Fathom Synth Development Thread

[FathomSynth]

I think I understand your system.

In order to know that the second and third copy of the installed application are not legit the application would have to ping the server when it ran. Otherwise the sever would have on way of knowing the second copy was even running some where.

However, pinging the server at run time is something I would never do since it would require a connection to run the plugin while using it or at least booting it, and that would definitely be unpopular.

The reason I proposed the 1,2,3 method above is that the server ping only needs to happen once when the software is first installed and from then on the machine information validates that the legit connection took place on that machine. And the ping never needs to be done again!

Also, I think for your solution to work, the app image itself would need to be tagged with the user name by the server itself. I'd really rather avoid that since the installation process after the server is pinged would then have to include the server writing into the app image and zipping it before the user downloads it. Ouch!

Of course, the installer itself could simply tag the installation with your name locally, but then unfortunately you have an installation system that can be run anywhere, anytime, and you are back to square one.

I do understand your point, believe me I spent weeks researching this last year when I wrote my LCM. I think your method would work great, as you say, and is less likely to be propagated if the user's name is anywhere in it. I also agree with you fundamentally that no system needs to be perfect as long as it is just a little difficult to transfer and with user info involved, users are less likely to hand it off. Yes, I agree with that.

My only point was that any system which only creates a code file can be duplicated and Joe can use Fred's installation package without the company, or the server, or anyone else for that matter, ever knowing about it.

Only Joe and Fred would know about it, for the exact same reason that only YOU would know about it if you installed Omnisphere on both your Tower System your Laptop by simply copying it from one to the other! See, what I'm saying?

[fmr]

Only Joe and Fred would know about it, for the exact same reason that only YOU would know about it if you installed Omnisphere on both your Tower System your Laptop by simply copying it from one to the other! See, what I'm saying?

PRECISELY. Yet, Spectrasonics live with that. And we are talking about a $500 plug-in, to my knowledge the most expensive one. And it seems they manage to survive with "just that".

[FathomSynth]

Good point!

That is so funny, I'm actually using Omnisphere right now the very moment you wrote that.

[vurt]

Good point!

That is so funny, I'm actually using Omnisphere right now the very moment you wrote that.

do joe or fred know?

[FathomSynth]

LOL, no, I paid for this puppy and you all know how much it cost.

So I'm damn sure going to use it.

Seriously, Omnisphere is awesome, I like Fathom's GUI better, but I can get sounds out of Omnisphere that I simply can't anywhere else, including Fathom, Diva and Avenger.

[fmr]

LOL, no, I paid for this puppy and you all know how much it cost.

So I'm damn sure going to use it.

Seriously, Omnisphere is awesome, I like Fathom's GUI better, but I can get sounds out of Omnisphere that I simply can't anywhere else, including Fathom, Diva and Avenger.

All those GB of samples should matter

[FathomSynth]

There's also something very different about Omnisphere's basic sound engine at very high frequency, it's incredibly smooth.

I would do the same thing if I could figure out how, I think it's a different type of buffer interpolation.

It has the same smooth clearness in the very high frequencies for all three sound sources, oscillators, noise and samples.

Sylenth has the same thing.

Come to think of it, it actually sounds like they are storing every possible midi note in a buffer at it's native frequency for the given sample rate so every sample pulled is dead center on the component FFT partials. But to do that would be impossible with detuning. But that's what it sounds like.

It's funny, that exact thing is the missing link in Fathom's sound engine, so after I do the CPU I'm going to try to figure it out, but it's probably a closely guarded secret of Spectrasonics and Lennar.

Fathom, Spire and Avenger all sound like they are using interpolation where as Omnisphere, Sylenth and Diva sound like they are not.

[jdnz]

The ONLY !!! way to hack such a system is for the hacker to change the application binary source code at run time and actually write into the application image on disk or in memory. Now this is not impossible, but the UHE thread goes into this very issue in detail and explains why, even though a hacker can do it, they can be constantly thwarted by successive software releases which change the location of the key validation code, and the effort becomes not worth it, unless of course the hacker is guided by pure hatred, and makes your one application his life's hobby.

you didn’t read what Urs already posted though - to obtain GUID you’re going to have to make system calls to read that info, system calls that will stand out and easily be detected in any decent debugging system.

Any half decent hacker will NOT patch the binary - rather they will wrap your code in an outer layer that intercepts those calls and returns the ‘desired’ data.

The U-He system works because it doesn’t need to make any ‘unusual’ system calls, much harder to trace/intercept

[FathomSynth]

Ahhhhhh! (The light bulb goes on)

You just told me the missing link I was not understanding.

But what is uhe looking for on the local PC, that the system calls in the code need to be obfuscated?

Or another way to ask the same question, what is so special about uhe's method that prevents the user from just being able to plop the license file on another machine?

Rat's I think I misread their thread, he was talking about how to obfuscate the system calls, but you're saying that's not the method he uses? OK.

[jdnz]

But what is uhe looking for on the local PC, that the system calls in the code need to be obfuscated?

NOTHING - that’s what makes it hard for the hackers - but they are distributing the license key check in multiple places (think multiple keys hashed to a single ‘user key’) and some of those checks are VERY infrequently called - which is why it’s hard for the hackers to come up with a working keygen

Seriously - engage with Urs, the u-he system is one of the best thought out approaches I’ve seen

[FathomSynth]

OK, I'll just ask him how he does it, it seems like that's one part of their synth that he might not mind other people knowing.

[bmanic]

Or another way to ask the same question, what is so special about uhe's method that prevents the user from just being able to plop the license file on another machine?

Nothing. They do NOT prevent this as far as I know. I have my U-he purchases all installed on everything I own.. that's 5 different computers. Mostly I only use two of these computers but I like to have it all installed and prepared.

I don't know why you are so hell bent on trying to stop something that is almost 100% irrelevant. What U-he is doing is preventing mass distribution, piracy.

.. and as far as I know, only U-He has a 100% crack proof system based on a simple serial number (at least that's what rumor has it). FabFilter apparently have a really robust system too but they don't seem to cripple the pirated plugins (and they know about it all) in any way, not even after extended use. They simply have the philosophy of not punishing anybody and simply making sure they have good enough products that people are willing to purchase.

[NothanUmber]

Yepp, for uhe plugins the user has to enter the name and a matching code.
If a code leaks to the public it is blacklisted in the next update, so a leaked code is like a hacked version of a machine locked plugin - people can copy exactly that version but would need a new leaked code / new hack for the next.
Which makes just buying the thing more convenient than using a cracked version. Imho optimal and the opposite of most other protection approaches where using the legal version restricts the buyer (e.g. regarding the amount of machines it can be installed on, having "fun" with running the plugin on wine etc.) while the cracked version doesn't require the user to jump through hoops.
Have bought almost all of their stuff. The choice of the user friendly protection approach certainly played a part in that! (And, well, they sound good )

Cudos for not introducing machine locks to Fathom! Great synth!

[FathomSynth]

OK, I see.

Just to be clear, I'm not hell bent. We decided to leave Fathom Pro's LCM as it is forever (read back in the thread a bit).

We were just talking about the science of it.

[Scrubbing Monkeys]

As fast as you update hacking would be a full time job.

I have also heard rumor that Uhe had time bombs, where sooner or later your hacked copy would hiccup or stop. Neither of which a serious musician/ produce needs.