View Full Version : Opinons on the key file?
Video Dude
30th May 2005, 03:49
Whatever protection jdobbs decides on, it should be kept secret. The current key system is good. It is not intrusive.
No matter the protection, the software should still be fully functional if support for the program is ended. If "activation on install" aka "call home before install" programs are discontinued, those who paid money for the program would be out of luck if they needed to install.
Dimad
31st May 2005, 21:21
If you remember, we've already discussed it some time ago. As was said, if you think system implemented at DimadSoft.com for DvdReMake (Pro) can be of any interest to you - just let me know, I'll be glad to share info/code with you.
Even if you choose not to go with computer id related protection it may be wise to imprint info about user into program itself during download so that you will know for sure who leeked the program (if it happens).
StinkiePhish
31st May 2005, 22:52
To answer the parent topic: for me, the key file was fine, but I can see how other people would have problems.
I hate to be the pessimist of the group, but whatever protection is finally decided upon, it will get cracked. It's inevitable.
There are some great ideas that I've read in this post and it makes me feel good to see how many smart minds are coming together for *gasp* copy protection.
Good luck with this, and thanks for making an amazing piece of software that I will continue to donate towards.
@Dimad
With the greatest of respect... There is no point investing time in such schemes. I've seen in my travels non-machine locked versions of remake pro etc.. they hold no interest to me as I'm a major fan of pgcedit.
As for finger printing the files, again a complete waste of developer time. You only need to see the situation with IDA Pro and the constant releases..another example would be the XDK releases, finger prints removed.
The problem is the hackers have teams of people waiting to remove your security, if only for the Kudos. I truly feel for you as a developer (I am one too) which is why i resist and use pgcedit + ifoedit (out of principal). I do however feel strongly about time spent on "protections" when countless hours are spent on them. Only to see them beat in hours (sometimes less).
I'd hope there are enough honest people out there to pay you for your hardwork and by all means implement what you feel you need. Just no nasty calling home type protections. A perfect example of such a poor protection that HURT customers is the recent horrible episode of outage for NewsLeecher when the primary domain on the website went down and countless users were left high and dry. The ones using "fixed" .xexs were able to use the app unimpeeded (hows that for a slap in the face for paying customers).
Here you can read how the developer tries to explain what happened, IMHO too little too late, phone home calls no working = non-working s/w = angry customers.
http://www.zeropaid.com/bbs/showthread.php?t=27251
Luckily I use BNR2 as IMHO its faster and free...
Just wanted to play the devils advocate and show the other side of things when such great ideas end up hurting the paying customers..
arsmori
31st May 2005, 23:40
There are some great ideas that I've read in this post and it makes me feel good to see how many smart minds are coming together for *gasp* copy protection.
Slightly hypocritical, considering these are the same folks who populate slashdot and condemn large corporations in a single nod for that very same behavior. Suddenly, Orwellian tactics like machine ID and private tagging is AOK when one greed enter the equation ;)
Dimad
1st June 2005, 08:19
The problem is the hackers have teams of people waiting to remove your security, if only for the Kudos. I truly feel for you as a developer (I am one too) which is why i resist and use pgcedit + ifoedit (out of principal). I do however feel strongly about time spent on "protections" when countless hours are spent on them. Only to see them beat in hours (sometimes less).
That is right. With tools available nowdays it is fairly easy to hack any protection. From my little experience in this subj any publicly available fully functional program will be cracked within days (if it is of interest to anyone to crack). But I don't think it is completely useless to try and do something about it.
There is no point investing time in such schemes. I've seen in my travels non-machine locked versions of remake pro etc..
Let me not agree with you on this. During the life of DvdReMake Pro v2 (about a year, now v3 is released) there were about 5 leeked versions I'm aware of. In all but one there were attempts to remove the info about original owner (actually none succseeded, all responsible accounts were closed). Only one of the "non-machine locked versions" works correctly. Looks good to me.
Of course it took some time to implement it. And I felt strongly that it is a waste of time and I would rather spend it working on the program functionality. But now I think it was worth the efforts. I can compare to v1 which did not have any protection (apart from the fact that it was only awailable for download to registered users). When v1 became public I could clearly see in logs how much it affected people desire to get registered version.
Just my 2c. ;)
Jimroc
1st June 2005, 19:49
If I show you how I bypassed the keycheck, maybe you can make the program more secure.
Jdobbs, lemme know if you'd like to have a look.
PS. I will of course keep this to myself if you're not interested.
rayvt
2nd June 2005, 02:24
My son in college informs me that with a decent debugger at hand, he can (should he so choose) crack just about any program in half an hour. Maybe 1 or 2 hours for a difficult one. Any time spend making the program protected is largely wasted effort----it's just too easy to work around.
I'm still of the opinion that the best/simplest thing is to have a publicly downloadable program encrypted, and distribute the decryption key to only valid users. Part of the "key" would be user-id branding information (user name, etc.).Use a different key for each version. Also in the distribution zip file would be a program which would decrypt the executable and brand it with the user-id. There are plenty of simple, free encrypt/decrypt programs available, to do a rock-solid crypto algorithm----AES, blowfish, RC4, triple-DES, etc.
p200002
2nd June 2005, 02:46
DVDRemake Pro has been cracked twice in the past 12-month. IMHO, none of the protected program is not hackable. The current method of distribution is not bad. We really shall spend time on how o improve the program than discussing various approaches of software protection, otherwise what's the difference between us and MPAA?
ShadowKnight
2nd June 2005, 10:21
I have to ditifully disagree with those who say it is a waste of time to protect the software. The reality is that software will be pirated, yes, no one will argue that... but if you make it harder on your average person, then you will prevent some piracy.
There is no elegant solution, and perhaps the best way is to fingerprint the software. Perhaps you could complicate the pirates job by making the program code itself reliant on the copy protection to function properly. The only think I know for sure is that the software will have to find a way to overcome the piracy aspect.
The biggest issue I see, is that everything from CCE to Procoder can be pirated and cracked, and DVD-RB will not be an exception to that. But that doesn't mean you cant combat the piracy to slow it down and add trip wires to mess with the ecodes on cracked versions.. throw out some error codes... LOL have some fun.. How about, error code $$$ you did not pay for this version, your 6 hour encode was now a waste of time, please register your version of DVD-RB-Pro :p
Just remember whatever happens, that many of us do respect what you have done for us jdobbs, and will gladly pay what we can afford to contribute to compensate you for all the time and money you saved us.
Perhaps the best anti-piracy you have is marketing to peoples' reasoning.
"By Backing up just one DVD from your collection, you can save yourself $20, in replacement costs of a DVD. And by spending that $20 on this program, you can rest assured that you will have the most stable software to help you protect every DVD in your collection."
"One man gave up years of his life in persuit of protecting DVD collections around the world, and all you have to give is the price of a single DVD that he's saved you from damaging."
I dunno; I better get to bed... good to see everyone here, I've been busy lately... but still appreciative of what your doing Jdobbs. You deserve to be repayed and more for all your hard work!
Numer0bis
2nd June 2005, 22:17
WEll unitl now I only saw one pro version floating around on piratebay and is still a old one. The Problem will be that the crackers have to crack every version again, so some copy protection will help, but won't stop piracy
jdobbs
2nd June 2005, 22:54
Ok, thanks for all the inputs...
I'm not a protection nut... I know nothing is perfect. That isn't the point here. A determined person could crack any key given enough time and effort. The purpose of this thread was to make sure that the key isn't "burdensome"... not to debate keys.
While it isn't perfect, it just might help me from working for nothing. The most important thing is that whatever method is used it needs to be non-intrusive -- I don't want anyone to get "put-off" because it is a pain-in-the-ass.
Edsel
2nd June 2005, 23:32
I have to ditifully disagree with those who say it is a waste of time to protect the software. The reality is that software will be pirated, yes, no one will argue that... but if you make it harder on your average person, then you will prevent some piracy.
But that doesn't really address the issue of "waste of time". By wasting time, we're talking about the benefits received vs the time invested.
Sure, he can spend 100 hours developing a copy protection scheme, dozens more hours debugging it, countless hours in tech support trying to understand why the protection is failing for legitimate customers, then repeat the entire cycle spending dozens more hours updating the protection when he discovers it's been cracked in the first week, and "some" piracy will be prevented.
But, those hundreds of hours are hours not spent on adding new features, improving old ones, etc.
And at the end of all that work (if it ever ends, since each "side" keeps coming up with new schemes to defeat the other's last move), he'll have *NO IDEA* how many pirated copies difference it made. One? Ten? A thousand? How many users will contact him and say "Gosh, I was going to pirate this, but I couldn't manage it, so I bought the program instead"? A handful at best.
The current key system along with blacklisting will work fine to discourage any casual pirating. If the product is good and reasonably priced, and RB is, people will buy it.
ShadowKnight
2nd June 2005, 23:48
well, the point here is that without any protection, pirating will be more widespread.
I think the current system will work fine, but that perhaps dimads system should be adopted in order to aid in fingerprinting so to speak. But I dont know if that would be considered to burdensome for some people.
I had no problems with the current system, but I also think it would be relatively easy to crack it and not have any idea who did it. But since we dont need to be debating this here, lets just let it be what it is for now.
The key works, it was easy to install, just drag and drop, and no issues at all from it.
rayvt
3rd June 2005, 06:22
As a one-time pretty successful shareware author, I would say that the best way to "protect" your software is----make it cheap. People would pay me $15, but wouldn't have paid $25. Also, (remember, this was long before paypal) foreigners had a hard time sending me American money. I have a check denominate in US dollars ($25 to be exact) in a frame on my office wall. The German bank it is written on does not have a Federal Reserve Board routing number, and banks here charged a $30 fee to cash it.
I made one of my sharewares to be "postcard-ware". The fee was "if you like my program, send me a pretty picture postcard." I got THOUSANDS of postcards from all over the world--probably 1/3rd of them from outside the US, including Japan, Taiwan, S. Korea, and Beloruss. I would have *never* gotten cash money from outside the US, and would likely have received less than $100 if I had charged even as little as $5.
casonbang
13th December 2005, 10:24
I can't find any way to download a current installer and current keyfile. I downloaded the installer from the last email but forgot to save the keyfile. Now I can't get any versions that I have saved to work with the keyfile that I have saved (and no idea what version it is).
So I guess my suggestion is some way for us registered users to download DVD-RB and the keyfile again. I registered with the site and checked all of the related DVD-RB sites and couldn't find any way. And the links from an old email I found no longer work so I can't even use that. :-\
jdobbs
13th December 2005, 12:02
The key file is unique to each version. I'd suggest you just throw older versions away -- if there weren't improvements and fixes there would be no reason for another version.
If you wanted to step back one version, however, the keyfile is always kept online for the current version and one prior. Just don't delete the notification e-mail. The installer and keyfile links that are in the same notification work together.
The keyfile mechanism is changing for v1.05.
ron spencer
14th December 2005, 02:00
will it change so that it is machine dependent...i hope not
Rockas
14th December 2005, 02:06
will it change so that it is machine dependent...i hope not
Why not?
ron spencer
14th December 2005, 02:23
it is a pain...but that is my humble opinion only....I steer clear of stuff I cannot use if I build a new machine, or internet is down, etc. Is just a pain, while I do believe in IP management I think this product activation, machine dependent stuff is aweful.
He has said in other posts that the cracked versions he has found have not worked, so I hope there is no change; I do not think it will be good for sales.
Again just my 2 cents. I think the current system is fine.
blutach
14th December 2005, 11:14
Why not?For those of us that run our DVDRB copies on 2 machines. :) Nevertheless, progs such as DVDRMP seems to get around this by giving you up to 5 machine dependant codes (you actually register the PC on dimad's site) - I, for one, would be happy with that approach.
I think the current mechanism works too - however, if it needs strengthening to avoid people pirating jdobbs's work, then strengthen it by all means.
Regards
casonbang
14th December 2005, 11:23
The key file is unique to each version. I'd suggest you just throw older versions away -- if there weren't improvements and fixes there would be no reason for another version.
...
The keyfile mechanism is changing for v1.05.
I guess saving previous versions is a habit I learned from the early DVD-RB beta testing days. ;)
Carpo
14th December 2005, 12:09
it would be best to send an email to dvd-rb(at)dvd-rb(dot)com as stated in the email :helpful:
jdobbs
14th December 2005, 12:44
If you want to keep a working copy of old versions for reuse, just throw the "c:\program files\dvd-rb pro" directory into zip file and save it before running the installer. You could also create a subdirectory under that one and just do a copy and paste. That way if you wanted to run it, all you'd need to do is point a shortcut to that executable.
But about the only thing thats good for is comparing to see if a bug was introduced in the new version. Otherwise its always better to use the updated code.
dragongodz
14th December 2005, 14:27
For those of us that run our DVDRB copies on 2 machines. Nevertheless, progs such as DVDRMP seems to get around this by giving you up to 5 machine dependant codes (you actually register the PC on dimad's site) - I, for one, would be happy with that approach.
if you mean the pc being registered has to be coneccted to the net aswell then thats also a major pain.
i have a second pc that will eventually be used for encoding etc and it doesnt and never will be connected to the net. so any registration that requires that will make using the second pc impossible.
also if there is any connection problems then this type of registration can fail aswell. i mentioned some time ago how i can no longer download the key as normal but have to go through a proxy. i even gave jdobbs my isp etc and he couldnt see why it wouldnt connect as its not being specifically blocked. still happens though.
also being locked to your hardware is a major pain if you do lots of upgrading. whenever i upgrade something in my main pc the old part goes to the second pc, so they both change. also the second pc gets its own upgrades if i find something xheap at the computer market or second hand(a copuple of pc places here sell second hand parts). windows xp, which is only on my main pc, is already a major pain in the @$$ for this so i personally wouldnt like it.
just my humble thoughts on the matter anyway.
ron spencer
14th December 2005, 15:13
I also think that by making machine dependent it is bad business. Who reads licensing arrangements anyways? Most people do not read the parts that say you need another key when you add RAM..so when this happens and the key is unavailable people freak and go the "dark route". I have read on other boards that when Adobe had machine dependent photoshop that alot of pros simply downloaded the keygen to protect their pruchase...and many needed it on shoots when PS would just crap out and require a new activation. Now DVD Rebuilder does not cost alot and you likely would never be offsite, but I wonder just how many of the keygens for PS made it from the pros to their friends? I think this would happen with DVD Rebuilder.
Downloading your own key is nice now.
In any case, just how much of a problem is piracy with DVD Rebuilder anyway? If not then why change anything?
jptheripper
14th December 2005, 15:14
my opinion
do whatever you need to to satisfy your feelings that the software is reasonably secure from being stolen/cracked
hell have the key file write my email into the properties in the ifo file. If you are only doing legal backups, it doesnt matter
as for connecting to the net or hardware, net is a bit annoying, hardware is not. If you get a new motherboard, request a new key. Its not that hard, how often do you change mb's anyway, once every couple years?
Hell you could hardware key it (on parallel or usb port) for all i care, but that would drive the price up.
If ppl dont like how you key it, the best thing about this free country is, they are free to choose a different comparable software (of which there are none :)
my opinion
ron spencer
14th December 2005, 15:19
of course they are free....but once annoyance gets built in then most will have no issue in ripping it off. I think he should protect his product, but there is a fine line between protecting and causing others grief which affects your bottom line; just ask Adobe.
But I ask again, is piracy of this program a problem?
jptheripper
14th December 2005, 15:41
it absolutely is
i have seen repackaged releases of it (i wont say where)
that and with a small program with limited release, every penny deserves to go to the author
Video Dude
14th December 2005, 15:46
if you mean the pc being registered has to be coneccted to the net aswell then thats also a major pain.
i have a second pc that will eventually be used for encoding etc and it doesnt and never will be connected to the net. so any registration that requires that will make using the second pc impossible.
I hope this is not the case. I also do all my video stuff on a dedicated PC without a network card, so it would be impossible for me to connect to the internet with that computer.
jdobbs
14th December 2005, 16:04
I never realized how bad piracy kills a program before I started work on DVD Rebuilder. It happened on several of the prior versions -- even the freeware versions have been released with "cracks" (go figure)...
Every time my donations pretty much stopped.
If anything kills DVD Rebuilder or independent software development in general -- it will be piracy.
jdobbs
14th December 2005, 16:08
BTW. I'd never come up with a keying scheme that required your computer to be connected to run -- not would I create phone-home software.
The key concept I'm working on would require a connection to the internet just to get the key -- just like now. That key could then be transferred to the non-connected computer. It also allows for more than one key for each registered address. I use it on more than one computer, so why would I expect someone else to.
ron spencer
14th December 2005, 16:26
well I was under the impression that these repacks did not work (from posts on this forum). But simply put a crack is a crack, it may or may not work.
I do not mind having to get my key from the net, but I would like to be able to take it, copy it, and transfer it where ever I choose (I only use one instance anyway). It is just my expectation of any software that I purchase to provide this immediate flexibility. If this is the case for the new scheme great!!!!
But if the keys are tied to the machine then I think it gives the crackers more impeteus to crack the program...more of a challenge. Then when an end user tries to use it later they say "huh" getted angry, and go the crack route, or even worse tell everyone they know NOT to use that program.
It is tough for developers...and yes my post is a bit selfish as I want flexibility, that I admit to. But I can only provide my opinion; that is all.
jdobbs
14th December 2005, 16:39
As is always the case, in the past some of the cracks worked, some have not. Some of my favorites are the ones that show a "This software has been cracked" message in the middle of the picture on random chapters after you've gone through 2 hours of encoding.
If someone wants to use Rebuilder for free -- they should download the freeware version. That's why its there.
Carpo
14th December 2005, 16:43
the process it clean and easy (when u use it right) :devil:
ron spencer
15th December 2005, 02:27
I see the new version V1.05 requires internet access for key and is machine dependent...is a pity I think.
aaron10
15th December 2005, 02:49
@ron spencer
Either you're misreading/misinterpreting or I'm misreading/misinterpreting. I think the second post on this page says nearly the opposite of what you're intimating. Moreover, you always needed internet access to get the key, so nothing has changed there.
SpazzHH
15th December 2005, 02:51
I see the new version V1.05 requires internet access for key
That's no different than the older versions
and is machine dependent...is a pity I think.
Even though jdobbs is doing his best it seems to avoid total clarity on the issue, all he has said so far is that the keys are tied to the registered address in some way, so let's give it at least a chance before panicking. I'm sure He's doing as little as he feels he must in order to protect his investment. ;)
ron spencer
15th December 2005, 02:58
actually:
"The downloaded key is personalized to your unique computer via
a computed "System ID" and your registered e-mail address. It
will not work on other computers. If you need to run DVD-RB on
other computers for your personal use, you must use the Reg-RB
utility (included) to generate a unique system id and key for
other system(s). "
"Your registered e-mail address is limited to a total of five (5)
unique system IDs."
Sorry to see this...it is a shame, especially for those with one system who change alot of stuff all the time for fun as a hobby. This will create issues and will double the efforts for the cracker folks.
Oh well...I am not pleased, but that is my opinion only.
I do not mind downloading a key (I admit I was not clear on this)...but it should work on any machine I have without having to get another key. It seems to me he has changed the licensing schema under us. This is like DVDRemake now.
Pity....
jdobbs
15th December 2005, 03:36
Sorry. I'd suggest you send a nastygram to a hacker...
I'd also suggest you wait until you have a problem before you complain about it. You don't know what comprises the System ID or whether it will ever change yet.
ron spencer
15th December 2005, 03:50
As I said it is my opinion only...and I resent the hacker reference.
Simple fact is that I cannot port this prog to my cottage computer without bringing it home, getting on to internet here, and getting my key, which is nonsense.
Programs like this really rely on word of mouth, which I have been doing diligently since V1. Now I fully expect that if anyone took me up on my advice and bought it that I will be hearing from them. They will also hear of your hacker reference.
I agree that you need to protect your IP, but this way treats us all like kids who will give away oue keys, and your previous posts in this thread never hinted at this.
You had a great idea with wrecking the video on hacked verisons. Nothing better than wasting an all night encode to get you to buy it.
Now:
how about you specifically tell us what will change the System ID. I reinstall 3-5 times per year, add ram a bunch of times, change hard drives all the time...so what will?
You can choose to do whatever you want with your proggy, but I doubt it will have the allure it once did. It certainly does not for me.
But as I said before, this is just my opinion; sorry.
jptheripper
15th December 2005, 03:50
yeah no kidding.. i read the "but it should work on any machine I have without having to get another key." statement as "i would like to give it to all my friends with only having to pay for it once" otherwise the statement is silly. Are you really gonna run rb on more than 5 machines? if so, you should buy more than one copy.
ron spencer
15th December 2005, 03:52
you assume that I am giving away the program then?
jdobbs
15th December 2005, 03:57
Let's drop this. It has to be done... or I shut the program down. Simple as that. I can't go on losing money forever, I'm hoping at some point to at least break even.
ron spencer
15th December 2005, 04:03
then that is fine...if you have issues on quitting the program/losing money then state them, but don't say that I should go see a hacker to "fix" your prog; what is a prospective purchaser going to think if they are on the fence given the licensing scheme and sees your comment? I do not want to see any developer go under, but I should be able to express an honest opinion about what I feel is a wrong policy.
If you were losing money then say that...don't beat around the bush.
As I said many posts before this is my opinion...trash it if you want but don't trash me.
But I still have to ask, what will change the system ID?
dragongodz
15th December 2005, 04:05
the process it clean and easy (when u use it right)
sorry but nice in theory but not true for everyone in practise. the new system in 1.05 can not get the key for me just as i could not download the key without using a proxy for older versions. this only changed when my isp was bought by a larger one(3rd biggest in Australia). i am working with jdobbs to try and see exactly why its not connecting but until thats worked out jdobbs would have to personally email me keys.
having to have a pc connected to the net to GET a key is not a big deal since, as others have said, you have always had to be connected to get a key. my only concerns with this was how this could fail and needing to have any pc that you wished to use DVD-RB with needed to be connected. since jdobbs has said
That key could then be transferred to the non-connected computer
the second part will not be a concern.
as for connecting to the net or hardware, net is a bit annoying, hardware is not. If you get a new motherboard, request a new key. Its not that hard, how often do you change mb's anyway, once every couple years?
actually for me the hardware i.d. is more the pain. if it was just the motherboard then ye thats updated the least so not so bad but other hardware, such as cpu etc can get updated more often.
actually for motherboards AMD seem to want people to keep upgrading aswell. i was looking at getting a socket 939 board since there are some cheap ones now but have put that on hold since i read about them changing sockets again early next year to socket M2. hopefully they will stick with that for a while. ;)
If ppl dont like how you key it, the best thing about this free country is, they are free to choose a different comparable software (of which there are none
ye and people are free to raise reasonable concerns without having a smart@rse remark like that. oh and we live in a world not a country incase you didnt notice. :devil:
on30trainman
15th December 2005, 04:06
jdobbs,
My only comment on the new keying scheme is that it would have helped a dummy like me (an older guy with a diminishing mental capacity), who has his DVD-RB on a non-internet connected machine, to have put a note in the e-mail to READ THE HELP FILEin the Key File Registration screen.
I know that statement is in the Rebuilder.txt file but well into it. I didn't see it until I spent some time trying to get RB to work and was getting quite frustrated. The HELP file tells it all.
Just my two cents worth.
Steve W.
SpazzHH
15th December 2005, 04:09
I wouldn't assume that. Then again, when I read jdobbs message, I took it to mean, send a nastygram to a hacker because they are the ones to blame for us all having to go through all of this mess. I sure am sorry you took it as a personal attack.
dragongodz
15th December 2005, 04:10
wow, last bunch of posts happened while i was typing mine.
maybe this is all going on beyond reasonable concerns. i think jdobbs knows peoples worries now anyway so lets just all drop it for now and see how things go instead of starting to accuse people of things etc.
jdobbs
15th December 2005, 04:15
then that is fine...if you have issues on quitting the program/losing money then state them, but don't say that I should go see a hacker to "fix" your prog; what is a prospective purchaser going to think if they are on the fence given the licensing scheme and sees your comment? I do not want to see any developer go under, but I should be able to express an honest opinion about what I feel is a wrong policy.
If you were losing money then say that...don't beat around the bush.
As I said many posts before this is my opinion...trash it if you want but don't trash me.
But I still have to ask, what will change the system ID?That's not what I said.... I said the complaint should go to the guys who are forcing this... not me.
vBulletin® v3.8.11, Copyright ©2000-2026, vBulletin Solutions Inc.