Friday, 30 June 2017

If one were to licence software how would one do it?

So, typically we write code for an employer who pays us a salary. Sometimes as a VBA programmer one considers how to get paid for software that we write on an independent software vendor (ISV) basis. The tragic news is that VBA code is easy to break into. I should imagine that is the reason why there is very little information within the VBA 'blogosphere' as to how to protect software. It is inevitable that as VBA programmers we must learn another language, one that compiles preferably to machine code and second preference to virtual machine code. But even after learning such a language what would the code protection mechanism look like?

In short, I guess that one writes code that is callable but that there is an initialisation routine at which point one checks a licence file and if licence not valid then refuse to operate so the callable parts refuse to operate. Refusal to operate should be easy enough to implement. But how to check validity of a licence file?

Using our beloved Excel as an example, a quick Google turns up the following article from accountingweb.co.uk Microsoft Excel Licensing - what you can and can't do.... It shows the limits of install backdrops in that it limits virtual PC installs as well as forbidding Server installs. However, for the purposes of this article is it essentially a per device licence. if in doubt consult his article, Microsoft Office 2013 license limits ONE install per computer. So how is a per device enforced? It must read details of the host device and encrypt them somehow and prevent tampering

I sort of knew this already, i.e. that one need to tie a licence to a piece of hardware but which piece of hardware becomes the question.

Should I use Network Interface Card (NIC) as a licence key point?

I had heard that tieing to a NIC is one way to do this, so each NIC has a unique serial number etc. etc. etc. and if you want to enumerate your network interfaces then this Superuser article would be of use Where can I find my NIC’s GUID? or perhaps this. But questions have to be asked about whether a NIC is the right basis for a 'hardware fingerprint', after all NICs do fail and then they get swapped out, should a user have to buy another licence because their network component failed?

Unique Hardware ID / Hardware Fingerprint

If not NICs then what, NICs in a combination of other devices? This question has been tossed around on stackoverflow.com at Reliable way of generating unique hardware ID and here. One Q&A even discusses interrogation code of a hardware fingerprint. CodeProject.com gives us some sample code as to how a licencing scheme might work here, here, here and here. A C# implementation is given here.

I would have though am motherboard id is better than a NIC id. If a NIC fails then a computer room operator swaps out the NIC but if a motherboard fails then they'd need to rebuild the whole computer, IMHO.

No comments:

Post a Comment