How to make Trial Plugins for 10 days
-
@christoph-hart said in How to make Trial Plugins for 10 days:
@Lindon: You can implement this scheme in HiseScript but as @ustk said, as soon as somebody reverse engineers the binary, you have lost (and having a hardcoded copy protection scheme in HISE will not add more security).
Im not sure I understand how they can do this...even if they can "read" the source code - but cant alter it....the plugin sends a message somewhere and gets a public key encrypted message back - which they cant really crack - then it acts on it, explain to me what i'm missing here..
-
@lalalandsynth But not sure either they would buy it :)
-
@Lindon It doesn't really matter how you communicate with your server and what safe checks you encorporate to make it harder to simulate a legit license. At some point you have to ask
if(isUnlocked()) { // proceed as usual }
And this is usually where the crackers come in and change the function to always return true.
-
@lindon Whatever you do upfront, in the end you will have to set off a muter in your plugin, or stop a timer, or allow MIDI note... And it will always be an if statement that does this. So change the "if server ok" into "if server not ok" and the plugin is cracked...
They analyse the bits that are set or tested when the plugin runs, then they just have to change a HEX value somewhere from false to a true or vice versa and repack the binary... -
Except for AAX since they are protected against binary alteration.
If one day other formats can allow this, then this day will be protected... In short, never... -
@ustk I guess that is the whole issue , if they dont plan to buy it , they might use a crack and if they do there is no real incentive to buy it , having it be free with a nag screen might ?
Of course I have nothing to back that up except for the Reaper model.
-
@christoph-hart said in How to make Trial Plugins for 10 days:
@Lindon It doesn't really matter how you communicate with your server and what safe checks you encorporate to make it harder to simulate a legit license. At some point you have to ask
if(isUnlocked()) { // proceed as usual }
And this is usually where the crackers come in and change the function to always return true.
Obviously yes - but changing this line of code breaks the codesigning...so the Mac version wont work anymore...
-
@ustk said in How to make Trial Plugins for 10 days:
Except for AAX since they are protected against binary alteration.
If one day other formats can allow this, then this day will be protected... In short, never...which is my understanding of the codesigning process on MacOS....but I've been known to be wrong.
-
@lindon said in How to make Trial Plugins for 10 days:
Obviously yes - but changing this line of code breaks the codesigning...so the Mac version wont work anymore...
I assume people who are using "pirated" software don't care too much if it's codesigned, I would also guess a "pirated" version of Pro-Tools doesn't care either.
@ud-audio said in How to make Trial Plugins for 10 days:
This might not pay all your bills but I think it's not a bad system
Some of my libraries cost $10000+ to just record the samples, then there's a whole bunch of costs on top of that like scripting, graphic design, demos, marketing, hosting, etc. I'm happy just to recover my development costs, if I'm able to pay the bills too then that's a great bonus :)
-
@d-healey said in How to make Trial Plugins for 10 days:
I assume people who are using "pirated" software don't care too much if it's codesigned, I would also guess a "pirated" version of Pro-Tools doesn't care either.
Yeah obviously, but I dont think it matters much what they care about - what matters is will their DAW load an unsigned plug-in? - and as a a side order is the pirated version of their DAW altered so drastically to allow this sort of thing?
So I think the answer to both these questions is: No.
So the approach I suggested seems to stand (and works) for me - so I think my request for a public key system in HISE is valid.
-
@lindon said in How to make Trial Plugins for 10 days:
So the approach I suggested seems to stand (and works) for me - so I think my request for a public key system in HISE is valid.
As far as I know only Pro-Tools supports AAX and Pro-Tools isn't the DAW of choice for virtual instrument work, so that's only a small part of the market that has this extra check. Let me know if I'm wrong but I think Pro-Tools uses iLok which has been cracked several times, I assume a cracked version of Pro-Tools can load cracked plugins.
-
@d-healey said in How to make Trial Plugins for 10 days:
@lindon said in How to make Trial Plugins for 10 days:
So the approach I suggested seems to stand (and works) for me - so I think my request for a public key system in HISE is valid.
As far as I know only Pro-Tools supports AAX and Pro-Tools isn't the DAW of choice for virtual instrument work, so that's only a small part of the market that has this extra check. Let me know if I'm wrong but I think Pro-Tools uses iLok which has been cracked several times, I assume a cracked version of Pro-Tools can load cracked plugins.
err.. I'm not talking about ProTools as the "DAW in question" here, its ANY DAW on MacoS...
-
@lindon Oh I thought it was something special to AAX format. I'm able to load unsigned VSTi plugins into Reaper on Big Sur without issue.
-
@d-healey hmm, not supposed to be able to do that...apparently...tho maybe theres a difference between unsigned and broken signed...
-
@lindon Is it not just an AU thing? i.e Logic is the only DAW which checks the signature
-
@danh my understanding is that all DAWs are required to check the plugin is signed correctly...
-
@ustk said in How to make Trial Plugins for 10 days:
Except for AAX since they are protected against binary alteration.
I'm just wondering if vst3 have this protection too.
Many games have this protection. If u alter the binary, it gets corrupted -
-
Here's an idea :D
What about if HISE could generate a hash of the binary and that hash could be uploaded to the server along with the authentication details or request for download links (whatever server thing you do). If the binary has been adjusted by a cracker the hash would be invalid and the server would refuse to authenticate the request.
-
@d-healey looks good to me! Many games I I believe are using this method today.
Despite this, I believe vst/audio software licensing model will change soon.