For quite some time, I've been working on
a project for network monitoring and traffic shaping
and at some point I got a bit bored of it and needed a distraction. At
that point the project was still just a private repo and I wasn't sure how
I was going to publish the project. On one hand, I had
already poured a significant amount of time into it, and on the other hand
I knew that I would never be able to sell it. It's primarily for Linux and
because of the nature of the application people will not only expect it to
be free but also
free.
Charging for it would most likely be a fool's errand, even if it was in a
somewhat finished state. So I instead added a
cosmetic activation option like in the old days. I am, like quite a few
other people, not a fan of DRM. Not because I hate paying for software,
but because almost all implementations of DRM are extremely intrusive.
Most applications used to just ask for a serial key that would be
validated locally, and that's all there was to it. Nowadays everything
connects to the Internet, requires an account and a monthly subscription.
The old model was flawed in the sense that it allowed users to share and
re-use serial keys or use generated ones, but it didn't punish people who
acquired them legitimately with intrusive DRM.
Adding any kind of real DRM to my project would've been a dumb idea as DRM
always builds on obfuscation but software like Waechter requires complete
transparency. I can't ask people to run it on their machine if it contains
some blob for the activation logic, so the code for it is also part of
the repository.
Does that defeat the purpose of it? Yes, kinda. Anyone can remove it,
though that'll only become an issue if anyone actually starts using the
software. And because the entire thing is already almost pointless I thought
it'd be funny if I made it even more pointless by writing a keygen for it,
which turned into a small side project.
I assume most people are familiar with the concept of keygens. Simply put
they contain reverse-engineered logic for creating valid serial keys for
applications to allow using them without buying a license. Depending on
the application, this can get quite involved to the point where they also
contain code to patch the binaries or DLLs of an application for it to
accept the generated serial keys.
While reverse-engineering the activation logic of an application is itself
already an impressive feat, most teams don't stop there. Most
keygens feature
music
as well as visuals. Since the actual logic of generating the key isn't a
problem in my case, that only left four things:
Most keygens are intended to be used on Windows, which makes compatibility
across different Windows versions fairly easy. With Linux, that's a bit of
a different story. So it's on a best effort basis, which unsurprisingly, is
achieved by using SDL2 and an old version of glibc. This should assure
that old and new Linux distros can run the binary on both X11 and Wayland
and whatever sound backend is available as it only dynamically links
against SDL2 and the C standard library. I assume that with some extra
tricks this could be made even more portable, but this was good enough for
me.
For the music I had to cheat because I have absolutely no ability to make
anything that sounds good, so I went with
a catchy module I had lying around
and I also wouldn't have been able to write a library that can play back
chiptune modules, so I just used a slightly modified version of
m4p
for FastTracker module playback.
As for the visuals I just went with plain old fixed function pipeline OpenGL, which
runs on basically any hardware. The visuals themselves are just a bunch of
rectangles and dots with some funky math to make them move around, nothing
compared to what you usually see in the demo scene but good enough for me.
The UI is, like every other part, just quickly hacked together with some
rectangles.
Lastly I used
incbin to include
the music,
font atlas and
logo into the binary with a final size of about 415 KiB. I didn't even try
to make it smaller because that's already good enough for me.