Lost your License key?
Retrieve Your License
Log In to Balsamiq Cloud
Our new Web App
Go to balsamiq.cloud
Log In to myBalsamiq
Our vintage Web App
Log In to myBalsamiq
A fellow software entrepreneur emailed me today with this question:
My question is, as I am trying to get an application of mine built in AIR, and it is commercial software, with features disabled that I want enabled after entering a license key.... since AIR sends out your whole SWF file that can easily be decompiled, what do you recommend doing to protect your IP since it's basically being given away free with every download? It could also be easily cracked I assume.
What he is referring to is the fact that Adobe AIR application files are really in essence simple Flash movies (SWF files), zipped up. SWFs are, and have always been, fairly easy to decompile, which means that you can run the SWF through a piece of software which will spit out the original source code for the application (what he refers to as "your IP" in the question).
He suggested I answer in a blog post, so here it is.
My short answer is this: I don't do anything to protect against decompiling, and I'm not worried about it.
The following is my current thinking on software piracy and what to do about it. These are just my current views, I don't claim them as great ideas of my own. It's just what I have learned so far, from different people, books, blog postings, etc.
Also, I realize that the rise of SaaS might make this less relevant in the future, but who knows...I think the future is hybrid, we'll see.
I don't like generalizing, but here it goes. I believe there are 3 main categories of software users when it comes to purchasing software versus stealing it: "those who'll buy", "those who might buy" and "those who will never buy".
I the pie chart below I refined it a bit to 5 categories, and since I don't know how big they really are, I intentionally made all the pieces the same size, except for the yellow one, which I believe is the biggest one:
Let me describe each piece before discussing how I approach each one.
I try to please each segment of the population with a different approach:
To sum it up:
A couple of months ago I was explaining to my dad how I try to be as transparent as possible, sharing my revenue numbers, designing my features in the open, blogging about it all, etc. I believe it builds trust in Balsamiq and frankly I wouldn't want to do it any other way.
At the end he asked me: "Ok, I think I get it. But what is "your secret"? What's the thing that, if someone stole or copied from you, would mean catastrophy for your company?"
I thought about it for a second, and I realized that there isn't a single thing.
Mockups is a simple product, a good coder could create a clone of it in a couple of months starting from scratch. Someone could post a crack for my licensing algorithm on a BitTorrent site today.
I don't think either would spell catastrophy for Balsamiq.
People buy products from companies they trust and respect, and who treat them well in return. People buy software if they know that the people behind it care for your success while using it. They want to see the software improved continuously and with a passion. They care about a sensibility for usability and attention to details.
These aren't things one can steal.
I believe Balsamiq is successful so far because of all that I do every day: the site, the blog, the promotions, helping customers, listening to their ideas...and of course improving the product with new features and bug fixes. It's one big puzzle, every piece contributes to the whole (what Geoffrey Moore calls "The Whole Product Model").
I am a huge fan and avid reader of the Business of Software forums, a community of small software vendors. Here are some links on this topic taken from there. As you can see, none of my ideas is original or revolutionary, though there is some debate about these topics...
Here's another article, which I have only scanned quickly but seems in line with my views: Piracy and Unconventional Wisdom
While I was writing this post I thought about checking if Mockups had in fact been cracked without my knowledge and was available for download somewhere.
So I did some research, and while "The search of balsamiq was not successfully" [sic] on Astalavista :), I did find something on TorrentTractor. Check it out, one of the files is 833Megabytes! Now, the original Mockups for Desktop file is less than 3Mb right now...I pity the fool who downloads almost a Gig of crap, likely full of viruses, trojans and who knows what...I couldn't have done a better job at polluting the hacker sites myself! 🙂
I want to leave you with a quote from Pete Santangeli, which I think sums it all up nicely: "the best way to slow down your competitors is to give them your source code".
[UPDATE: someone just anonymously posted my licensing key generation code in a comment to this post, which I deleted. Anonymous hacker: congrats, you are better than me! 🙂 I'm sorry you didn't post your name or I would have sent you a picture of a medal or something. I have deleted your comment because, like I say in the post above, I am trying to convince people in the "yellow group" to move towards the green area...not make it too easy for them to go towards the red (Balsamiq is how I am trying to make a living after all). I hope you'll understand. I'm going back to work now...]
Peldi for the Balsamiq Team
We'll send you just one email a month and share a ton of information that you'll get before everyone else. More info about the newsletter here.
We'll never share your email address or spam you.
Your email is never published nor shared.
Great write up. And look at that, still in business after 9+ years :).
Hey Peldi, nice write up. It’s well-thought and I like your view of hackers and how it’s sometimes futile in trying to outsmart people who excel at bypassing security features. In short, developers should accept inherent weaknesses of software businesses and work around them to keep profits up.
People shouldn’t complain too much about software piracy. Businesses that sell bananas, for example, don’t have piracy issues, but they have much more difficult issues to deal with — cost of goods, delivery fees, taking a loss on unsold overripe bananas, warehouse/storage fees, etc. Software can be easily replicated and pirated, but therein also lies the beauty of software: easily replicated with minimal costs, allowing small teams of 1-20 developers to affect millions of users.
I have to say, this software is a fun way for my RnD and QA sessions. I’ve stumbled upon this software way back 2011 on a conference held by the Philippine Web Development Organization (PWDO), and now I’m using the 8 days trial demo.
I really really love it. I must confess, I’ve searched torrents for a copy, but then I am thinking about it and just finish the free trial.
I really want to purchase one, but so far, I still can’t afford it.
I hope that one day I can purchase your product.
Cheers for staying strong!
Fantastic article Peldi. It’s amazing that this 6 year old post is as useful and insightful in 2014 as I imagine it was in 2008.
Thanks for your insight, and a great product!
If you’re looking for a good way to protect your SWF files from decompiling you’ll want to look into a SWF obfuscator tool or SWF encryption software try Kindi for that solution.
Piracy is been a big problem in the Philippines. The government had to put up a department to deal with this alone. The Optical Media Board is what it came about and fortunately they have been doing good. Less pirated movies and records can be seen on the street. Lately they focused on illegal use of software and found out that even some companies practices such. An instance which happened last week where a call center company Garrett & Talon which has an in house account – JUSTFLOWERS was raided by the authority because of illegal use of operating system (windows). When OMB raided the company they found out that only 1 OS was legally bought and was used to run 100 or more PC’s. The case is now on going. Kudos to OMB!
Having read your philosophy on the topic, I thought you would get a laugh out of how i found your page. It was a link that said “list of obfuscators” or some such. Since you don’t believe in them… kinda funny.
Two more things an old saying about a fence or a lock, depending on where you heard it. It keeps an honest man honest. A 2 foot fence is just as good.
And my thoughts, the best protection against piracy is price it so they know they are getting a great deal. Makes another category. People who would steal if they were not embarrassed (to themselves) about it. A crook can steal a beer without hesitation. How much pride is there in stealing a beer that costs a dime? Plenty would, plenty would not…
You devious bastard. This is a great move from an SEO standpoint to include a post about piracy in your official blog, the same way Tim Ferriss has a post about “Tim Ferriss Haters”. Bravo, encore.
[Peldi: if only I had that foresight!]
Serious developers pays software they use. Low budget tools does not mean less software development value. I paid 24 dollars for an android apps decompiler. It is cool.
That is an excellent writeup on piracy.
At this moment I cannot afford the 79 USD license, but rest assured that by being nice guys you have made sure that when I move out of the yellow zone, I am heading for the green one insted of red.
I loving this software, but 79 bucks still too expensive for me. My limit for software is 50 bucks, preferable 30 bucks.
It not work more on Linux too (if it work on Linux and have good support on it, I may pay 80 bucks), cuz Adobe canceled Adobe AIR for linux and install old versions of AIR is a pain.
Also, one week for test software isn’t enought for me. I can use and approve in your case the UI, what software do, but not how you work with updates, what you do about improvements and sugestions of your customers, etc.
Discover this things take time, but works…
I have a nice example, the Sublime Text 2 Editor. I used that for 3 months before I buy license for 50 bucks, cuz this editor improved how I work, like mockups, but also I see a amazing community around the editor, I see the programmer hearing community, plugins, etc. It’s really nice.
I don’t see how I can add things like new parts for mockups in balsamiq mockups.
Now, I, uncomfortably, will try some other mockup editor in some days, but will talk for people about balsamiq, it’s good.
I am currently a student training to become a web designer/developer. So I can tell you right off the bat that I’m in the financially limited category. Even if I weren’t though, there is no way I’d be paying $80 for this product. The fee is just way too high for this kind of personal software. Without a reasonable free version available I wouldn’t even be able to determine the worth for business use, nevermind recommending it to others. Because this product has such a specialized target market, I’d suggest lowering the price considerably – otherwise potential customers will simply turn elsewhere.
i’m using your trial ver for my part-time degree project mockup. Have to admit that I initially plan to crack it but your blog post change my view.
Pingback: Balsamiq Mockups | 당할까보냐!
Currently there are 3 main competitors of such software available on the market. And they are:
– SWF Protector by DComSoft;
– secureSWF by Kindisoft;
– SWF Encrypt from Amayeta;
I am using DComSoft and it fits all my requirements. I do tested them all and from my opinion SWF Protector is the best choice because it reliable and user-friendly.
secureSWF is pretty nice too, but it is very complicated and expensive.
As for the SWF Encrypt, It is more expensive then others, and I even don`t know why 🙂 It provides the same functionality as others.
Interesting thoughts. Though I strongly disagree with your advice on EULAs. I have yet to meet anyone, user, developer, or lawyer who takes them seriously. Maybe I’m alone in this but I click reject on EULA clickgates and take the software back for a refund. I will rate anything with a EULA with one star on Android Market or Amazon.com. I don’t care if it cures cancer. If it has an “I agree” box, I will file a bbb complaint to get a refund.
Software is a product, not a contract. You don’t sign a contract to pay at a restaurant any more than you should to not pirate software. And if you ask me to click agree to use your product, you have forever lost my business and respect. No exceptions.
Peldi, I love your software. Balsamiq Mockups is a great piece of work. I personally cannot afford a license, but I have used the online version for a few small projects and I love using it.
Here are some suggestions for you:
1. Create an open source version of Balsamiq licensed as GPLv3. This lets people copy it however they want, but keeps it copyrighted by you.
2. Keep the Desktop version along with the current price. The desktop version should have some extra premium features and support features like built-in tutorial, collaboration support, etc. along with features that make it easier for larger deployments.
Having these two versions causes two things:
1. The open source version will become widespread and will generate immense word of mouth advertising for you. Also, if you manage the project successfully, you will soon have a large community of developers who will submit patches and code.
2. Professionals, enterprises and people with enough money in general will buy the desktop version and possibly, support.
I think doing these two things will make Balsamiq Mockups infinitely more accessible to hobbyist users, while boosting professional use and your profits.
Excellent writeup by the way!
Pingback: James Gregory » Rhino Licensing
There’s a free Balsamiq license floating around on the internet. (It was leaked by accident by a licensed project.)
Contact me for details. It shouldn’t be too difficult to take down.
[Peldi: thanks for that…there are lots and lots of licenses and key generators around…we still trust people to do the right thing and buy Mockups so that they can keep us in business long enough to answer their support questions. 🙂 Anyways, email me at firstname.lastname@example.org with the key / url, we’ll see if we can get them to take it down / add it to our blacklist. Thanks!]
Hello mate! I’m a Computer Science student aiming for a career in network security / software engineering. I’m currently working on the Android OS and found this post REALLY useful!! It shows things in a completely new light for me.
I found a small gap in the Android market and am thinking of “cashing out” but I hear that Google’s idea of privacy is a cardboard fort and tissue-paper to throw at the pirates. I wasn’t impressed and decided to search for ways to protect myself a little better (Search provider was Google no less(¬_¬) ).
ANYWAY. I found your perspective very influential and I’ll try to learn some lessons from this.
Ok, so i was googling a serial for balsamiq because paying through credit cards in Venezuela is a pain in the ass (currency control, we can only spend 400 USD on the internet a year), and saw this blog post.
Tbh i was going to crack it, but seeing such a well informed and thought out stance on Piracy/Open Source/Free Software… well i felt obliged to pay my 78 USD, even if that is 20pct of my yearly allowance (thank you left wing government).
Kudos to you bro,
Billy will be happy if Peldi can arrange some alternative payment method.
[Peldi: we don’t normally take wire transfer orders under $300, but we’ve been known to make exceptions. You could just email us…we’re friendly people! 🙂 email@example.com]
Today Billy has coded an awesome key breaker for the latest version of Balsamiq, but billy will only use it for personal use. Billy cannot buy Balsamiq because he don’t have a credit card. Can Peldi do something so Billy don’t need crack balsamic again.
[Peldi: good job Billy! Did you know that you can use Mockups for free just by using Export… to save your work manually? Pretty easy, huh? I don’t know of any other company that tries to accommodate people who can’t afford our software more than we do. We simply cannot give it away for free because we’d run out of business (stop fixing bugs, providing support, improving the product). Billy doesn’t want that, does he?]
great writeup! THANK you!
I must also confess that i looked for a cracked version. The company i freelance for use your product and i think it looks great.
Currently though i cant really justify spending the money on the product but after reading your home page where you talk about how to get a free license i feel quite ashamed of trying to get it for free.
I plan to save up for this piece of software and pay for it as i think that your attitude to “do-gooders” and open source projects is very commendable.
I for one feel that if i make money from a product then i owe the creators a share of that money. This doesn’t extend to big software companies who i feel that big business can fund them (because they’re scared of getting caught) and ill help out the little guys
I agree with a lot of what you said, but one thing that bugged me is that you noted the trial version nags every 5 minutes. I think you’re missing an important factor here: when your protections drive people away from buying (toward piracy or simply finding another program).
Personally, I’m somewhat easily annoyed, and if a trial program nagged me every 5 minutes, I’d be looking for another program, or a crack, after 5 minutes. 20 minutes, even 15, maybe, depending how long I’d be using the program, but 5, that gets really annoying really quick.
I’m a hacker myself, though I rarely use pirated software – much prefer open source. I hack Nintendo games for fun; the only time I’ve ever actually cracked a program was because I needed it NOW and even legitimately paying for it would take too long. However the mentality is pretty much the same for any of us. It’s insulting in a way to have a machine that is supposed to be under our control intentionally annoy us.
So when you make nag screens, the more annoying you make them, the more likely some hacker is going to be bothered or insulted enough to want to crack the program, just to shut it up, even if the trial was otherwise fully functional and convincing them to buy. And of course, hackers take pride in their work, and will want to share it, regardless of the morality behind it.
My personal suggestion is not to bother with nag screens and annoyances. Make the trial versions simply lack functionality that most people will want. If it’s something most people will use for an hour at a time, maybe have it quit (AND SAVE! And make sure they know it’s saved!) every half hour. Have a logo or watermark in the corner of the window. I also like the idea of releasing old versions for free, as that basically gives you a good trial right there: it works, but lacks some features and maybe has some bugs.
Simply, there are many ways to make the trial version an effective trial, without making it annoying. After all, for every one hacker that gets annoyed enough by the nags to crack it, how many non-hackers are annoyed enough to simply leave? I’d enjoy seeing stats on this, but I’m doubtful it makes more sales than it breaks, even before piracy is factored in.
I don’t agree with the people who said don’t waste time obfuscating your software. why not?
– The amount you’re paying for the tool is less than the revenue you will get from people who are trying to steal the software by looking at the source code but who really want to use it and eventually give in and buy it.
– it doesn’t take much time to do it. It’s a one time button click to obfuscate. It’s not like you’re developing your own obfuscation app.
The idea is to make it harder for hackers, real hard for the wannabe hacker and still be easy to use for the casual user. You don’t want to leave the door completely open but close the door and welcome new visitors.
There’s always a sweet spot between the two. The problem is finding it.
Ok, I admit I’m spamming a bit here, but I had an interesting discussion on the Joels on Software forum, blogged about it and I believe this is worth sharing 🙂
It’s about a smart way to creating looong serials and reading only a chunk at a time – so you have to worry *less* each time a new keygen is out. It’s particulary useful to Micro-ISVers.
Being a one man developer is tough, you either have to be your own tools developer or you have to purchase your tools from another company.
It’s conceivable that more than a few of your would-be customers are tinkerers with personal projects (like myself). I can’t justify $80 for an app that I’ll use for a month, put away, come back to in a few months use for another month on another hobby project, and put away again.
Perhaps you would consider a single-seat non-commercial license in the future for all of us shoe-string developers that just want the satisfaction of owning the real-deal?
Good post mate. I think u got everything write! Success of a product is not within the current code it hold but in how good you are in managing it.
The yellow colored group is the one where software companies are really losing out the money.
I invite you to our website and see how we are helping small to medium sized software companies to tackle the threat of piracy.
We just started the operation on 1st october and will really love to hear your comments about us
Hi: I like your approach and your transparency. Refreshing stuff!
Your 5 groups are great, but really I thik the sizes are wrong. Those proportions might be well in the US, but globally spreaking the pink one should represent 80%.
I live in Peru. I see the poor people slowly gaining access to computers, trying to bring home some progress. They buy used stuff, refurbished stuff. They might spend $30? $50? All to give their families access to the old PC that you thrashed 3 years ago. (here’s a tecnological problem: the base is maybe to old for your software).
But then it is Mr. Gates turn and he wants to charge $300 every couple of years for the OS… In my humble opinion, there’s where all this piracy game begins.
At Lima’s markets you can buy a DVD full of cracked software for $3. For 90% of the market it is just impossible to go the honest way. Want to pay .99 per song in iTunes? You can’t do it in Perú. iTunes won’t work here: the industry wants you to pay $18 for a full CD or nothing, and nothing is what they are getting.
I run a small shop. Adobe wants me to pay $1400 every 2 years for a new Creative Suite. $1400?! That’s 1 year salary for lots of people here!
I think you should create something on the iTunes side, to at least to get a buck of each of us. It might sound you to little for your work, but it is a sincere effort fron this end, and most impotant… we are thousands of millions on this side of the planet.
I also think older versions should be 100% free. There’s a premium version that can afford to stay on the front line. Cool. But if you guys officially liberate the old versions, you might get some pleasant suprises.
Pingback: Cus Productions » The Perfect Licensing Model?
The ideas that you mention about Nag Screens and the other stuff remembers me of the Shareware discussions I did more than 15 years ago. You’re abolutely right to do so. It works, especially with the business sector where more is green than yellow anyway. The risk is too high to use cracked stuff in a project.
I don’t know if the comment about SaaS is a good solution. We had the possibility to use your product with Confluence/Jira, but we bought the desktop license. We were more familiar using it as a desktop tool and indeed this feels more comfortable to work with Mockups.
There’s still the problem that online solutions need to save project-specific stuff on the server. The missing trust prevents a lot of people from doing this. Sometimes there are NDAs that don’t allow to work this way. This may change the next years when more companies outsource their software infrastructure and they have to accept to save their documents on 3rd party servers. Nevertheless, small companies will still have problems to persuade their prospects according to trust. So, the question is if all the efforts to establish a SaaS are worth in the end.
Pingback: 15 days trial: the first community-driven change! - Napkee - make your mockups come alive
About the Balsamiq mockups on Torrent:
Have you tried reloading the page? If yes, you’ll see the sizes of files are changing – these are not real files but some autogenerated crap, so while anybody wil likely get the viruses or trojans as you’ve said by clicking on those links, they won’t get your software in the process.
That site is just scam pretending to be a torrent site.
You will get basically the same results if you’ll search for “uaqueouer ythgjuj” or basically just anything.
I agree with a lot of what you’ve said in this post about the different classes of people. For my own software, I use Nitro-LM to outsource the licensing and encryption capabilities for my app.
Purely from a sales point of view, I think SaaS model will perfectly benefit your Mockups product for the following reasons:
1. Your product is targeting very specific people, such as PMs, Consultants and etc. I believe your product will become daily-used software of these people, but even so, that’s an individual activity, not a company-wised one. Thus they are likely to have difficulty to buy your software via company purchase.
2. For an individual, any price of tool software over $50 is not a good price. Besides, a single license of SmartDraw only cost $197. So you might end up with the situation of lots of trails but few purchases. I suggest converting it into a SaaS with a subscription model. You can then low the entrance fee, but have a stable month income and stable growth rate. And subscription-based service is far easier to attract company subscribe.
3. MS office is the overwhelming tool for documentation. If your product can’t seamlessly integrated with MS office, the please make the output online available. Otherwise non-IT professions will have difficulty to use the output. Imagine asking a 50-year old project commissioner from a hotel franchise company to use Mochups to open a bunch of XML data, which he got from an email sent by his vendor….oh, dear…”Use it with your clients” shouldn’t be that difficult. Make the output online accessible just like the “publish doc” function in Google Doc. This will bring enormous popularity to your projects.
And lots of others….
I’ve sent you an email about retailing your product oversea. If you feel interested, please get in touch.
I think what you are doing is brilliant and admirable. Like Matt said, focus on making your software a must-have.
Dont waste time on securing your software. Spend the time on making it a better mockups product. I’m with Alaa.
Most of us could have google’d and de-compiled your swf if we wanted to. But who wants to do that? It costs me as a developer more to google and crack your software than the licence fee. And besides, i’d rather pay you to make your company and product better. My time and energy isn’t worth the ‘hacking’.
Look, i loved this article as with the earlier one re your story. I think you have a great hold of web business. And i love your confidence in yourself and your plan. However, a couple of comments above this one you seemed to hesitate with your confident approach to licence keys and product protection based on the comments of the hacker. Irrespective of the technical implications, i think you should stick to your original stance on principal. Your ‘whole product’ shouldn’t suffer from the distraction of a bored kid! Even for 10 seconds of google time. Put your energy back into making a great product, a great experience and a great load of satisfied customers. If i can encourage you, do what you said you’re gonna do – build the trust. Don’t build the security. No one can copy the rest of what you are.
I’ve ranted too long. My hat is off Peldi. I trust you, i’ll keep reading your blog and raving about Mockups.
Alaa, you’re right, I re-read that paragraph and it didn’t come across right. I have now updated it, I hope it’s better. 🙂
I’d like to emphasize what @Sam said. Free(as in freedom) software and open source software are not necessarily free(as in no money), just that you get the source code with it and are free to modify, re-distribute and so on…
I also can’t believe you just combined the Free Software Foundation with kids and pirates. I’m sure you don’t mean it that way, but that is how it sounds.
I am a satisfied customer of mockups. And let me explain why. I used the trial version for a few weeks and i liked the product. Although i could crack your software or even create an open source tool to do something similar, I didn’t. I didn’t because i wanted to support you and your “mission”. I also didn’t because I think you made a great tool(not to mention the ethical side)….the list goes on, but i think you got the point.(I am also trying to advocate the tool at my work place…)
I personally wouldn’t worry about the Anonymous coward who is trying to show people that he can click a button to decompile a swf. I bet the decompiler he’s using is pirated too.
Sorry about the long post, but i have a lot to say about the subject. Both as an open source programmer and as a business owner. The only thing that will make me happier is if you provided the source code with the application…i would still pay for it and not expect it to be free. And i am a GNU/Linux user and an FSF member.
In the end, please don’t try to implement a more restrictive scheme. That’s just asking for trouble. Also, obfuscating your code won’t make it any harder to read. That’s just an illusion.
A sizable percentage of the yellow group fall into the category of “will pirate it to play around with it, but don’t need it bad enough to buy it”. How many apps have you downloaded, played with 2-3 times, and then deleted a year later when doing a disk clean-up? The value of this group to the mISV is word of mouth. A good user experience (with minimal nags) leads to recommendations. If, in the future they do really need it, a percentage will end up paying for it.
Balsamiq has found a good balance to avoid the necessity of pirating for these users. The nags aren’t severe and still make it usable, but are enough that if you’re it that grey zone (or yellow as the case may be) and actually need to use the app on a regular basis, it is well worth it.
Ok so you can decide to simply ignore piracy, make a user friendly license solution or buy one in.
In the case of our customers, many are switching from doing nothing and writing their own low protection (same as having no protection really) to our hosted solution.
This is an interesting trend and mainly driven by the need to get more revenue from their honest customer base rather than “pirates” and as we have pay as you go but high quality out of the box solution it makes financial sense, pls the solution is very user friendly so little hassle to user of eith Macs or PCs.
One area in particular we have alot of success with people moving away from none/home grown has been in the graphics/video/flash/plug-in arena. If you want to protect your flash app for example many of our clients are using MDMs Zinc and Nalpeiron together….might be worth a look for you http://www.nalpeiron.com
Uhh, free software / open source software isn’t about the monetary cost of software but the freedom for users to examine and modify it. There is “free software” that costs money. The free as in speech vs free as in beer argument sums this up. When describing the difference between paid free software and free free software uses the term software gratis.
Hey Ben, no worries. I’m glad I posted this, it made me realize that a little effort towards obfuscating can’t hurt. The anonymous hacker had a good point: part of the people in the “yellow group” are not full-time hard-core hackers like the ones I had in mind, but might know a thing or two about decompiling a SWF and they might try to do it. An obfuscation step will stop them, or at least slow them down enough that they’ll stop trying. Brian Manley has suggested a tool that looks affordable enough to use http://www.kindisoft.com/secureSWF/, so I’ll try that next. Hey, another lesson learned! 🙂
Well Peldi, if I had any idea you’d post something like this, I don’t know that I ever would have emailed you the question. I was actually curious about how you implemented your serial code schema so I could do it with my own AIR app because I need to lock down my code to prevent it from being cracked, hacked or passed around.
Your philosophy is definitely not for me because my product has a very different audience.
It appears that posting this info has created a little hail storm (now on two forums) and you’ve basically put out an APB that your software is easily and quickly crackable by anyone with even a little knowledge. I hope you are able to implement some obfuscation at least.
Anyway, I believe you should take some steps to protect your code as much as possible. I just can’t believe you put a lot of work into this program, then put it up for sale, just to give it all away. You say yourself that it’s how you are trying to support yourself.
I really just wish your post would have said that you were using a great encryption tool and some form of wrapper that generated keys. Still, I wish you the best of luck.
Maybe I’m old-school, but I see where your dad is coming from with his inquiries 🙂
A little update. Hacker News has picked up this blog post: http://news.ycombinator.com/item?id=337821 so you can follow the conversation there as well. Thanks for the nice words everyone!
Google it. They are not so hard to find
[Peldi: heh, that’s what I’ve been doing. Here’s a few:
OBFU – 1500 euros!
Amayeta SWF Encrypt Pro 5.0 – $125 USD. gets “bypassed” too
SecureSWF – Looks like the most promising right now. Thanks @BManley for the tip!
A list of decompilers and obfuscators
Of course I will not distribute it, or even use it. I have morals and I respect IPR. But others don’t. The point is making a very little effort to at least protect your code from decompiling will save you a lot of loses specially when you are a startup. Not to mention implementing a real licensing system.
BTW, I’m not any better than a beginner flash developer.
[Peldi: thanks for that, I appreciate it. OK, so perhaps obfuscating my code is a good investment, I see your point (it makes it a bit harder, which might dissuade at least beginner flash developers from trying to hack it). Do you have any tools you’d recommend? I’ll be happy to update the post with such info.]
BTW, took me less than 5 minutes to write a key generator for your app after looking at the code. And guess what, I have it as a Flash swf file that can be distributed around in no time!
[Peldi: Like I said, you are pretty good! You can decompile a SWF. Now what? Will you distribute your license generator? If so, may I ask why?]
Why did you remove the source code?
[Peldi: look at my UPDATE at the bottom of the post]
I have to confess I’m one of the 16 people who searched for “balsamiq Mockup serials”.
I tried it inline for free and saved a lot of time for a quick presentation of a UI concept. Then, the project was accepted and I had to work further on it.
Considering the great usability of the software, I wanted to increase my productivity by a full version. I didn’t found any cracked version, and did not wanted to use any other software I found instead.
I considered the quality of your product and its very reasonnable price, I purchased the desktop version. It’s amazing to dicover how you planned my customer behaviour.
I think very strong to a company (you worked for it) who should copy your business plan, especially in Europe where the lincense doubles. You don’t just have to be user friendly, you have to be helpful and comprehensive.
Congratulation for your work and thank you for your empathy.