Security for Fortran EXE

ferrad1 · ‎05-11-2021

Can anyone recommend a good security protection system for my EXE?

I have a simple time bomb at the moment which can be easily cracked I guess.

Steve_Lionel · ‎05-11-2021

You are looking for a license management system. open-license-manager/licensecc: Software licensing, copy protection in C++. It has few dependencies and it's cross-platform. (github.com) says it is for C++, but it has a C API so you can call it from Fortran.

DavidWhite · ‎05-11-2021

I've used the Polyhedron Licensing System before. The original developer has retired, but I believe it is still available.

It uses a simple text license file, and all the calls are pure Fortran.

Steve_Lionel · ‎05-12-2021

I knew about the Polyhedron system, but did not see it offered at polyhedron.com. I should have done a search for it - it shows at Polyhedron Licensing System - Alfasoft (adeptscience.co.uk), but links to buy it are dead.

DavidWhite · ‎05-12-2021

I think Alfasoft stopped offering it, and the original developer resumed control.

About 3 years ago, my former employer purchased the source code to "future proof" their use of PLS. Not sure what has happened with PLS since then.

ferrad1 · ‎05-12-2021

I saw that but was a bit worried about "PLS is available for Windows 95, 98, NT, 2000 and XP systems."

andrew_4619 · ‎05-13-2021

This in my world this depends if the software is high value low volume or visa versa. For the first case I prefer a hardware (dongle) based system of which there are many choices.

DavidWhite · ‎05-13-2021

Dongle based systems can be expensive to set up or require payment of ongoing fees to a third party.

andrew_4619 · ‎05-13-2021

That is why I said for high value low volume software. A dongle with a data facility and encryption engine can give very high levels of protection. There are many systems without ongoing fees. But cost is an issue if the software value is relatively low.

ferrad1 · ‎05-13-2021

Our EXE runs in the cloud, which counts out dongles.

Steve_Lionel · ‎05-13-2021

You first have to ask yourself what you are trying to accomplish, how much effort are you willing to put into it, and how much hassle should your customers put up with? If occasional theft doesn't worry you, then don't spend a lot of time trying to make the system difficult to crack. You want to make it hard enough to deter casual theft, but no so hard that legitimate users will complain (you can find many instances of that in this forum - Intel did a particularly craptastic job of license management for its developer tools, so I am sure that the support team is relieved that the oneAPI tools have no license management at all.)

Do you care if someone copies the serial number, license file, or whatever? If so, then you need some method of tying the license to a specific system. Is someone allowed to run more than one copy? Then you can't tie to a system.

DVF/CVF had a simple serial number system - the serial number had a checksum and there was a Windows registry key that recorded the info. We had lots of theft, but we didn't care that much as it didn't affect overall sales. We used to joke that we sold only one copy to Russia and Vietnam... When a particular SN became widely copied, I added detection of that to patch updates - caught a few people that way.