I think that the most important step we can take to delay cracks is to make each version, each build, each format of a plugin, different.
If you use the same exact methods and variables for your copy protection in each version and format of your plugins, then the cracker’s job is going to be very easy.
If you have different methods, variables, time bombs, scrambled code, junk code, multiple obfuscation techniques, then, each time you release a new product or new version, the cracker needs to crack 7 different formats: macOS (VST2, VST3, AU, AAX), Windows (VST2, VST3, AAX).
This won't work if you have a leaked license or if you use a serial that can be easily keygenned.
RSA is the perfect opportunity as they'll never attempt to crack a 1024bit key (at least for now
), so they need to either replace the public key or bypass the copy protection method.And that's where you can do all kinds of code obfuscation techniques and checks.
The copy protection method should do multiple things, even some light DSP if necessary. Dispatchers with array aliasing, opaque predicates/values, etc. are great, but they need to be different at every version/format.
We basically use some of the techniques that malware use to hide from anti-virus.
We "scramble" our copy protection source code directly every time a release build is performed. It takes a while to get something like that, build times are longer, and debugging can be a bit more tricky, but for us, it was worth it. The latest working cracks for our products are nearly 2 years old. Six new products have not been cracked (yet), which never happened before.
