CodexFab and Cocoa Application Licensing
Cocoa application licensing schemes are a contentious issue. Opinions on how, and whether, to protect your application from piracy vary widely; from the open source approach, which simply sidesteps the issue, to sophisticated public key encryption schemes. There are at least four pages on CocoaDev vigorously debating the pros and cons of each approach.
Assuming that you do want to copy protect your Cocoa app, choosing a licensing scheme in 2009 boils down to a small number of choices, as far as I could determine.
- Roll your own - perhaps the most secure approach, but a lot of work.
- Use a ready made scheme from a web store provider, like kagi, golden%braeburn or esellerate - easier and relatively secure, but costly.
- Adopt an open source scheme such as Aquatic Prime - easiest of all, free, but potentially insecure.
My company, MachineCodex, had been using Aquatic Prime for our one licensable product, AudioCodex. Unfortunately, we found that our app was being cracked in an alarmingly short time after release.
I won't get into the details here, except to say that we believe you should not treat your users like criminals. A licensing scheme should be minimally intrusive, should not collect data, and should not attempt to interfere with the user's machine in any way, except to prevent your app from launching when it has expired.
It is futile to attempt to make your software uncrackable. The amount of effort involved would be much better spent improving your app, even if it could be achieved. It is sufficient to have a simple scheme that defeats casual piracy, especially for apps in the $20 price range.
That said, Aquatic Prime was obviously not working for us. It seems that there are now systematic cracks available for any app that relies on it.
We were keen to adopt Potion Store for our apps, but there were a few stumbling blocks.
Firstly, we were unfamiliar with Ruby on Rails, so we needed to get up to speed quickly. I will be writing about my experiences getting RoR and Potion Store running on Mac OS X Server 10.5 in a later post.
Secondly, Potion Store leaves the implementation of the license generator to the developer. This meant we would need to implement Aquatic Prime compatible key generator in Ruby, not impossible, but a daunting task nonetheless for Ruby virgins like ourselves.
We had therefore put the idea of adopting Potion Store aside for some later date. That is, until we discovered CocoaFob.
CocoaFob is a collection of Objective-C snippets and classes that compile a command line key generator and verifier application. It is quite similar to Aquatic Prime, except that it uses DSA instead of RSA to generate its keys.
Importantly, CocoaFob includes a Ruby file, licensekey.rb that is designed to plug straight in to Potion Store and provide license code generation. Additionally, CocoaFob improves upon Potion Store's neat one-click license url scheme.
CocoaFob generates codes that are much shorter than the ones Aquatic Prime generates. And, as they are of variable length, they are also more secure.
Integrating CocoaFob into a Cocoa app is still a fair bit of work. Thankfully the code is well documented, and the developer, Gleb Dolgich, is a responsive and helpful guy who helped me over the hurdles I hit in the process.
We have dubbed the result of our efforts CodexFab.
CodexFab is an AppKit wrapper that essentially provides a GUI to Gleb's command line app. You can use it to generate and test license codes for your app, and also to test automatic url activation. It is designed as a standalone utility for developers who want to use Potion Store with their own products.
CodexFab_LicenseExample is an example implementation of CocoaFob Licensing within a simple Cocoa app. It provides all the code you need to add Potion Store CocoaFob integration to your app. It presents a nice animating Licensing window, and is designed to be simple to integrate into your Xcode project.
In the same spirit as Potion Store and CocoaFob, CodexFab is released as an open source project, hosted on github. We hope you find it useful in your app.
In the end, we think CodexFab marries the best of the three possible approaches. We have adapted the CocoaFob implementation within our app to the point where it is thoroughly customised, making it much more secure. We have Potion Store integration, of course. And we have been able to use an existing, free, open source solution, avoiding the need for a proprietary scheme.
Read more in part 2, Serving up the Potion Store on Leopard Server.