I'm thinking of using a two exe system for registration. The trial exe has all the full version stuff left out. The full version is in the game dir but is encrypted with a block cipher. When a user registers they are sent the username to use, and the product key. The product key is the username plus the block cipher key encrypted with a RSA private key. My shareware exe would have the public key to decrypt the product key, and get the user name and block cipher key.

This method is still crackable but provides two appealing things. First, no keygen can be made for the app. Secondly, for the app to obtain a valid unlock key it also has to obtain a valid username. That means any serial on the net must have been legit at one time and could be traced back to a purchase/person.

The obvious attacks would be to either copy the full exe decrypt key out of memory and make a standalone decryptor, or to distribute the unencrypted full version exe.

There are other drawbacks too though. The reg information sent to the user would probably be too long to type in and would have to be copy and pasted or read by the shareware exe.

Does anyone have any better suggestions?

Slightly askewed response here, but all of thise recent copy protection talk reminded me of a retro gamedev link. This might bring back some (bad?) memories for those of us who were in school at the time this came out in 1992/93:

http://static.hugi.is/video/fyndin/dctf-1.wmv

- Air

Whoa - serious retro flashback!!!! Must keep brain from melting!!!

Thanks. I think.

OMG!!! How much do you think that dancing bafoon would pay these days to keep this little gem locked away from public view? :)

There was a thread on this topic just a few days go http://www.dexterity.com/forums/showthread.php?s=&threadid=830

Just re-read your post. You're talking about putting both EXEs in the same download? Didn't realize that.. Well that thread is related anyhow :)

I have been toying with the idea of having the server generate a individual installation package for each customer. I currently use Armadillo for protection and the customized exe would include the name and address of the person who ordered the game, along with specific login information to the site. The primary reason why I am planning this is software updating, not copy protection. It would be much easier for the user to use auto-updating if all the login information would be included in the exe itself, the user could just install the initial exe and after that just click on an update button to get the newest version. A side benefit would be a good copy protection scheme and the ability to close accounts that have been forged. It would essentially require a Windows server to be able to produce the installers but you could easily set this up at one of the dedicated providers.

Good lord... the most disturbing thing about that video is that it's copyright date is 1992! What the hell?!? It's only 11 years old... how did that thing get made? Someone was seriously not right in the head.