Good morning all,
Unfortunately, I had to find out today that the license manager KEYZY we use is absolutely insecure. There are already key generators that bypass the licensing.
This is of course a disaster for us…
I wanted to ask which license manager you use or if you can recommend something.
Thanks a lot
If you search for topics about copy protection here on the forum, you will find several where you can make your own opinion about the subject.
A succint TL;DR of how it usually goes:
PACE seems the most secure in the market, but it comes with its licensing system so you have to integrate with it to deliver licenses to your customers. Also there could be occasional compatibility issues that the PACE team tries to adress as soon as possible.
Any in-house protection scheme gets cracked sooner or later. Opinions about developing one range from “don’t bother with it” to “do it just strong enough for crackers to be bored/annoyed so that your product doesn’t get cracked for the initial launch period”
I am currently rolling my own, so I know I adhere to the best cryptographic standards I know. I am quite positive there won’t be a key generator for my system.
BUT: there is never a system where you just attach a module and add a single check. It is trivial for the cracker to run in a debugger and find the spot where your check is done and return the right answer instead of the result of the check.
To be effective you need to add multiple checks at variable time points throughout your code. It is easy to accidentally DRY and therefore prepare a convenient point of attack for the cracker. You have to work against your usual habits.
So that is the usual cat and mouse game. We cannot go into details about PACE, but as a hint, AFAIK they automate that tedious process for you by generating code inside your code. Have a chat with Derek and their support team (support@pace.com), if that is something for you. They don’t charge for the chat 
.
It comes at a financial cost and some labour to integrate, which some might struggle with, others might find it easy. I was on a different team, so I cannot comment how hard it is.
They tell people to allow a week for fusion, it took me around 2 days the first time. It’s one of those things that can take varying amounts of time, because you have control over how secure and efficient you make it.
It is a bit of a pain to have the step in the production line, and it’s not cheap, but I can vouch for it working. It’s not a perfect system, but it’s the best we have.
