We found a cracked version of our software on the web, now what?

Congratulations! Having cracked versions out there indicates that your software is both useful and notable, which is a point where many developers would love to arrive at, maybe, one day.

As to what to do about it, there are two basic tracks, neither of which is incompatible with the other:

1. The legal route: notifying distribution sites that they're hosting content in violation of copyright law, requesting takedown, and if required, demanding such (with a DMCA notice or similar). If a distributor is unresponsive to both, DMCA Google, Bing, etc. to at least suppress the cracks in most search results;

2. Having some fun with it: make sure that a special page on your own site becomes the #1 search engine result for " crack" and similar. On this page, put a human face on your pricing, explain the available discounts, and finally offer to supply a free registration key to anyone that truly wants it, so they don't have to download all kinds of shady binaries. Of course, any such free keys don't come with support and display a prominent PIRATED VERSION notice in all window captions, printed outputs, et cetera, but you disclose all of that upfront and explain how that's a small price to pay...

But above all, make sure not to confuse a "pirated copy" with a "lost sale". In 99% of cases, the Venn diagram of those has very little overlapping area.

One trick I’ve learned from the mobile game world is to make sure your localization files are separate resources — don’t compile them in. They way, when your game is first cracked, you’ll get a pretty decent Russian translation immediately that you can, with no moral concerns, “steal” back for your next update — and within only a few weeks you’ll have a pretty rich set of languages floating around for your distribution. I do recommend testing with CJK text first to set up your free labor for success.

Here's the standard playbook for dealing with this:

- Let hobbyists and tiny companies pirate your software. You don't have to encourage it, but you can still turn a blind eye. They weren't going to pay you anyways, and this is a good way to get people familiar with your products.

- Ruthlessly go after mid-large sized companies if you find their employees pirating your software. They have money to pay, and will be happy to do so (at least in the face of legal threats).

The interesting part is that the first demographic (students, hobbyists, tiny companies) directly feeds into the second when they start working corporate jobs. So in that sense piracy is sometimes a key part of the sales funnel. This is exactly how companies like Microsoft and Adobe have been able to maintain complete hold on the market.

I’d suggest taking a page from Adobe and Microsoft.

They fight pirating, and that prevents it from becoming absolutely endemic, but they don’t really lose massive amounts of sleep over the cracks, because every cracked copy is training people to use their software.

Sort of “The Old Dope Peddler” model.

It’s not really correct to assume every cracked copy is a lost sale.

Instead, think of it as indoctrination of possible future sales.

These aren’t your customers.

The user who is willing to stomach the time and risks associated with cracked software is NOT your target market anyway.

This is essentially a free trial program for “aspirational users” who will circulate it for you.

I’ve had my software (games) pirated, and been a pirate in my youth. Now I wouldn’t consider pirating because I have more money than time now. I suspect your actual addressable market is in the same boat.

The worst thing you can do is add draconian copy protection that adds friction to your product for actual paying users.

Consider this: if the license costs 1,000, most people who are pirating it can’t afford it. Those pirates are learning how to use your software, and when they get a job at a relevant firm, what software are they going to want their new bosses to buy? I think Photoshop grew quite a bit due to something like this (before they went with the subscription nonsense)

I've recently reverse engineered a bunch of commercial software we pay for. They encrypt values in text configuration files and leave no way for us to template the configuration files with configuration management (Chef, Ansible, etc). Most of the time I'm working with Java. I've noticed several common patterns:

1) Typically obfuscation is not used, but even when it is used, it's easy to find what you're looking for. They're going to be using JCE or BouncyCastle for encryption. Look for the relevant classes.

2) The key is nearly always hard coded as a string constant that is not unique to the installation or customer. Super easy, and often discoverable with just the 'strings' command line utility. I would find your concats of chars and other silly schemes if you did that, but it would slow me down a bit.

3) IV is never used correctly with AES. It's always a static value, usually 0.

4) License keys are usually encrypted with the same scheme, but their format of entitlements takes some extra effort to discover. I occasionally must reverse engineer this as well to understand the limitations. For example, stupid licenses lock to IP address or a BIOS uuid, complicating a disaster recovery plan.

My favorite encounter was a class file, in the spirit of OOP, dedicated to licenses (ie License.class). It was not obfuscated in any way and had both the load() and save() methods included. All one must do is write your own Java class (or use Groovy interpreter), include the vendor jar in your classpath, set your license entitles and call save().

A real WTF is that SAP will encrypt the contents of _your_ database with simple substitution ciphers. If you want to query it for insight, you're going to need their simple character shifting/replacing scheme.

From a technical perspective, here's a strategy I used in the past: In addition to having a simple activation check in the code, I actually created/identified some constants that are critical to the internal functioning of the code, and hashed with a reversible hash function.

Then, when the user gets activated, I used that as one of two pieces to recover the hash function to decode those secrets.

Still circumventable, but requires more complexity than simply skipping the activation check, because simply omitting some code doesn't cause it to work.

Nothing. Almost all of the research points to piracy having zero impact on sales for example, https://corsearch.com/content-library/blog/does-piracy-impac...

It's been shown time and again in gaming no matter what you do people will crack it and your measures to stop them will have more negative impact on your paying customers than it does on pirates, see Denuvo.

Honestly, the best thing is probably working on your conversion funnel to understand why you aren't converting people from pirates to purchasers.

If someone is sufficiently motivated, they'll always find ways to crack the software. If you don't have a large "personal" user base (as opposed to firms) - consider introducing a cut-price personal edition to lessen said motivation. Firms using it for "real work" - which I would hazard a guess at your price point form the bulk of revenue - are unlikely in any case to use a cracked or personal edition. Firms in less well-off regions may choose to buy the personal edition and accept the legal risk, but avoid the larger security risk of a cracked version - so you still get some revenue.

Put some simple tracking in your software. Ping once a day when its running.

If individuals run it, eh who cares. There's a not insignificant amount of people who want to see if the real version would actually work. And see if it'll run on WINE or whatever. Pissing off individuals is how you get to be known as bad.

And then there's companies who run it pirated. Those are juicy targets. You dont even need to be mean. "We saw that your company appreciates the trial of our software on X machines for Y days, and would like to engage in licensing for your department/company."

Double down efforts to survey users and potential users. Keep making the product better. Consider the pirate option as a competitor. Don’t demonize your user base, but don’t be afraid to go after any institution you know is using pirated version.

Build multiple telemetry code paths in your code — if you can just get IP addresses of offenders you’ll have way more info than now.

OP here. I want to thank everyone for their comments, contributions and suggestions! The HN community definitely came through on this.

Some general answers:

- An important point that I missed: we offer trial licenses.

- If necessary, we work with the customer to establish payment plans. Apparently it even happened today!

- The crack is being hosted on a site dedicated to cracked software, so I'm not sure if DMCA applies. (I'll have to read up on it.)

I'll take note of those who offered some help in case we'd like to work with you.

(Edit: Fixed comment layout for legibility.)

Whatever you decide to do, don't add hurdles that in any way inconvenience legitimate users or take away their functionality (e.g. offline usage). Those measures will be cracked sooner or later and it's only going breed resentment among your legitimate users.

Advice from good old shareware days (I never did any of this in my own shareware but have seen it many times):

Defeat the crack when you put out new versions, create more complex protection and obfuscation, but make the more complex check only after a few weeks of running the software. Most crackers develop a crack and when it works release the program, so any kind of delays and double and triple license checks defeat them for a while. Make sure to never tell the user "this software is cracked." Instead, make it fail with obscure errors or work only partially. Be surprised by the support requests you get from users of the cracked version. Put out your own fake cracks with complicated installation instructions that sort of work, but not fully, etc.

Repeat indefinitely, with many releases. Do not ever use any intrusive DRM or hacks like installation of licenses in "secret" places, system modifications, etc., and make 100% sure your legit users have a perfect experience all the time.

Basically, it's a cat-and-mouse game whose goal is to frustrate the users of the crack. At the same time, consider giving legit users better deals and more flexible pricing options. Maybe you can even give away older versions of the software for free or cheap.

Finally, please remain polite even to users of the cracked version (they'll be on forums asking for help). Most of them simply do not have the money to buy a license, but might become legit customers later in their life when they earn more money. Some of them also aren't serious users, i.e., no future customers anyway.

With newaudiotechnology.com we eventually switched to using USB sticks as dongles.

The reason is that we noticed some paying users were cracking it, too, because our licensing system didn't allow dual boot or having a workstation and a laptop.

But our licenses were supposed to be per user and people wanted to carry our software around with them. If setup correctly, the same USB stick is now used both as licensing dongle and it also contains installers for Windows and Mac.

Now nothing.

Piracy is the natural order of things, and likely isn't hurting sales at all as counter-intuitive as that seems.

You could perhaps offer cheaper versions in lower income countries, but if you try to 'beat' piracy too much, you're just going to lower the overall user experience of your software.

The only thing I can say is this is an old situation that goes right back to the copyright protection wars to protect the software sold on floppies.

Present time the solution for many is the phone home route with the idea that their client's system is online always. The other goto was to contract a service that specialises in tracking down any unauthorised versions and contacting site admins - but IMO the web is so diverse these days it's simply not worth the money.

I would say if software is intriguing and works well, more often there will be a 'cracked' version on the web somewhere. I know many people see the pirating as lost profit, but more often there's a stark reality, they were never going to afford it in the first place - in which case it's not money lost but software getting exposure which might lead to more sales by those who've seen it in action. I've also seen absolute rubbish that had more money and time spent on protecting the ever so precious contents, that's been cracked only to allow curious users to see what a lemon it was.

Software getting cracked is just about as inevitable as death and taxes. There really isn't anything you can do about it.

Additionally, as another commenter mentioned, piracy is not theft. Someone who pirates your software will almost certainly never pay for it; it's not a lost revenue opportunity. Consider it free promotion and popularization of your product: any publicity is good publicity.

You can beef up the protection or you can ignore the issue.

Without knowing specifics of your software (language, platform, etc.) it's hard to advice on the protection scheme, but a simple option for compiled Windows binaries would be something like VMProtect (which is what Denuvo protection is based on). This will dramatically increase the amount of effort needed for a crack. On the flip side it may also increase the amount of false positives from anti-viruses and security software, but an EV sig on the binaries and a smaller installation base should easily offset that.

Also, it's worth keeping in mind that there are two classes of cracks. One is done for (basically) the street cred and another is the paid-for cracks. The vast majority of cracks are of the first kind, done by people on the warez scene. They tend to go after easy targets and will give up when there's more to the crack than nop'ing a couple of IFs or patching a couple of functions via a proxy DLL. So even a little friction here will go a very long way.

Something as simple as periodically re-verifying your license at random intervals using independent copies of your license validation code would be a good start. Ditto for checking the signature on your binaries. Never displaying the result of failed validation immediately, but always delaying it a bit. We are aiming at irritating, frustrating and wasting their time.

Despite of some people say, you can cripple your software if you detect it's running an "altered" version. The counter-argument goes that this will cause users of cracked versions assume that your software is of a poor quality, this information will spread and taint your reputation. This is 100% b/s. In reality every single user of cracked software is perfectly aware of incomplete cracks, so when a cracked version malfunctions, they know why.

If your program phones back home, e.g. to check for updates, make it report the hash of its binary and a license, and then allow crippling the install remotely. Among other wonderful uses, this allows messing with someone who is in the process of cracking your software, in real-time. Really dirty, but super effective.

Or you can do nothing, lay back and relax. But where's fun in that?

Way back in the day I was involved in cracking software that I needed to use and would share the keygens etc with other groups. Like many posts here say, I couldnt afford licenses.

It's an arms race and the best thing you can do is redesign your activation process. There are certain ways to do this that make it increasingly difficult to get around it.

It's like computer security in a way... You cant ultimately solve the problem but you can make it so difficult to do that the time investment required is probably not worthwhile for an attacker.

This almost sounds like one of the companies I used to work for. I also would occassionally find our software, cracked, online. We would download the cracked version into a container and debug it. Reverse engineer the crack that reverse engineered our protection.

We never took it too serious. You don't have to lose sleep over it but you also shouldn't completely ignore it. Just refactoring the copy protection ever few release cycles. Most of the cracks were using Windows APIs to access entrypoints to flip variables. Simply renaming, moving them, or adding removing properties was enough to throw them off for a while.

We figured out some of our customers were using cracked editions without paying for more seats. The support calls were interesting because we told them the bug was fixed but they were super reluctant to update. We'd pass the message off to the accounts managers and let them wrangle with it. This was more prevalent in developing countries where pirating for business use wasn't considered a big deal.

I tried to bring up a low cost edition at our company meeting but it was shot down. The numbers wouldn't work. Business users get training provided; casual users would swamp our helpdesk in lieu of actual training.

The plan should always be to get those pirated users into actual users, unless the country they're in is embargoed, funny story. From reading the piracy forum thread I found many were using our software for job training in hopes of gaining foothold in the field. Similar to how Photoshop was everywhere in the early web design days.

If you had a non-commercial license that was free, how many users do you think would go from paying customers to falsely using that version? Do you think it could help on-board people as it lowers barriers to getting started? WinRAR feels like a good example to keep in mind.

This isn't a strong ethical argument from me, but a practical one - if it wouldn't lose money and may help get more in then either ignoring the piracy or making it irrelevant would be a very simple solution.

Ignore it - you aren't "losing" money unless those customers would have paid you otherwise. Keep focusing on the features and service for those who do pay you.

Play your music on the radio so people tape it. You might even want to pay the radio to play it, so they hear it to tape it.

The more they tape it, pass it around, and talk about it, the more you'll sell.

It your case, you might put a better cracked version on pirate sites with subtle messaging you want shared. Because some of them will tell people that work places that will pay, and some of them will take jobs at places that will pay.

Cheapest mass marketing you'll ever get.

You might consider offering more free or cheap versions, like a student edition (cheap with no proof required) and a free trial. Wolfram, for instance, does both. Not many real companies will cheat, and it's better to have users who can't pay using an official version than a cracked one. Perhaps they start using it in an un-funded skunkworks project, then buy a full license when the project gets funded.

I wish you had included a brief description of what it does. Commercial piracy is generally bad; if someone is collecting money to basically operate your software without kicking anything back to you they're certainly ripping you off, and maybe their customers too. OTOH if you have a free academic license the piracy may be by people who are simply curious but lacking in academic credentials.

I sometimes reverse engineer things for fun or curiosity, though I don't generally use or redistribute it. TBH I don't understand the psychology of licensing/pricing. Some commercial software is excellent and seems worth every penny the vendors ask for (and I am happy to pay for such software). I've seen a few products that cost thousands to license and are just dreadful. I have the impression that such products are sometimes not intended to be marketed as such, but their usage is licensed as part of a consulting deal, effectively borrowing the academic reputation of the person behind it.

I've worked for a small company that also had one of its products widely pirated.

You indeed get some users from piracy. Some of our legitimate users asked for a Russian localization because they've seen images of our GUI in Russian online and bought it for that. In my estimation, the number of clients you get from piracy about equals the number of clients you lose to it. Many people online say that those who pirate would never be your users anyway, but some users with an inelastic need for your software will prefer piracy if it is easy.

Moving your features to your servers will significantly reduce piracy. Sometimes that is not feasible. In that case, you can issue cryptographic tokens from your server to perform operations on client machines. With enough effort, that can be worked around, but you can make it difficult enough so that the inelastic users will buy the software.

It depends on what kind of software you make, but you could also license it cheaply in some regions with a special licensing agreement. In exchange, you could ask your clients to advertise you in their products (logo in movie credits, splash screen in a video game), or you could add royalty payment terms.

You could also think about flipping your business model upside down and, rather than focusing on great customer experience, focusing on getting as many software units out there at a lower price. A price that may be more affordable for the lower income countries. Do you know your marginal revenues and marginal costs? What happens if you drop your marginal costs by 80% by moving your training online, slowing down customer support, and drop your price by 50%? What would be the % growth of units bought? Maybe, in the end, that could be a profitable transition and would eliminate piracy.

But overall... I don't know how many pirates you'll be able to convert. In my professional experience, sometimes you can get a bigger ROI on effort spent in other areas than fighting piracy. There is no silver bullet for piracy; otherwise, it would not exist.

When I made my own Palm OS software, I put a funny hidden message in the binary for crackers to find. They noted it, amused, in the crack DB and I like to think it endeared some to support an indie dev directly. I didn’t bother trying to make it hard to crack (waste of my time and another’s time) and left some note about how to do it in the message. I was 15 or 16 and enjoyed the indirect interaction with that community.

After I shut down and stopped distribution, some other Chinese crackers kept the app alive and going via both cracking AND forcing in Chinese translations for the whole app. I loved to see that forum thread continue for years after I had moved on.

I was wondering about a few options.

1) Publish your own cracked version that has a survey that allows you to determine who is using the cracked version. Use the survey to figure out if it make sense to create a special version (lower price and few features) or special pricing for those users (see #3 below).

2) Move some key logic to a server so a cracked version would need to use your server for some part of an important feature.

3) Consider a subscription funded version of your product. If a user only needs your tool for one week and will not use it again for months, then it would allow them to pay a fraction of the purchase price.

I wish I could find this post again, but one company had a clever approach to the problem. If you can figure out which countries the cracked software is originating from, you can serve up a version of your page where you offer up a free, unlocked version of your app.

You're still losing out on sales, but cracked software often originates in those same low-income countries. They get to have their free copies, and it's a likely bet that your customers in wealthier parts of the world will just buy the license instead of attempting to crack it themselves.

Take basic measures such as requesting removal of search results for the cracked versions, but don't put a lot of energy into anything else.

It is a waste of your time and you will be in a forever game of cat and mouse.

Subscription based licensing can be really useful for getting legitimate users who can't fork over a thousand dollars at once. IMO Adobe creative cloud is a great example of this working out well.

I'll throw my hat in the "mostly just ignore it" camp. I work for a small software company and we have basic license key protection stuff, but our philosophy is "someone who is pirating the software probably isn't someone we want to bother with as a customer anyway."

Only a small percentage of people who pirate it are likely to be paying customers if they couldn't pirate it. So the real revenue loss is likely minimal. (Without know more about what the software does it's hard to make generalizations about the target market, though.) And you never know when someone who was able to use/learn the software by pirating it will be in a position to turn around and recommend to their employers or friends your product and those entities will actually buy it.

If there's a specific site or forum online where the crack is being distributed, you can always at least just send a DMCA takedown notice, but overall it's probably not worth spending much time or money worrying about it unless you have real data showing significant missed revenue opportunities (which is at most a tiny fraction of the number of people who pirate the software).

If you can update future versions of the software to not be cracked by the existing mechanism, BUT NOT AT THE EXPENSE OF CAUSING HASSLE FOR REAL CUSTOMERS WHO ARE UPGRADING, you could do that too.

I have a similar problem and I don’t know how to deal with it either. Sometimes it’s hard enough to get actual customers to pay, if they felt that there was a viable free alternative many would take that option. I’ve had to shift focus from small companies to exclusively large companies which have very different needs. I now treat my offering to smaller companies as a loss leader. I no longer invest in new functionality for small companies and when the maintenance becomes too expensive we’ll abandon all work for small companies all together. Part of the shift up is moving from a desktop app to a browser app that few people would have access to the server software and given the complexity no big company is going to risk running pirate copies. Plus there is an immense legal risk to them if we find out. Having grown sufficiently large the loss of the smaller companies wouldn’t affect bottom line and would substantially reduce the number of companies interested in pirating. Some of our more advanced features we’ve kept secret and only available to big customers due to the risk of piracy with the small customers. It really does suck and I wish there was better protection available. It may get so bad we’ll have to do what ** ****** does and sue anyone who mentions them online.

I mostly agree with others saying don't care too much. If someone use cracked version of your software, it's unlikely that you can persuade them to purchase at least at the current pricing available to them. And in some situations, being pirated do help one earn popularity and even have vendor lock-in effect. There must be a reason that COMSOL comes with up to date FlexNet licensing 11.16 but only uses it's non ECC short SIGN with well documented method of cracking.

Technically, it's very hard to stop a determined cracker once they get your binary. VMProtect, Themida or other strong packers maybe to some extent can, but those do degrade user experience, so not really popular for professional software. Dongle based solutions by Gemalto or Wibu? They are expensive. One need to physically post the dongles. And they are still crackable unless one have been really carefully implementing the protection scheme (never seen one yet).

See how the cracker's tools (well, reverse engineering tools) are protecting themselves: IDA and JEB Pro are two prominent examples, they don't get pirated until someone leaked the installer. They watermark their distributions, and then they can trace who leaked the binary and act accordingly.

Well, a classic response is to add onerous counter measures that inevitably get removed from the cracked version, making it the unquestionably superior product.

1. The reason someone has taken dozens to hundreds of hours to develop the crack is because your software is prohibitively expensive.

2. Downloaders of cracks are not 1:1 with buyers. Overwhelmingly people buy legitimate software if their business actually relies on it. If Photoshop cracks didn't exist there would be far less professional users.

3. You cannot remove it from the net. Any legal attempts are a waste of money, you will only ever catch the lowest quality users, and trying to go after them in court will not only cost more, but will put your company on the permanent shit list - meaning more clout, more notoriety for cracking future versions.

4. Congrats, you've made a product people want. Focus on making it better, and buyers will come. If you focus on drm and fall into the trap of "theft prevention", you will ultimately end up locking your legitimate customers out before the crackers. Crackers don't play by your rules.

5. If you do actually see a tangible and significant hit in profits, then tie your software to online services. Can't crack what isn't executed locally. This will again reduce quality for legitimate customers.

Creating a 'honeypot' page is something quick and easy you can do to try to convert some would-be pirates: https://successfulsoftware.net/2017/03/10/honeypot-page/

Here is what you do:

When you are ready to release the next version of your software, you simultaneously release 50+ “cracked” versions of the software on as many pirate sites as you can find.

The trick is that the “cracked” versions of the software is actually just demo versions that will stop working after some time and prompt you to buy the real thing.

You also add comments to pirate sites on all really cracked versions of the software claiming that the cracked software erased your hard disk, that the software is trying to black mail you, that it was cracked by interpol to catch pirates etc. etc.

Of course using hundreds of different user names to hide the fact that it is really your company doing it.

And you of course reuse “real” pirate names and claim that those other users are fake and/or police traps.

And even better: use an AI to automate all of this. Make it really expensive and frustrating to try and get a cracked version of your code.

You are welcome.

Ignore all the “piracy is actually wonderful” posts. Depending on your industry and product, you can lose a great deal of revenue from piracy.

Circumventing licensing restrictions, “sharing” keys, customers pretending to be other customers to avoid paying support agreements, I’ve seen it all. Some people view avoiding paying you as a legitimate way to do business, and will happily do so if they can get away with it.

One mechanism to prevent this that actually works, is having a chunk of your functionality “cloud based”. Put new functionality server side and piracy loses its value. Make it so that the upgrade mechanism is through their account. Generally, stop thinking in terms of “registration” and start thinking in terms of “licence to access services”.

Most other mechanisms are legal rather than technical, but these are hardest to pursue in the countries where piracy revenue loss will be most prevalent.

Having cracked versions of your software out there is generally a sign of success.

None of the people using the cracked version would be potential current customers, but later on down the line they might become customers when they move to an environment where using a cracked version is not doable.

This might not be appropriate for your case, but piracy can be considered a form of differential pricing.

Student movie tickets are cheaper, even though the seat taken is the same. This is done so students will spend some money instead of none, without reducing the price that other segments will pay.

Although you get no revenue from piracy, you do get people trained on the software, integrated into their workflow and infrastructure, advertising and promotion - it helps your product become the standard. They may later become paying customers. It denies oxygen to competitors.

Apparently, adobe turns a blind eye to piracy of photoshop, for reasons like these.

But to repeat: this mightn't be appropriate for your case. Are there such network effects? Would you benefit from them, over time? Is there some trigger for actual purchase?

Find out the host, send them a DMCA takedown requests.

If it's on BitTorrent, you can get crazy about it and monitor people who share it and send them letters/notify their ISP, but I think that's a lost cause.

Similarly with other P2P networks, you often make direct connections with sharers, and you can use IP addresses to report them to ISPs.

That or you can do what studios/rights holders so with movies and poison the well with broken downloads, bogus files, etc.

You can obfuscate binaries, it's just a matter of how determined crackers are and how much effort they want to expend cracking them.

If you want to prevent this, tie your product into remote services that require authentication with your servers. New features are now implemented in the cloud, and the binaries you ship are just clients to those remote features.

You can't do anything that would 100% provide it but you might try to at least convert some to sales.

Code something that detects the tampering and either sends the info about it somewhere (that might not work if they just not allowed firewall out tho), then you might be able to send a letter to company (if that is company not just some random non-professional user). Probably illegal in EU tho.

Or just have it display delayed warning/info notice about software being illegal and where you can buy legal copy. Disabling software is probably pointless (if it stops it from working they will find way around), but just "using this is illegal and can get you in trouble, contact with us to buy a legal copy, we offer bulk discounts" migtht get you some

Gabe Newell, CEO of Steam, once said that "Piracy" is a Service Problem. If an Illicit Downloader has your Software for Free, then they must become interested in Paying to Install Updates, or to Pay for a License to Access a Web Resource.

This actually happened to me with NieR: Automata. I downloaded it for free, played for 60 Hours, then discovered that the CREDITS were a playable minigame which was not feasible to beat alone, requiring Network Connectivity to gain helping partners. These just being basic AI named after other players' save files.

So then 2 years later I BOUGHT Automata, played another 50 hours or so, and finally beat the Credits :) Then bought some DLC so my friend could experience it with Steam Share through my account...

> now what?

Now congratulate yourself that people are willing to jump through hoops to use your software, I guess?

One thing I haven't seen mentioned..

The reason that I pay for all software I can afford, and run the REALLY expensive stuff in an isolated VM, is ransomware. If I were to search for the latest version of a program on torrent sites and forums, and I found it and installed it, and then +1 day + the next time I opened it, it "updated" with ransomware that the cracker included... well, I'd be real unhappy and make sure to warn people with negative reviews on the crack sites. There are ransomware as a service providers now that pay a large percentage of any payments... It's everywhere!

Piracy is a slow cat and mouse game. You, as a software manufacturer, do not have to panic. Instead, take your time and gradually fix the identified breaches.

Piracy is a compliment. Piracy is a form of free advertising. Your core customers will remain yours anyway. But you have to close the open breaches from time to time, gradually narrowing the attack surface. This will help you remain profitable.

You may need some tools to help you win that game. Obfuscators/protectors may be of some help. For instance, code virtualization is a pretty decent technique to deter most attacks of such kind.

Side question, is cracking software actually a business? I always imagined that cracks turn your computers into botnet components, or mine crypto. In the background, lightly, so that it's not too annoying.

Release a version that is also "cracked" and distribute it widely. Make sure this version breaks after 10 days (so user doesn't suspect) and inserts garbage into whatever it produces after this time. Ensure your accepted EULA states that if it isn't purchased you can do this of course. When users also complain of a bug specific to this cracked version, in order to help, ask for their contact details, email and product registration details (in that order). Use provided details if necessary for legal enforcement of licence.

I agree with others saying "do nothing"... mostly. Trying to prevent piracy is a waste of time and resources better spent on people who actually pay you money. To that end, if you do anything, the goal should be to ensure that you can tell the difference between who is paying and who isn't. You don't want to field support for cracked copies.

Some developers I know and will not name have been known to leak their own cracked copies of their product, just to ensure that there is something broken about them that easily identifies them as a cracked copy.

You say a license costs a few thousand dollars. Is that kind of customer going to use cracked pirated software? Are those customers going to risk a data breach to save a few thousand dollars? I don't think it'll affect your business at all.

If the cracked software gets downloaded a lot then maybe there's another mass market that will pay tens to hundreds of dollars for your software. If that happens then it might be worth releasing a new version of your product at a lower price point for those customers.

"Thankfully, our digital signatures are lost in the process, so that's reassuring."

So you mean the software has been digitally signed? If it is signed how is it possible that it is cracked? Isn't even a slight modification of the binaries will render the software unusable if it is signed? I have a software that is signed digitally and the certificate private/public key is supposedly takes some hundred billion years on average to crack. So what is the point of signing a software?

Make a blogpost talking about this, say you won't pursue users who pirate, but you hope that once they realize the value you provide they come to purchase the real thing.

Demonizing and chasing people who pirate will only work against you, just like it happens with gaming.

Consider the pirate version a "trial" for people who are considering whether to buy the official version. Again, many with gaming do this.

Don't feel bad. In all seriousness, piracy is probably helping you spread the word and get people to try your project.

Just want to say, not sure what exactly your software is but it might be a good sign. I have nothing to say on how to fight piracy (I do believe you should make attempts) as security isn't really my field.

I remember any tech-savy/media kid was obsessed with getting Adobe products... but no way could they ever afford a license like that. I don't think it would be as big as it is today without kids/younger generation getting their hands on it somehow.

Okay, Apple is different from your company in as many ways as possible, but you might want to pay attention for their licensing policy: Logic X has no copy protection, no registration key, no nothing. Nothing to crack. If you get a pirate version, and using it for a while, you can buy it. They even provide a free version of it, with less functionality and larger icons, called Garage Band.

Your biggest fear shouldn't be illegal copies, but people presenting themselves as somehow legitimate and re-selling your software. You can get people calling your support number because a cracked version isn't working, creating costs with no sale.

Make sure you have a plan for when that eventually happens. Some of those people can be converted to paying customers, but the rest can at least tell you where they got it.

Hello,

You may want to consider Software Protection and Licensing from a vendor and not roll it yourself.

The high end versions of these solutions accomplish binary protection and encryption quite well and can require things like a token or hardware dongle to utilize the software.

Additionally given you've been pirated already, from a business perspective a freemium model might be helpful for converting pirate customers to real customers.

Hope it works out for your business!

Focus on pro consumer features by adding more features to create an updated release for which people want to stay current.

And make them recrack the latest version by changing the function which accepts serials, etc.

Note: As others have mentioned, it's going to be tough to win the arms race against someone with defeating your checks. So drive consumers to want the real thing by providing a value add.

Some vendors who sell expensive software arrive (perhaps unintentionally) at this solution: produce software with enough defects or missing features that it cannot be used without regular contact with support. An adjacent idea is to produce software with a large number of plugins that are separately purchased. That multiplies the effort needed to crack and distribute everything.

> I'm not entirely sure what other information would be helpful to provide, but I was wondering if anyone has run into this into the past, and how it was mitigated. While we'll always have some piracy, we'd like to keep it to a minimum.

I don't have answers but I have a few unusual ideas.

I would suggest (perhaps as a "fun" way of dealing with it) looking into The Legend of Spyro style copy-protection. This is where, rather than just depending on the small activation component, there are small checks throughout your code that cause little inexplicable annoyances constantly if a pirated copy is found. Maybe people try to print things and 1/3 of the page is blank. Maybe they try to save files and there's a 1-in-100 chance of total corruption. Checks like these, when widely distributed through the code, obfuscated, and having different things they look for, can sometimes be a major PITA to fully detect and remove. If a pirate feels that getting an initial cracked copy is easy, but getting all the bugs out is miserable...

Another possibility is the "great service, training and introducing features." Pirated copies shouldn't provide access to your training material or any customer support if possible (make it a bit of an enigma to use sometimes). If the pirate has a question but can't read the documentation or watch videos about what to do because he doesn't pay for an account... it is a little annoying for legitimate customers but causes further frustration.

The first PC software I got back in the early 80s was a copy protection cracking program. I think there were 2, copywrite and copyiipc. Since then, the battle between copy protection and cracking has been going on.

You will never stop cracking. The only way is to convert the application to SaaS. Otherwise just try to minimize casual pirating and leave it at that.

It's free marketing also since your product name will now show up in warez sites.

Most people who pirate it arent your target paying users anyway, because obviously they are broke, and most of it are even teens just trying softwares left and right.

It's a nice nudge to improve your licensing verification process also.

Whatever you do, don't punish your paying customers for being honest. If your anti-piracy measures have restrictions, bugs, or inconvenience your paying customers, you're allowing the pirates to release a superior product to your own.

For future, consider moving some of your secret sauce out of your app and into a cloud service. That way, you'll have opportunity to validate the license and key parts of your IP aren't open to reverse engineering.

Whatever you decide to do, please don't screw over your actual paying customers with hostile and unfriendly DRM as a reaction. Nothing would make me drop a paid software quicker.

You could take the same approach as 1Password and move the valuable parts of your product into the cloud. It will make you immune to piracy, but your customers will absolutely hate you for it and may leave altogether.

Congratulations! You got free advertising and educational version for self-study and creating online lessons. Now try to be proactive and release keygens yourself.

Ignore it. They probably weren't going to buy your software anyway at this point in their lives. Maybe later when they have experience they will, though!

the obvious approach is to keep raising your prices and attempts to lock your software down with anti-circumvention measures. That always works.

I had a number of techniques I used when I used to make shareware that were very effective at the time.

Happy to talk with you via DM if you’re interested.

The solution here is pretty simple: make your software free and open source. Transition your business model to paid support tiers, or paid hosted/managed offerings. I have been advocating for the promotion of FOSS software for years, and this model has worked very well for many software businesses. People will always crack and pirate software; not only will be a never-ending cat and mouse for you, but also inhibits the proliferation of truly free-as-in-freedom software.

Do nothing? Cracked software isn't a big deal. My cousin works for a 20 person company and they all make $200K / year.

The cracked copy is the start of your sales funnel, literally don't fight it, you're doing yourself a disservice.

Place secret bits in each copy that identifies the purchaser, then sue when the next version comes out.

Well I too like money. It feels nice. Lovely texture too. I suppose this is a matter for legal.

i'd say innovate, improve, and make your product more robust so that the cracked versions pale in comparison to what the paid for versions have, then they turn into marketing pieces for the real thing.

Maybe the ultimate reason to be a SaaS? Can't crack my webserver!

Plug: in the past, I helped a few companies and OSS devs track usage of their code in mobile apps https://codescout.app/ and provide leads. Happy to chat if this is relevant.

best way to curb piracy is to create a personal connection with those who would pirate and get them to want to support you, have them root for your success basically.

you should promote it.

Payment should be for other benefits such as low friction, support, and community membership.

Technical people will always pirate software, use it to your benefit.

Someone built you a free trial feature, congrats.

Make it less crackable in the future.

Add a trigger that doesn't fire until a few months after install (to prevent the cracker coming across it and patching it out) and then run rm -rf if it detects it is cracked. Optionally display a countdown from 10 and play an alarm sound before this happens for extra lols.