HPE Community
Operating System - Linux
1826234 Members
2361 Online
109692 Solutions
New Discussion

Linux question-Developing mechanism for once install and throw-away CD

 
SOLVED
Go to solution
SNODX XDONS
New Member

‎02-06-2002 12:53 AM

‎02-06-2002 12:53 AM

Linux question-Developing mechanism for once install and throw-away CD

Greetings,

I am posting this question here because HewLett-Packard are the makers of Compact Disc hardware and software

This forum I felt was the most appropriate for this question, because it deals with Linux and CD installation

I have developed a software application that runs on Linux using GNU G++ compiler (which compiles C++ code). I want this software to be distributed to certain parties via CDs, these persons will then install the application directly from the CD without having to copy the files from the CD to their hard disk. But I am afraid that somebody might get hold of the CD and install the application without my permission onto several systems

Therefore is there a way by which I can detect how many times the application has been installed from the CD and prevent multiple installations? Can I write some script onto the CD, or develop a C++ program which makes the CD useless after a single installation of my application?

I hear that a software called InstallShield (www.installshield.com)software achieves my objective of preventing multiple installations from a CD but this it can do so only for Windows (thats what I have heard so far). I have not been able to find out a Linux version of installshield. Is there any other software that performs the same work as installshield for Linux?

I have posted this question in the RedHat Linux, InstallShield and GNU G++ Forums, with no satisfactory response so far. Where else can I post my question to get a better awnser?

Sorry for the long-winded story here.

Thanx in advance

SNODX
0 Kudos
Reply
2 REPLIES 2
Kodjo Agbenu
Honored Contributor

‎02-08-2002 02:48 PM

‎02-08-2002 02:48 PM

Solution

Re: Linux question-Developing mechanism for once install and throw-away CD

Hello,

I'm afraid, but in my opinion, there is no way to prevent multiple software installations !

Remember that CD-Rom is a read-only media. As a consequence, once the media issued, you cannot have further control on its contents.
Therefore, any 14-year script-kiddie would find and break the protection (I take 14-year-old hackers as an example, because they have a lot of time and not enough money to buy "official" software licences).

In my opinion, there is only one method to achieve software protection : let anyone install the software as many times as (s)he want, but make the software expire after few days of usage, unless a cryptographic code have been entered.

The advantage of a cryptographic license is that you need a lot of knowledge and compute power to decrypt the license (people who do that are called "cryptanalysts", and they are very very old (25-35 years). And generally, they are paid enough to spend money buying a software, rather than staying several nights in front of their computer with pizza and beer, trying to disassemble the binaries or decrypt the license.

HP software are delivered in 2 ways :

-> Codeword.
Some parts of the CD are made "software" unreadable, using cryptographic keys.
Therefore, the software installer (swinstall) needs the right key (codeword) to be able to "understand" (decrypt) that parts of the CD.

The disadvantage of this method is that you cannot prevent a customer having a valid codeword from installing the software on many many machines if he wants.

This kind of software delivery should be reserved on "right-to-use" (or "site") licenses, not "per-machine" ones.

-> License server.
The CD itself is not protected, but you need a license server to be able to use the software. Generally, this license server is a daemon that serves several machines over TCP/IP.
Passed the few weeks of software evaluation, you need to un-install the software and re-install it again, with the risk of losing data.
Moreover, some software store licensing information in hidden files in several parts of your filesystem. Therfore, even if you remove the software, the next time you try to install it again it would complain about a license, without giving you a second chance of evaluation.


I hope this helps.

Good luck.

Kodjo
Learn and explain...
Reply
SNODX XDONS
New Member

‎02-11-2002 09:42 PM

‎02-11-2002 09:42 PM

Re: Linux question-Developing mechanism for once install and throw-away CD

Kodjo,
Sorry for the delay in the awnser. For a long time I could'nt login and after several requests to the ITRC forum administrator I got the correct password. I had totally forgotten that the passwords here require at least one digit!

Coming to the point, your statement interested me. Maybe this is the awnser to the problem. If you could point out any URL where such CD (Compact-Disc) cryptography is explained then I would be extremely grateful.

By the way I have seen some CDs where even valid customers cannot re-install the product on many many systems. If the product is say a 10 user pack or something then after installations on 10 systems the installation fails on the 11th system. Windows NT Client 4.0 is a good example.

Lets say Microsoft gets its money out of selling Windows NT (unlike Linux which is freely available). Now how does Microsoft check that a customer who has purchased a 100 user Windows NT Client pack and say a 10 user Windows NT Server pack is not installing the Client on 200 systems and the server on 20 systems? They must be having a mechanism built-into the CD itself which fails the client installation from the 101st system onwards and the server installation from the 11th system onwards.

I am studying installshield (www.installshield.com) very closely and am trying to find out if they have indeed such a CD protection mechanism available. All I want is a Linux version of the same.

Sorry for the long-winded story here. Will get back to you if something positive turns up.
SNODX
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.