1

Do any special techniques become available to me when writing the malicious version of a program, when I myself am also the person programming the legitimate program? (Any measure I could take with the legitimate version that could increase the damage potential of the malicious version, I am willing to take)

I'm a software developer, who has run into financial trouble due to piracy. My current project will likely see the same situation, and I want to be more proactive about protecting it (and exact a sort of petty revenge), by uploading malicious versions of my own program to torrenting services.

The program itself is an executable, targeting windows. My goal is to cause the most significant damage possible to the largest number of people torrenting the malicious program, though with an executable this should be the easy part. (the hard part is gaining torrenter trust and avoiding detection for long enough to maximize damage potential)

Anonymous
  • 27
  • 1
  • 3
    There are likely serious legal ramifications to your actions. – Neil Smithline Oct 12 '15 at 18:31
  • 6
    Seems like you are taking the wrong approach. Try to figure out a better way of protect your system from piracy instead of opening yourself up for lawsuits. You can also try to make part of your program internet based, which would require proper registration/authentication on servers that you own, which should help avoid piracy. – VenomFangs Oct 12 '15 at 18:38
  • 1
    This is a seriously bad idea. By uploading it yourself, then you are the one distributing it. You cross a distinct line in legalities (and ethics). – schroeder Oct 12 '15 at 23:30
  • You could take the [Sony approach](http://security.stackexchange.com/questions/76043/torrent-bad-seed-attack-by-sony-how-does-it-work/76062#76062) – RoraΖ Oct 14 '15 at 12:59

1 Answers1

2

This is not the right approach to this problem. It will bring legal ramifications against yourself and cause a wide array of issues you want to avoid. Instead you should implement the best practices to keeping yourself and your program safe.

Really you should make people want to buy your software or implement copy protection that won't put people off from buying it. There's some logic behind your approach, but it's still blackhat logic and should be avoided at all costs.

Really what you should try to do is offer value, incentive, and protection. Upload your evaluation copy to the torrent sites and let people use it for a reduced set of features, and make those pay for me features really useful(remove the single ad, add extra common output formats, helpful features, etc.). This way enough people will find it, try it, and if it's a good value buy it.

Now this may sound like poppycock, but it leads to one very large advantage: It will make it much harder for people who have decided to crack it to try and upload it because you'll have put your version up first, in a way that makes people find your legit version instead of their cracked version. Now when they go to try and steal it, instead they'll just sample it. Do this enough, and keep a vigilant watch out and torrents shouldn't exist for your product that you yourself don't use to put them out there. In fact offer it as an official source for your free or evaluation copy.

At least this way you won't go to jail/prison/federal/worse and you won't get sued if a legit user somehow gets one of those version accidentally.

Other best practices for this include setting up a registration server and code so that it logs something identifiable that isn't personal based on the system(like UUID) so that you can keep track of those computers, and if you suspect someone is using it illegally, you have some sort of evidence(uploading your own cracked, reporting, non damaging copy to the internet as a honeypot). This way registered users get logged as legit, and unregistered users get logged as non legit.

A great place to put that code is the pro features that would get cracked open. If the key doesn't exist in memory because it's been bypassed and thus not stored, REPORT! This way you can get your protection, and not end up somewhere bad.

Community
  • 1
Robert Mennell
  • 6,968
  • 1
  • 13
  • 38