Hi. I’m working on a piece of shareware software, and I was wondering what was the best way to copy protect it in java. I’m ofcourse obfuscating the source (and it looks pretty unreadable to me), but what more can be done?
I would also like to stop the casual user from giving a copy to their friends.
(Ofcourse my second plan would be to just trust the users. They can download a copy of the shareware version and once they pay they’re allowed to download the full version.)
Thanks in advance
Any checks you add to a client-side game can be cracked, and will only have to be cracked once for the damage to be done.
If your game becomes successful, both the pool of potential crackers and the incentive for them to crack it will increase.
If big companies like activision can’t stop it, neither can we. 
You can invalidate all my statements so far by making the game server-side and just giving the players a more or less thin client… they’d have to rely on your service rather than just getting a copy of the game.
As long as your don’t release the source code or binaries for the server, anyone wanting to play the game for free would have to duplicate the effort you put into developing the server. So if you put a lot of effort into the client, but only a little into the server, this means they can duplicate your work with little effort.
So, in closing, make the client an mpeg4 player with keyboard and mouse input control. Stream the input data from the client to the server, render the game graphics on the server and stream it back to the client as an mpeg4. That should be the most crack-proof game you can make.
(or just add a very trivial web call to check if the serial number is registered, as that will stop the most casual of crackers, but you won’t waste too much time trying to do the impossible)
What I was thinking was to either make the entire package available via webstart and then require a serial key for the extended content or simply allow registered users to download the full package.
And it’s not a game. It’s a game development tool 
It’s correct that clientside stuff can be cracked, but not by the casual user. Reading obfuscated java code is not for the faint of heart although a pro might be able to get something out of it
/me is sounding like a broken record…
Pretty much any moron with some time to spare can do it. Decompilers also de-obfuscate pretty well. Variable names aren’t just “var1, var2, var3, var4” any more, though they won’t reference domain-specific things, they can be “index1, array1, attribute1, etc” which are quite easy - and for many years they’ve had click-and-replace refactoring, so as soon as you come up with a better name, you just trivially rename it everywhere.
[quote] Pretty much any moron with some time to spare can do it.
[/quote]
But morons are lazy and will probably not do it anyway
Again, it only takes one person to crack it once for the damage to be done. You can’t rely on it being hard for “most people”.
Once your application becomes big enough, it will get cracked if there’s a reason to do so. No amount of obfuscation will prevent that.
[quote] Once your application becomes big enough, it will get cracked if there’s a reason to do so.
[/quote]
But isn’t that meaning of copy protection and obfuscation; to delay cracking, not prevent it.
… and when that happens you hopefully have a bucket-loads of cash ;D
// Tomas
Well. The casual user could not use an obfuscator to save their lives IMHO ;D
And it’s just a measure to delay hacking. Not stopping it altogether which is impossible.
I guess I’ll just make a trial version and then you can download the final version when you buy it.
Shrug. Evidence I’ve seen is to the contrary. It goes:
Google - click page - click download link - select file to decompile - click OK
If someone can be bothered to read your source unobfuscated, the de-bfuscation only takes a couple of minutes more. And they’re quite possibly more likely to crack future versions now that they’ve gon to the effort of working out your logic.
I just asked my father what obfuscated java source is and he had totally no clue. I’m talking about the casual user here. Probably coupled with a fair price tag they would’nt be bothered
And complex nested loops etc. does not look very good unobfuscated.
Placing everything in the same namespace makes it even worse to look at.
When I look at some of my proguard’ed source in an deobfuscator I can only barely recognise the code because I wrote it
I recently wrote an article about main rules of deobfuscation. How can you get the algorithm from your long lost obfuscated code, or how can you retrieve back your source files when your CVS was damaged and only thing what remained was your release. It’s fun especially if you are trying to recover an original algorithm, or art data.
I used an akiere, or how it was called demo. Is there an original author?
And what an casual user would know about a decompiler?
Didn’t you say this was a game development tool? Do you think that any person who will actually use your game development tool will be a casual user?
That’s a good point