Posts tagged {SmartAssembly}

To Demo or Not to Demo

So you have your new and shiny application you just finished building and your trying to get people to try and buy it. But as a technologically savvy person you know all about the cracking and pirate scene, and you don’t want your app out there. Your not foolish to believe that whatever scheme you come up with won’t be cracked, so what do you do, not put out the demo at all?

Your protection scheme will be cracked, no matter what it is. But you have to figure out the value/effort curve, if your software is only $9.95 and protected by a decent protection scheme, chances are your not going to find it cracked. But if your software is in demand and costs $299.95 it will most likely be cracked.

When someone cracks your demo software they are by-passing your protection schemes and enabling the full functionality of your application. This could be enabling features, disabling time bombs or any other measures to try and get people to pay up.

But I have another suggestion for your, build a specific demo version of your software, that doesn’t have the code for the other features at all! NDepend does this and I’ve never seen a real cracked version of it out there, because the code for those other features isn’t there, there’s no way to enable it.

If your building your software in a modular way, you should be able to create sub-sets of your code and your application picks of the differences.

For example I put the valuable code in separate projects and register them with StructureMap.


My full project, has 25 separate .cs generators files in it that contains the useful stuff, but my demo project only contains 2 (NumberGenerator and StringGenerator)


This assembly compiles into the exact same file as the full version and will get swapped out before I secure the project with {SmartAssembly}, at no time will my full versions of the code be in the demo project, which in startup will pull all of the available features and present a limited set for the demo.

I’ve also been playing with a system to compile a full version of the product on demand (when someone buys it) which will embed customer specific information into the code base, allowing me to determine who leaked the full version out and revoke their license and possibly recoup my looses.

If you are going to produce many software products you shouldn’t protect them all the same way. Your low end software can be protected by a licensing key system while your higher end software is code limited and compiled on demand. You should always try and have a demo, or free version of your product out there, but be smart about how you do it and it will be a benefit and not a potential liability.

Do it yourself Licensing and {SmartAssembly}

I’ve received a few questions about a product I mentioned called {SmartAssembly} from, as of September 1st 2009 RedGate software. {SmartAssembly} won RedGate’s million dollar challenge. First {SmartAssembly} is is not a licensing system but a code protection and optimization system. I’m a best of breed kind of guy, for example I try to always try and choose the best product or solution of as possible. Why not choose a code protection system and licensing system in one? Well the ones I’ve seen don’t offer the protection I want and I believe they are two completely disciplines. Code protection is about bits and security, while licensing is about business.

You can make the argument that code protection is also about business as it protects your IP (Intellectual Property) but the business of code protection is protecting other peoples IP with techniques and processes. Licensing to me is a zero sum game, the more intrusive your licensing scheme is the more it takes away from your users experience with your software. A well written, well designed and great looking program can be thrown away because of it’s licensing system.

As of the time of this writing I still haven’t found a licensing system that meets my price-point and required feature set. I’m unwilling to compromise on a system that will have a massive impact on my potential and existing customers and will be a core part of my business workflow.

I’ve been asked why I wouldn’t just build one myself. I did build a little component to enable my applications with trial functionality ‘which I won’t plug here’ but building an whole licensing system is another game completely. I believe that you should spend as much time working on your product and not licensing, well unless that is your product. Time you spend building your licensing system takes away from designing, coding, testing, QA and business tasks for the product you are trying to sell. Building something myself isn’t my first, second or even third option.

Building a single licensing system for all your applications can be a major problem. Crack that one licensing scheme and someone has access to all your products. If this was a licensing system provided by someone else then they would have new versions with countermeasure to protect your software by monitoring all the cracks against it. Rolling your own licensing means you should have to keep it up to date, which could be drain on your resources.

As I’ve stated before I’m unwilling to compromise on licensing and in the end that might mean rolling my own, but it won’t be until I’ve exhausted other options. Being a business owner and developer means there is a constant battle between the two completely different personalities and I have to be sure that I’m diving head first into coding with a clear reason and business sense to back it up.

TeamCity + InstallAware + {SmartAssembly} = Win

Being one of the only developers on a few projects means that I cannot spend hours configuring builds, managing releases, coordinating builds and the like. I need to spend time refining my product, testing, QA and selling it. I just released a product from my company and tracked how much time it took me, out of a build/revision to get the final installer package ready for distribution. On average I spend about 25% of my time moving files around, running programs, building, waiting and resetting to get the two deliverables out for every build.

Time holes like that one can kill your motivation and your project. As a business owner and developer I need to spend time building my client base, working with customers and refining my product. Major amount of time spent doing anything else could hurt me and my company down the road. I believe this is why a lot of small development shops have trouble or fail completely, they aren’t ready for the marathon, they prepared for the 100 meter dash.

Realizing that I was spending too much time doing work that should be automated I started to look around at the tools I had available to me, low and behold they all look like they could work together. TeamCity is a Build and Continuous Integration Server that free version, the Professional Version, that is perfect for my size. We also use it at my work and a co-worker has it doing some amazing things. So I installed TeamCity on a old piece of hardware I had lying around and got it running. I used NAnt to get the project configured correctly and build.

Once TeamCity was up and running I needed to get my assemblies and executables protected by {SmartAssembly}, which is my .Net Framework code/IP protection tool of choice. {SA} support command line execution so it was a snap calling their command line application from NAnt in my build script.

Finally it was time to build my MSI installer using InstallAware. I’ve gone back and forth on my setup creator for a long time. I’ve used InstallShield, WISE, MSI Factory and others but I just felt comfortable with IA. Although you have to buy the Developer edition to get the ability to do command line building it could be worth it. Also they broke the command line build in 9.0 on purpose which required a UI handle, so it couldn’t be run by a service. Thankfully they fixed it in 9.06, but what a bad mistake. I just added the variables to NAnt and away I went.

The last piece of the puzzle was serving up these completed setup packages. Thankfully TeamCity has the concept of Artifacts, which when I setup are pointed to the setup.exe emitted from InstallAware.

The result? unit tested, compiled, secured and packaged file, ready for QA and release.


I love the smell of automation in the morning.

Go to Top