[FYI] Successfully protected a standalone Max app on PC
My client and I appear to have successfully protected a standalone Max application I built, using PC software from Oreans:
The key here is the "XBundler" plug-in, which allows you to "wrap" additional files into the application bundle: media, text, whatever you want. In this case, the all-important factor was the .mxf file, which is vulnerable to reverse-engineering. There is an option to bundle the file into the finished application, have it encrypted, and never be written to disk during runtime. Once the app was protected, we threw away the .mxf and everything worked just fine…the software makes a .bak file that has the .mxf encrypted inside. You then run the .exe (Max standalone app) as usual and it knows how to open it.
This was NOT straightforward, as many protection software apps don’t allow this kind of bundling, they generally only protect .exe, .dll, etc., and not text files. Also it took awhile to get the settings just right, but there are a ton of options, so we needed to read the documentation carefully.
The Max standalone runs in Trial Mode until a hardware-dependent License key has been entered. This can be done with a generated .dat file or a Windows Registry Key entry.
The cost was about 450 Euros for the Single Developer License. You can allow software updates for your application as needed.
I don’t know about similar software solutions for Mac, so if anyone has tips on this, I’d be very interested to hear about them.
Hope this is helpful to some!
Thanks Seejay – had you also looked at Molebox?
I’ve not tried it personally, but someone told me that it works with Max applications. It seems a bit cheaper too, at 300 Euros for a license that allows up to 5 activations…
Also don’t know of any Mac solutions.
Thanks for the info—Molebox looks like a very good alternative. All about the encryption capabilities. I think the advantage to Oreans is that you can protect as many apps as you want (I’m not totally sure about this), though you need to stay "subscribed" to keep your copy active. It’s not bad rate-wise though. Definitely if you had just a few apps to work with, Molebox would be great, and the process looks like it might be easier.
@stavros: Didn’t need to do any extra programming, though they have a full SDK if you need it. This could be helpful with automating certain parts of a serial generation/licensing process. Though I’m not sure where/when/how to implement their SDK functions, they’re designed to be used within your application that’s already written in a language which supports calling those functions, so… where would they go in a Max standalone? Maybe a good question for the Dev list, but I don’t know… anyway, they seem to be a good option. Like I said, the interface all works, but there’s a LOT there and it will take some hours of reading docs and doing test runs. At least it did for me…it was quite the learning experience.
Late reply, sorry about that, but thanks seejayjames for the info and the suggestions.
I did try the Molebox product but I don’t think it can be any useful to MaxMSP standalone applications. It creates a packed – sort of an encrypted version – .exe that it is based on a pre-existing .exe file. This is a problem because if you want to encrypt your .mxf files you don’t have the option to do it. I have emailed the company to clarify if you can also use it to encrypt other files than .exe as well.
We (http://www.lividinstruments.com) have a fairly useful system for protecting standalones using a web registration if anyone is interested. It is all max based and cross platform, and uses an online form to provide keys. It is not perfect and not bullet proof, but if you are interested, I could likely help out.
please tell us more about it.
Is it for Mac too?
+1 for me, especially cross-platform… this has been pretty troublesome and expensive to get going. Very interested in your system. Feel free to email offlist or to post here if you think that’s OK too.
I vote for contacting peter offlist, and probably will be doing soon :)
Please keep posting on this line. I have an interest too.
I try to find some way to protect the patch in osx.
In windows is very simple just bundle all in oen single exe file and dne, you have protection for prevent anybody edit the patch.
But in OSX?
I not find anyway yet, im searching for 3 months and cant find.
pnyboer your system can prevent edition of the patch?
Basically is needed some way to protect copy and edit of any osx stand alone created with max.
Is amazing nobody from Cycling 74, dont take acre about this.
Sorry I haven’t followed this post. I need to add it to my favorites! Anyway, contact me off list at pete at lividinstruments and I can give more detail.
I try contact by lividinstruments.com, nobody reply.
Contact to where please? some specific mail please?
"In windows is very simple just bundle all in oen single exe file and dne, you have protection for prevent anybody edit the patch."
How do you do this? What program will bundle it into a single .exe file for you? And is it free?
If you build a standalone Max app on Windows you can still crack the .mxf.
I tried to protect our app with Themida and XBundler just as you posted. After one day of trying, it does not work. I can start the Max Runtime but the mxf file (which I deleted after protecting the app with Themida/XBundler) can not be opened via open file dialog.
Here is my Themida log file. Can you give me a hint, which settings to choose?
Themida - Advanced Windows Software Protection System [Version 220.127.116.11] Protection Options for MAXapp.exe --------------------------------- Macros Information ------------------ VM Macros: 0 CodeReplace Macros: 0 ENCRYPT Macros: 0 CLEAR Macros: 0 MUTATE Macros: 0 STR_ENCRYPT Macros: 0 CHECK_PROTECTION Macros: 0 CHECK_CODE_INTEGRITY Macros: 0 CHECK_VIRTUAL_PC Macros: 0 Protection Options ------------------ Anti-Debugger: Advanced Anti-Dumpers: ENABLED Entry Point Ofuscation: ENABLED Resource Encryption: ENABLED VMWare compatible: ENABLED API-Wrapping Level: Level 1 Anti-Patching: None Metamorph Security: ENABLED Memory Guard: ENABLED When Debugger Found: Display Message Application compression: ENABLED Resources compression: ENABLED SecureEngine compression: ENABLED Anti-File Monitor: ENABLED Anti-Registry Monitor: ENABLED Delphi/BCB form protection: ENABLED Virtual Machine Settings ------------------------ Number of Virtual APIs wrapped: 0 API Virtualization Level: 3 Entry Point Virtualization: 0 instructions Multi Branch Technology: DISABLED Virtual Machine Processor: Mutable CISC processor Number of CPUs: 1 Opcode Type: Metamorphic - Level 2 Dynamic Opcode: DISABLED Advanced Protection Options --------------------------- Encrypt Application: ENABLED DLL plugin: DISABLED Hide from PE scanners: Standard .NET assemblies: ENABLED Active Context: ENABLED Add Manifest: Don't add manifest XBundler files -------------- MAXapp.mxf
Too expensive …
No I recommend:
Charge for a demo …
and are only traders whose sole purpose is to get your money.
I repeat "only" …
Spam in this forum…
Would the Excel Software option work though or is it just "spam" and / or a ripoff? Has anyone used it? I’m looking for something that can deliver what it promises…
we bought licenses from Excel Software. We tried out a lot of other software and tools which did not really fit our needs, did not work out of the box or we did not get a good support.
Here are our surrounding conditions and what we expect from the protection software.
1) Our Algorithms are heavily based on our own C-based mxe file externals.
2) We build a prototype of our algorithm with Max. We use the Max patchers to create a signal flow between those externals.
3) We want to deliver our exported standalone app to customers. The customers shall not – under no circumstances – see our algorithm. The Problem: the app how it’s exported by Max can be hacked very easily in order to recreate the original patchers. We do not consider the mxe files as a security issue. We can easily change the symbols in this dynamic library to something, which does not make sense to a hacker.
4) We use the software from excel software in order to bundle all files into one app, which cannot be hacked straightforward anymore. The licensing possibility is not so important for us during prototyping. Our main goal is to protect our algorithm.
I expected that max protected a standalone patch from abuse. I am shocked it’s so easy to access a patch.
Even if one freely distributes a patch, to be passed around, for none profit; there are many reasons why it should have some type of encryption: as a preventative measure to discourage hackers altering and re uploading it as v 1.1 for example. Or just knowing the inner workings easily.
What I need with max is a secure and efficient translation from the max edit/presentation window to:
1.vst’s (pluggo was awesome)
2.apple and android apps
3.to be able insert max patches into websites.
Thanks for taking this all on board. lol :)
It is nonesense to pay for app protection more
than what app itself sells for.
I have been protecting windows standalones since max 4.
There were several options with PEBunle etc etc
Now there is freeware packer which works as it should.
Freeware version is all that is needed.
On OSX side, I have been programming Installer,
which creates unvisible directory and expands standalone
there, waits for app to quit and removes it.
Installer runs as faceless app.
In both cases, one has to organise file structure for any
storage, presets etc. outside of standalone.
Thanks SourceAudio , that’s Great news. I shall check the link : )
Hi SourceAudio. I’ve, been trying out the enigma virtual box.
I’ve followed a few tutorials and can create a boxed version of a standalone .exe as the input file with its support folder, max collective and .dll files inside %default folder%.
But when I open the boxed version, it is simply an empty max runtime window. The project information seems not to be present or open.
Did you find this an issue when you first started?
thanks for any further infos. : )
The same. Some guidance would be greatly appreciated. Thanks.
I tried molebox and within literally 1 min built a packed version of a max standalone with dlls and support folder. fully working, it seems.
So I am unsure why enigma virtual box is not working.
At least molebox shows it is very easy to do…like making a zip file.
a single licence is $150 for molebox. ( i think that means for one PC) needs further reading.
I am sure many people are interested on finding a mac solution also.
Sorry that it took so long to reply, I am on the road
and don’t have much time to come by here.
I will post exact infos on how to include files in Enigma
as soon as I get back in about 10 days.
Just to be sure – mxf file must be included, and
the protected Standalone shoud keep it’s original name,
otherwise mxf file will not be found.
Another important thing is to activate "Search for missing files"
in standalone object.
I’ve been trying out ‘cameyo’ it takes a snapshot of the OS, then the user alters the OS , to include a max standalone , install Quicktime or other programs plugins ! Then Cameyo takes another snapshot …and builds a runtime based on those changes.
So a standalone runtime can include other program installations and plugins.
wrapped up into one runtime that opens in a simple double click.
pretty cool. …but again at high cost.
Forums > MaxMSP