StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POChallenge: maximize cost of obfuscation's reverse engineering
text
Body
copied!<p>Disclaimer: Similar questions has been asked a number of times on SO, however this question is much more specific, and has not been adequately addressed so far.</p> <p>We're developing a new packaged software, which, for business security reasons, must run on our customer's server, in PHP. The software is sold with a per-user end-license; price range is within $20-80 per user, target market is small (and web-savy) consultancies, and IT agencies.</p> <p>To discourage piracy (eg. removing the user-license enforcement), we'd like to maximize the protection of the PHP code in any means technologically available, which does not inconvenience the user.</p> <p>Let's break this down:</p> <ul> <li><p>does not inconvenience the user: no additional server-side installs (no zend decoder, or other binaries). Has to run on a plain-vanilla shared PHP host out-of-the-box.</p></li> <li><p>Maximize the protection: breaking the protection has to outweigh the cost of buying an additional license. That is, it has to take at least 3-5 working days for a professional hacker to remove the user license protection.</p></li> <li>Any means technologically available: might call home, might use high-end crypto, might implement a c64 emulator.</li> </ul> <p>To pro-actively address the so far highest-voted non-solutions: </p> <ul> <li><p>NOT looking for <em>perfect</em> obfuscation, just <em>extremely hard</em> ones (defined as: have to take at least 3-5 working days to decrypt), OR other anti-piracy methods</p></li> <li><p>NOT looking for "black-box" software packages, which I don't know how they work, and can't determine whether it fits our purpose; looking for <em>algorithmic</em> ,and out-of-the-box ideas.</p></li> <li><p>NOT looking for license/law-side protection, we already have that covered.</p></li> <li><p>We DO know, that given enough time, and focus, all obfuscation will be hacked sooner or later; we merely want this not to be the economical solution.</p></li> </ul> <p>Given the above constraints, what methods, or ideas would you use to maximize anti-piracy measures?</p> <p>Bounty-hunt: point goes for the hardest algorithmic method to reverse-engineer the code, given the constraints above.</p> <p>Update / Bounty-hunt: I've accepted Ira Baxter's answer, mostly because the rest failed to answer the core question, and attempted to question the underlying assumptions (business, closed source, yadda yadda). Thanks all!</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload