by Jon Wagner
When I first began developing applications in CASL, the excitement of having thought of a product that noone else had previously created was exhilarating. I started thinking of all the different things that could be added to the program, how new features could be implemented in a series of updates to the product. I knew this was a product worth creating and bringing to market. I started drawing up some preliminary designs, sketching the UI's and documenting what each form would need to accomplish. Then it
dawned on me, how do I keep most (key word) users from freely copying the software? I didn't want to spend days, weeks or months working on a program only to give it away. The time it takes to create software that others find useful is what Shareware development is all about. It was at that point that I realized, I need a strategy on how I would secure my products.
I began my research by direct e-mail discussions with power-CASL developers, posted a few topics to the CASL Forums and reading documentation from
various ESD sites (Sites that sell PDA software via Electronic Software Distribution). The best information I received was by direct communications with power CASL developers. The feedback I received allowed me to quickly realize I needed to come up with some means of securing my software in a way that was reusable. After all, I didn't want to have to write a new registration system for each new product I brought to market. I wanted something
easy to implement, easy to modify, re-usable and something that integrated well with existing ESD sites. The result of the research was an RPN interpreter.
RPN stands for "Reverse Polish Notation" and is an awkward method of describing mathematical formulas. However, it's one that is used by many PDA software sites, such as: Handango,
PDAssi and many more to allow real-time fulfillment of software orders. Many ESD sites either request or in some cases even require you to provide RPN strings to allow creation of license keys for your products on-demand. The reason is simple, customers who order your products from ESD sites commonly have problems receiving license keys from developers over e-mail. Sometimes developers may take several days to process an order or in other cases the e-mail will never make it to the customer due to Spam blocking software. For these reasons, you may
want to consider using RPN for your products as well. Although, there are some potential drawbacks to providing your RPN String to ESD sites.
I recall receiving an e-mail from one particular ESD site that included login information, in error, for a single software developer who I did not know. This developer's login and password was sent via e-mail to no telling how many developers, such as myself. At first I thought it was a joke, so I logged in using his ID and password and then saw this developer's RPN string for one of his products. I
quickly notified the developer directly of what had happened and that I had logged in using his account to see if it was "for real". The developer changed his password to prevent further access, but what this example demonstrates is the dark side of RPN. In one sense, it's very convenient for ESD sites but in the wrong hands it could be devastating to solving the original problem of securing your intellectual assets. No matter what system or means of securing your product, the more people (or sites) that have the keys to decode your product(s) the more
associated risk. I prefer to use RPN but not provide ESD's with my keys to decode my products. If I ever "have to" to continue to do business with them, I can make that decision at that point. However, for now I choose to keep them internal.
RPN is truly a great way to define the algorithms to generate license keys. The CASL RegTool example included with this tutorial is a functional RPN interpreter that you can use to secure your own CASL applications (use at your own risk).
It was designed to work under CASLWin, CASLPro (PalmOS) and PocketPC/Windows Mobile. Just unzip the project to the root of your "C:" drive and load the project in CASL 4.3. This code will give you a good starting point for securing your own applications in a way that is reusable and flexible. The RPN interpretation performed by this sample application is consistent with the methods used by Handango, PDAssi and many others. There are various rules that are handled such: device ID's have a max. of 10 chars, limit of 5 character codes, etc. If you
want to read more, I would recommend signing up with Handango and reading their detailed documentation regarding their RPN implementation.
Using the CASL RegTool example you will find that one of the most difficult tasks of creating an application for re-sale has been solved for you. All you will need to focus on is how to implement this code: adding a nag screen (if you so choose), offering a time-limited version or a functionally limited version unless registered. There are many ways of securing your hard work and it's something you will want to consider
early-on in your CASL programming career.