Protecting without EXE wrapping

[Jetheat]

Many products online which offer to protect CDs use exe wrapping as their solution.

On my CDS, I have 2 exe files and a bunch of AVI files plus some other bits and bobs.

Is there a solution I can use to protect my CDs from being copied to hard drive or on to another CD.

Of course, I understand that every preventative measure has an anti-preventative measure and if someone wants to break it badly enough, they will.

But I need something for general public.

I'm about to sell a bunch of CDs but I don't want them copied and then returned to me for a refund.

I'll be outsourcing the duplication of my CDs and so I'm looking for a CD copy protection solution which takes the least amount of trouble to implement.

I've heard of USB Dongles which need to be present in the USB drive before the user can view the CDs. This may be a good solution but I don't know where I can get them from or if they are cost effective.

Any solutions or ideas?

JH

[TippeX]

outsourcing, so you're going to make an image, and send that for duplication?
if you're doing that, and its not an industrial duplicator, then you cant use disk signature algorythms, and all you can do is use some encryption or stuff on the files themselves

dongle could be a good idea, but dont forget dongles can be emulated or cracked (yes, even the commercial ones)

you also need to think about the distribution media too,
do you intend for the files to be run from the cd/dvd or to be installed to hdd?

if its the second option, you could encrypt the files on the cd/dvd, and only decrypt them when someone phones you for an unlock code etc, that way you can (not 100% tho) keep tabs on who has the program...

so you've got the drm method, dongle method (probably costly, and not really worth the effort) or disk signature method (in which case you need commercial protection like securom, safedisc, starforce and so on... all of which you will have to pay for)

without really explaining the model you're using and your target audience, and the amount of purchases you expect, its hard to build up a good solution for you...

[Jetheat]

Thanks for your reply and help.

I'm not going to make an image. I'm just going to send the master CDs to them for duplication.
On these CDs, there are a bunch of AVI videos. There is also an exe player for these videos (CamPlay) and there is another executable file which displays the files available.

So I can't just protect the 2 executable files because someone can just extract the AVI files and play them with some other compatible player.

I do intend for the files to be run directly from the CD because if they could copy them to the HDD, the customer can simply do that and return the CDs for a refund under my 30 day money back guarantee.

This is why I need them kept on the CDs. If they ask for a refund, they have to return the CDs to me and I can assume that they did not manage to break the protection and copy the contents to their HDD.

Starforce, Securom, Safedisc etc... generally wrap the executable in their own wrapper but in my case, the AVI files and other relevant files would remain unprotected.
Furthermore I would have to buy the CDs from them and then hand these over to my duplication company.

I don't mind paying for a solution but I need one which will work with minimal hassle.

I think the dongle solution may be best but I'm not sure how much it would cost. It may be cost prohibitive.

I'm expecting about 50 purchases or a little more.

Any suggestions?

JH

[TippeX]

hmm for that sort of protection the only thing that springs to mind is settec alpha rom, that, or making your avi's into dvd format, making a menu and so on
for 50 purchases or a little more (guessing not > 100), then commercial replication (safedisc, securom, starfoce etc is probably not an affordable option), and sending the master disk to your replicator will do nothing protection wise, as you won't have anything protected by doing that... and the disk will be easily copied

it sounds like the 'real content' is the avi files, the exe's are probably just shellers or something not important, so perhaps drm might be the way to go

tricky situation, 1000 or more disks to be produced could probably get you decent protection (only on the exe's probably), usb dongle probably isnt worth it (it cant protect the content too much)...

[Jetheat]

I just had a look at the alpha rom solution but that seems to only protect exe files.
It doesn't mention anything about protecting other items on the CD.

Although I'm expecting to sell 50, I'm actually hoping to sell a lot more - possibly over 100. I am getting the course of 18 CDs duplicated in sets of 10 though.

You mentioned DRM as the way to go. What do you mean by that and how is that implemented. Any idea on costs? I can only afford to shell out a maximum of £15 per set sold.

You also mentioned that USB Dongles can't protect too much. Do you mean that their memories are too small to protect all my content on all 18 CDs?

JH

[TippeX]

alpha rom works on dvd movie format afaik..

so think if the exe's you have are really needed, or could you do it better/another way using dvd menus...

drm (digital rights managment) works on licenses, where if the person does not have the license to view the movie... they cant view it, you're using avi format, so you can put drm in it

http://www.microsoft.com/windows/win...s/drm/faq.aspx

£15 on each set might be too low though, as for the usb dongles, all they can really do is provide code protection - so again, only protecting exe's, memory isnt really a matter here...

realistically i think you have an issue here on cost / profit vs. cost of applying protection, with such a low volume, commercial protection might be 'out of your league'

[pikachu5501]

when i sell my own product to companies, i use what i call "personalized digital fingerprint". I hide somewhere a personalized number on the exe and some of the overlay/data file that will be shiped to the constomers. Of course, there are aware that the copies a personalized in some way and if i find they copy elsewhere, there will get they ass sued.

Not usefull though if you want to make mass distribution of you product.

[Jetheat]

Unfortunately, mine will be mass sold.

I also dont want to keep track of keys and numbers if I can help it.

[caki]

Here, try this. Never used it before, nor do I know if it works. Also you mentioned that you will be mass producing them so I don't know if you want to go through this kind of trouble for each CD

Oh and it can probably be easily defeated with Alcohol 120%, but I doubt every one of your customers is that tech savvy.

http://rapidshare.com/files/55266883/Krypton05.zip.html

Unfortunately it does not have content protection

Another matter that you might choose to pursue is this:

Package your original app and all its files with Thinstall:
http://thinstall.com/

But make sure that your app only runs if it gets a certain command line argument, that is secret and only you know about.

Then make a loader exe whose sole purpose is to run the Thinstall exe with the secret command line argument. Protect the loader exe with Krypton with cd checking enabled.

I suppose that would work if you're willing to dish out the $$$ for Thinstall.

[Muji-FightR]

You could also try Molebox, people tend to forget that it supports packaging of 'normal files' as well, not only exe and dlls.
But I think Thinstall is more compatible (e.g. .NET support - according to their website, can't confirm that) and stable. Dunno about Thinstall, but defeating Moleboxed apps is a matter of 2-3 minutes...

[caki]

Molebox unpacks everything to the HD in the end. Thinstall offers <get ready for it>

/drumroll
/curtainslift
oooooooooooo aaaaaaaaaaaaaaaaahhhhhhhhhhhhhhhhhhhhhh

COMPLETE VIRTUALIZATION

[Muji-FightR]

How do you mean, it unpacks everything to HD ?
Are you sure ?

The CreateFile shit for DLLs is only used to get them loaded properly, the actual content is not copied to HD, only some sort of mini-dll-stub...

I don't know that much about its inner working, but MB's 'virtual files' (if you can actually call it that way) are readonly, so you access files via CreateFile and ReadFile and Molebox's redirections/hooks take care of 'opening the file', returning a (fake/internal ?) handle and writing the file's content to a buffer.

In contrast to Thinstall it does not offer virtual registry access or writing to virtual files...
Doubt that's needed for his purposes but basically you're right, Thinstall is the more professional solution

As a result it's more than 10 times as expensive as Molebox, just an option if you don't have 5000$ for a Thinstall license...

[caki]

Quote:

I don't know that much about its inner working, but MB's 'virtual files' (if you can actually call it that way) are readonly, so you access files via CreateFile and ReadFile and Molebox's redirections/hooks take care of 'opening the file', returning a (fake/internal ?) handle and writing the file's content to a buffer.

Nope, not sure at all. From reading the tutorials about it I guessed that it unpacked all to the HD. I Guess I was wrong. I'll check it out sometime

[Muji-FightR]

I was short before writing a tutorial about unpacking all molebox files (that way you can even get the virgin dlls) but then I found myself in some sort of mental meh-state so I aborted it before even starting to write lol

If you need a quick start, try CharUpperBuffA ;D