Revulytics Blog

V.i. Labs Software Piracy Risk Assessment Report - July 2009

July 21, 2009


We have been continuing to gather and analyze data on software piracy since we issued our first reports last summer and are ready to issue the first part of our Software Piracy Risk Assessment Report.

The first installment is a detailed review of crack releases and piracy enablement approaches. Tampering or bypassing the embedded license enforcement is a key enabler of piracy. Most high value applications have adopted third party licensing systems to enforce software entitlements for their customer base.

We reviewed 83 separate piracy group distributions of cracked software that were released between 2007 and 2009 from 39 Independent Software Vendors (ISVs). These high value applications have an average list price exceeding $4,000 (USD) per user seat and are used for Architecture
Engineering and Construction (AEC), Computer Aided Design (CAD), Computer Aided
Machine (CAM), Computer Aided Engineering (CAE), Electronic Design Automation
(EDA), Product Lifecycle Management (PLM), and other specialized engineering
and scientific modeling and analysis.

Interestingly, the top five piracy groups (out of 212) contributed 59% of the cracked releases in the study.

All of the pirated software releases used a crack mechanism or other approach to tamper with license enforcement and enable illegal use. However, there was a great range in terms of how well documented the cracks were and the level of expertise required to configure the crack. Three general approaches were used (click image to enlarge):

  • Binary patches (52% / 43 releases)
  • Key maker (36% / 30 releases)
  • Vulnerability (12 % / 10 releases)

The analysis also revealed that the piracy groups and the reverse engineering talent they recruit can tamper with a variety of hardware and software based licensing systems to enable overt piracy. Strengthening licensing using hardware dongles or tamper resistant licensing may be useful prevention for overuse within a licensed customer environment, but it should not be viewed as a defense against overt piracy.

To learn more about the results of the research, the complete report is available for download here.

Activate Your Data-Driven Compliance Program

Add new license revenue by detecting, identifying and converting unpaid users into paying customers.

Victor DeMarines

Post written by Victor DeMarines

Vice President, Products & Strategy at Revulytics

Victor DeMarines brings extensive security product management and marketing experience to Revulytics, where he is responsible for product strategy and direction. He is a frequent speaker and author on topics including piracy, reverse engineering and the protection of intellectual property.