to work with basic (ie quite good)
SecureIt protection can be done in less than half an hour, and
implementing the highest level of security typically takes 2-3
hours worth of effort.
Q: How does SecureIt work?
A: This is covered in depth in the documentation that comes with the
full SecureIt package. The truth is, that good software
protection consists of about 50% technology and 50% common sense -
SecureIt provides the technology, and comes with a document where
the common sense issues are discussed as well.
Q: What makes you think SecureIt is any good?
A: SecureIt rests on a solid foundation that is in essence
uncrackable. I have many years (about 12 to be precise) worth of
experience in copy protections - both breaking them and writing
them - and SecureIt implements most of what I have learned during
that period.
Q: So... it takes a really good pirate to crack SecureIt?
A: Not at all. It takes a very, very lucky pirate. *I* cannot crack
a program properly protected using SecureIt, even if I set my mind
to it - and I even have the source code for it. The algorithm is
safe, and no amount of guesswork or clever code tracking and
patching will suffice to break the protection.
Q: How has SecureIt been tested?
A: I know a few people who enjoy removing copy protections, just for
the sake of doing it. I used to be one of them myself, actually;
this is probably my main qualification for writing SecureIt! Three
of these people have tried to crack the simple Clock example for a
couple of weeks, but have given up and say that it is probably
impossible to crack it...
Q: What overhead is involved in using SecureIt?
A: You need to include the 9kB SECUREIT.DLL with your program, and
you need to make some calls to some of the entry points in it. No
other overhead in terms of run-time or files is required.
Q: Why hasn't this been done before?
A: People who know how to break software protections are usually not
in the business of writing them. If they are, they work for
companies that do not produce shareware, but commercial software.
And shareware has the advantage that it can be personalised with a
name and a password required to unlock it - something that is not
feasible when selling off-the-shelf commercial software.
In other words, it probably has not occurred to anyone in a
position to write a good security product that there might be a
market for it. I myself wrote the first version of SecureIt in
1992 (It was called AMKey back then :) but never released it. It
was used to protect my first shareware program, AMOS, which to my
knowledge has never been cracked.
Q: Will there ever be a Windows 32 version of SecureIt?
A: Probably. Provided the OS/2 version of SecureIt sells moderately
well, I expect the Win32 version to be ready in June 1997. This
version will work with 32-bit Delphi as well as the major C/C++
compilers.
Q: Where do I buy SecureIt?
A: BMT Micro, http://www.bmtmicro.com, sells SecureIt online and
SecureIt will be available for purchase through the CompuServe
SWREG facility as well.
Unless you send me cash (either Danish Kroners or UK Pounds), you
cannot register the software directly from me, since the UK banks
system charges unreasonably high fees for cashing cheques and
handling money transfers.
Q: What does it cost?
A: SecureIt costs US $149. Thus, if your program sells for $30, you
have to sell just 5 extra copies in order for your investment in
security to have paid off.
Q: What do I get for my money?
A: First and foremost, you get the means for implementing a very high
degree of security against piracy into your shareware program.
This means, that if your software is being used, you will get paid
for it!
You also get...
access to free support and upgrades to SecureIt via e-mail. I
will gladly answer both general security and protection questions
as well as more specific questions about how to best protect your
software using SecureIt,
a comprehensive document on shareware security and how to best
implement it in your program,
the source code and documentation for 6 examples of using
SecureIt, including the Clock example included in this
demonstration package,
the right to use and distribute the SECUREIT.DLL in all of your
programs as well as a program for generating valid passwords for
your SecureIt-protected software.
Licence and warranty
SecureIt is shareware. You are allowed to test the demo version for
as long as you wish.
Electronic bulletin board system operators and webmasters are
encouraged to make the SecureIt demo package available to their
users, if no special fee is necessary to access the SecureIt files,
although a general fee to access the BBS or www page is acceptable.
SECUREIT IS PROVIDED AS IS AND COMES WITH NO WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED. IN NO EVENT WILL THE COPYRIGHT HOLDER BE
LIABLE FOR ANY DAMAGES RESULTING FROM THE USE OF THIS SOFTWARE.
All trademarks are recognised.
Contact addresses
You can contact the author on any of the addresses below - Internet
e-mail is preferred.
Snail Mail: Allan Mertner
Flat 2, St Elmo Mansions
Gondar Gardens
London NW6 1HB
United Kingdom
Internet: mertner@ibm.net (preferred)
CompuServe: 100327,2035 or 100327.2035@compuserve.com
FidoNet: 2:235/100.1 or 2:254/283
WWW: http://www.bmtmicro.com/catalog/secureit.html
