CodexFab and Cocoa Application Licensing

Cocoa application licensing schemes are a contentious issue. Opinions on how, and whether, to protect your application from piracy vary widely; from the open source approach, which simply sidesteps the issue, to sophisticated public key encryption schemes. There are at least four pages on CocoaDev vigorously debating the pros and cons of each approach.

Assuming that you do want to copy protect your Cocoa app, choosing a licensing scheme in 2009 boils down to a small number of choices, as far as I could determine.

You can:

  • Roll your own - perhaps the most secure approach, but a lot of work.
  • Use a ready made scheme from a web store provider, like kagi, golden%braeburn or esellerate - easier and relatively secure, but costly.
  • Adopt an open source scheme such as Aquatic Prime - easiest of all, free, but potentially insecure.

My company, MachineCodex, had been using Aquatic Prime for our one licensable product, AudioCodex. Unfortunately, we found that our app was being cracked in an alarmingly short time after release.

I won't get into the details here, except to say that we believe you should not treat your users like criminals. A licensing scheme should be minimally intrusive, should not collect data, and should not attempt to interfere with the user's machine in any way, except to prevent your app from launching when it has expired.

It is futile to attempt to make your software uncrackable. The amount of effort involved would be much better spent improving your app, even if it could be achieved. It is sufficient to have a simple scheme that defeats casual piracy, especially for apps in the $20 price range.

That said, Aquatic Prime was obviously not working for us. It seems that there are now systematic cracks available for any app that relies on it.

PotionStore

The Potion Factory recently released a very nice, open source, Ruby on Rails web application called the Potion Store. It is a very complete web store with some nice features.

We were keen to adopt Potion Store for our apps, but there were a few stumbling blocks.

Firstly, we were unfamiliar with Ruby on Rails, so we needed to get up to speed quickly. I will be writing about my experiences getting RoR and Potion Store running on Mac OS X Server 10.5 in a later post.

Secondly, Potion Store leaves the implementation of the license generator to the developer. This meant we would need to implement Aquatic Prime compatible key generator in Ruby, not impossible, but a daunting task nonetheless for Ruby virgins like ourselves.

We had therefore put the idea of adopting Potion Store aside for some later date. That is, until we discovered CocoaFob.

CocoaFob

CocoaFob is a collection of Objective-C snippets and classes that compile a command line key generator and verifier application. It is quite similar to Aquatic Prime, except that it uses DSA instead of RSA to generate its keys.

Importantly, CocoaFob includes a Ruby file, licensekey.rb that is designed to plug straight in to Potion Store and provide license code generation. Additionally, CocoaFob improves upon Potion Store's neat one-click license url scheme.

CocoaFob generates codes that are much shorter than the ones Aquatic Prime generates. And, as they are of variable length, they are also more secure.

Integrating CocoaFob into a Cocoa app is still a fair bit of work. Thankfully the code is well documented, and the developer, Gleb Dolgich, is a responsive and helpful guy who helped me over the hurdles I hit in the process.

CodexFab

We have dubbed the result of our efforts CodexFab.

CodexFab is an AppKit wrapper that essentially provides a GUI to Gleb's command line app. You can use it to generate and test license codes for your app, and also to test automatic url activation. It is designed as a standalone utility for developers who want to use Potion Store with their own products.

CodexFab_LicenseExample is an example implementation of CocoaFob Licensing within a simple Cocoa app. It provides all the code you need to add Potion Store CocoaFob integration to your app. It presents a nice animating Licensing window, and is designed to be simple to integrate into your Xcode project.

In the same spirit as Potion Store and CocoaFob, CodexFab is released as an open source project, hosted on github. We hope you find it useful in your app.

Conclusion

In the end, we think CodexFab marries the best of the three possible approaches. We have adapted the CocoaFob implementation within our app to the point where it is thoroughly customised, making it much more secure. We have Potion Store integration, of course. And we have been able to use an existing, free, open source solution, avoiding the need for a proprietary scheme.

Read more in part 2, Serving up the Potion Store on Leopard Server.

what about the updated versions of the apps

Hi Alex,
how this licensing solution deals with a new versions of an app. What is the process after you release an update.

Submitted by kevin (not verified) on Sat, 05/01/2010 - 23:27.
Re: what about the updated versions of the apps

Hi Kevin,

Well, changing the public key inside the app will invalidate all previous licenses. So far we haven't done this, as we haven't reached a milestone that would involve forcing our users to buy a new version of the app.

Otherwise, updates don't affect the current licenses as long as the public key remains the same.

Cheers,

Submitted by alex on Fri, 05/14/2010 - 11:15.
Awesome work

I have been looking for a free licensing solution for Mac OS X apps that I plan on writing, and this seems to be the perfect solution!

I had not heard of PotionStore OR CocoaFob before this post, but hearing about them both and then hearing about your wrapper, it feels like xmas again!

Can't wait to start using this, thanks!

Submitted by Tom Glenn (not verified) on Wed, 01/27/2010 - 17:01.
I will try this

I have tried many different "lessons" to get started and they have not helped. I will try this and if it is a good kick start for me, I will let you know so you can direct me to where to donate.
Then I will become a regular contributor!

I promise!

Submitted by Jim (not verified) on Fri, 01/22/2010 - 01:26.

Post new comment

The content of this field is kept private and will not be shown publicly.
Enter the code shown in the image:

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
1 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Donate!





If you like what you find here and wish to support further development of this site, please donate via PayPal. No account required.

Syndicate

Syndicate content

User login

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
6 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Enter the code shown in the image: