What are the benefits of using HISE activate over a simple copy protection solution written in HiseScript?
There are a few solutions for implementing a simple copy protection solution, eg. like suggested in this forum topic.The problem with these approaches is that whatever security trick you will think, of in order to secure your plugin, the attack vector will always be that hackers will read the HiseScript code that's embedded into the plugin's binary and just change a human readable:
var isUnlocked = checkActivation();
if(!isUnlocked)
{
doSomethingToDeactivateThePlugin();
}
var isUnlocked = true;
if(!isUnlocked)
{
doSomethingToDeactivateThePlugin();
}
This approach is not possible with the HISE Activate copy protection because the security layer is moved to C++ so the hackers have to reverse engineer some moderately obfuscated C++ code in order to find all activation checks which raises the required skillset from noob script kiddie to averagely skilled cracker.
What's the benefit of using HiseActivate instead of another 3rd party software?
Simplicity. The shared experience of myself and other HISE developers trying to embed 3rd party copy protection suggests that the effort vastly outweighs the benefit as you would have to write custom C++ code, hack around in the HISE codebase to add license checks and then having to deal with a random API from another company that might have good support or, which is more likely, doesn't.
The process for integrating HiseActivate is as easy as adding a script to your projec, define the UI logic and skin a ScriptPanel for the activation process and done.
The integration with your eCommerce solution should also be pretty straight-forward, as all you have to do is to create a list of serial keys in the HISE server backend and add them to your eCommerce shop that assigns one of the serials to incoming purchases (which is a pretty standard feature and should be supported by the majority of existing eCommerce solutions).
Is HiseActivate a bullet proof copy protection? Can you guarantee that my product will not be cracked and do I get my money back if it will?
Absolutely not. The copy protection philosophy behind this copy protection scheme is: We will use industry standard algorithms and best practices to prevent easy hacking (in fact the core of the copy protection solution is built upon the juce::OnlineUnlockStatus class), but as soon as your plugin will catch the attention of professional cracking crews, it will be only a matter of time until a crack is released. However this might take long enough to create enough revenue at the release sale to justify the implementation of the copy protection vs. something that is cracked within days by amateur crackers.
Why do you run a dedicated server? I'm not comfortable with sharing my client data with somebody else ?
The copy protection scheme requires that the data for identifying the license is encrypted on a trusted instance with a RSA key matching the one that is embedded in the plugin's binary:
- the user email & serial key used for the activation
- the product ID and version
- a unique string that identifies a computer system for limiting the amount of activations per license
- a secure timestamp (for expiring licenses)
However the entire logic of validating the license data requires a database of license activations so in order to implement this properly we need to query and store those informations at the activation process.
We'll guarantee that these informations are not used for anything else than the pure activation process - the customer database is your customer database. Also we will never ever store any other sensible data like credit card information or other personal details.
Sure, thats a nice little copy protection you have here. But would it be a shame if I would run my own server instead?
Sure you can. The plugin side of the copy protection system is part of the HISE codebase so if you are willing and able to implement the server side on your own there is absolutely no limitation on why you shouldn't.
Our experience and the fact that all of those classes are available since a few years (The Unlocker class is available since 2020 and I've posted the PHP script to the JUCE forum in 2014) has shown that this approach is not feasible to most developers as it requires some advanced web-development skills to implement this and what needs to be done highly depends on your eCommerce solution, hence our approach of offering a much more straight-forward solution by outsourcing the activation task to a dedicated server.
I want feature XXX for my product. Is it possible?
We've started the server with a minimal feature set that should cover most use cases, however we're happy to extend the server features if it's a reasonable request that other developers also might benefit from. If you're unsure about whether the feature set fits your requirements please get in touch with us to discuss.
Last Updated: 2nd December 2022