Lock Script to Domain
Moderator: General Moderators
Re: Lock Script to Domain
One would still need to get a digitally signed key for the domain they wanted to use the script on. Every URL on every page would point to that domain name, and it's not possible to disable the kill methods.
Re: Lock Script to Domain
Um, you maybe need to reread my last post again. The domain on the pirated server will not be changed. The reverse proxy will do it for the client. The call-home will be disabled by simply denying all outgoing connections. An incoming kill signal will work only the first time, then they will reinstall and look for it and filter it on the proxy.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Lock Script to Domain
What if the script bases on the principle Fail Securely? Blocking the outgoing connection makes the script to refuse from working.Mordred wrote:The call-home will be disabled by simply denying all outgoing connections. An incoming kill signal will work only the first time, then they will reinstall and look for it and filter it on the proxy.
Re: Lock Script to Domain
I read your question right. There's a lot more to it than that. To put it midly you'll be chasing ghosts for months trying to disable kill signals.
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
Re: Lock Script to Domain
Even with apache_request_headers() your users don't need to forge their requests. An internal proxy would do the trick. We can keep going all day and we'll keep finding holes 
Re: Lock Script to Domain
I never said it wasn't uncrackable, all I said is that everyone has given up 
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Lock Script to Domain
Licensed desktop software has historically failed miserably at protecting itself from unauthorized use. I would imagine this be nearly impossible to do on the web. I hope I'm wrong 
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Lock Script to Domain
Web applications can be better than offline software in this area. If the application requires talk with the developer's server, then obviously an illicit installation will not work. The developer's server will resolve the legit domain name legit.com to an IP 1.2.3.4 and it will notice that it will not match the server's IP it is talking to. Blocking a connection to the developer's server with a firewall will just make sure the script will never run. Only thing you can do is to decrypt the whole application. Guys, I can tell you that decrypting an application that is protected by Zend Guard is totally waste of time.
Even if you succeed in this area, you will not get original source code - just lots of really obfuscated crap and you will literally have to rewrite the entire application by yourself - which defeats the purpose of cracking the application. If you crack it, you want it. You do not want to recreate the application. Even if you "just" need to rewrite 50% of the application, I would call it a recreation of the application.
This, however, only happens when you know what you are doing when you are protecting your application with something like Zend Guard. Just going for encrypting a single license validator PHP file is not that good. For sure you can always crack any applications, but we are trying to make it so slow and painful that cracking becomes worthless. Yebee I cracked it! Oh, is there a newer version out now? Cracking can become a job for someone and he would be literally doing it all day long without getting paid. If this is the case, I would consider my protection good.
This, however, only happens when you know what you are doing when you are protecting your application with something like Zend Guard. Just going for encrypting a single license validator PHP file is not that good. For sure you can always crack any applications, but we are trying to make it so slow and painful that cracking becomes worthless. Yebee I cracked it! Oh, is there a newer version out now? Cracking can become a job for someone and he would be literally doing it all day long without getting paid. If this is the case, I would consider my protection good.
Re: Lock Script to Domain
???kaisellgren wrote:Guys, I can tell you that decrypting an application that is protected by Zend Guard is totally waste of time.