Unfortunately our NDA prohibits us from sharing any insights we have gained via Steinbergs’ postmortem of the crack. Not only Nexus was affected, but all protected products. The crackers exploited an oversight that has been fixed about a month after the crack, with their newer SDK. Since then it’s been uncracked. The crackers, back then, stated that it was pure luck they found it and they don’t believe there is another way to crack it.
Nexus was last cracked at version 2.2.0 in mid/late 2009. Nothing since then, except a few unsuccessful attempts in late 2012 / early 2013.
I can tell you about the economic impact. Nexus was always selling very well (in relation to company-size etc.), but the moment the crack came out, our sales dropped to 1/3. We lost 60-65% of our revenue overnight. Fortunately we build a buffer from the years prior that kept us afloat until sales recovered over the next 2-3 years, back to their previous levels.
Now the crack is almost meaningless, as it’s so old and outdated. We’ve added new features since then and all new expansions are unavailable to the crack-users. Also the crack is Windows only (Nexus2 was never cracked on macOS) and 32-bit only. We’ve released over 100 expansions since the crack came out. None of those are usable in the crack.
The Steinberg dongle system works great for us but also has some disadvantages:
Dongle needs to be plugged in = one USB port taken
If dongle gets lost/stolen, you can’t verify that the customer really lost it. He might be lying to you, trying to get another license for a friend or to sell on eBay etc.
If dongle gets broken, customers have to send it in, so you can verify the license was really on the broken dongle (this works by holding the two pieces together on their four contact-points, thus being able to read the dongle and even copy the license to a new one).
The dongle drivers needs to be installed for the product to even work.
The customer needs to pay extra for the dongle and its shipping, or they have to source it themselves locally = no more instant gratification people get used to.
The Steinberg protection has to be actively integrated into your products. You actually need to use their SDK and write the protection code using their methods/functions/classes. AFAIK the PACE / iLok stuff is just a wrapper that you put around the finished product. It’s apparently rather easily removed. Hence the constant cracks of ALL PACE / iLok “protected” products.
The PACE / iLok system suffers from the same drawbacks as the Steinberg one, but is more expensive (per license and for the hardware) and at the same time less safe.
If you have to choose between Steinberg dongle and PACE / iLok, you should always go with the Steinberg dongle. It’s smarter, harder to crack and cheaper.