One rather enjoyable activity to while away a few hours is cracking java applications. Setting aside the legality of such nefarious activities, it’s a very educational and entertaining hobby. Of course, I am sure that anyone who indulges in such activities will have the decency to at least purchase said product.
Java licensing schemes vary from the impressively convoluted with multiple points of entry, to the incredibly simple and childish.
IDEA for example is more of the former, interestingly enough, my first introduction to IDEA was through a challenge to figure out its licensing algorithms (back in the 1.1 days), I very quickly purchased a license because it was pretty clear that these guys really are rather smart.
On the other end of the spectrum, we have some novel approaches which often suffer from one fatal flaw. They have one clever bit of code that everything else assumes is uncrackable. Needless to say, a simple NOP here does wonders.
Funniest of all are apps which don’t even use public/private keys, but employ a simple built in algorithm to read in a license file. Simple reverse that section of code and you have a key generator.
Another ridiculous idea is the encrypted classloader approach. I know of two apps which use this. There’s something strangely satisfying about making the application itself do all the work for you and decrypt all the classes; using its own cleverness against it
Speaking of apps which encourage you to use their own cleverness, it really is rather surprising how many ship with the code they use to generate keys. I know of one very famous ‘must-have’ java desktop app that comes with a key generator built in, if you can find it!
In the middle we have a whole bevy of novel and interesting approaches, often combines in entertaining ways. For example, disguising public keys as something else, perhaps a class file. You could go one step further and have the classfile be actually valid and decompilable, with the key material being an offset into the bytecode. There’s always the approach of obfuscating the compiled code and transforming method names into java keywords, so you can’t simply use jad to undo it, this coupled with flow obfuscation will stop pretty much all casual poking around. However, anyone genuinely curious will of course be armed with a disassembler, and through practice have an automatic bytecode to javacode mapping built into his or her mind (or at least, enough to figure out what a particular chunk does).
Most interesting of all are those companies who for whatever reason, feel they don’t really need to enforce technical constraints on their users, and choose to simply rely on the honour system.
What is fascinating about all this is that while many people have been involved in coming up with all these schemes, nobody will talk about it (that I can see anyway). It’s understandable, of course, as this stuff is very much in the realm of ‘trade secrets’. So in many ways, it’s a solitary programming task that one can indulge in, but not really brag about, or discuss with peers. Of course for some, if you don’t get to brag about it and gain gratification through peer approval, it just ain’t worth doing.