Copy protection scheme idea

[walkl]

Planning to release my S60 application soon I was thinking of possibilities to prevent piracy and came up with the following idea.

Application uses some system capabilities not available for self-signing (PowerMgmt, ProtServ, ReadDeviceData, SurroundingsDD, SwEvent, TrustedUI, WriteDeviceData) just to prevent self-signing of cracked versions. Buyer transfers the money and sends his/her IMEI number to developer who uses Symbian open signed online service to sign the application and sends it back to buyer. Now the signed application will only work in buyer's phone. Symbian signed online only allows signing of the application (with same protected range UID) from developer's e-mail address. Would this process stop people from using illegal copies as mandatory signing of these copies becomes impossible? Of course, if developer "attempts to sign the same SIS file in rapid succession, the service you receive will proportionally slow down. This is to prevent abuse of the service". Also, not everyone is willing to send their IMEI code developer. But these are only a minor problems if piracy can be stopped. Any thoughts, I'm sure my logic is not bulletproof and there is a workaround? Thanks.

Edit: After another forum search I found the claim that some apps with sensitive capabilities have been cracked without re-signing. Can someone show any examples of these?

[wizard_hu_]

Generally the Open Signed On/Offline path is not intended to be used for release. Also note that if your application does not really uses those capabilities, it should be relatively easy to remove them, then self-signing becomes possible.
And yes, using debug tools it was (perhaps still is) possible to hack the installer subsystem.
Most powerful licensing systems work with on-line activation, where a server (maintained by you) tracks if an equipment with given IMEI/IMSI is entitled to execute your application or not.
Discussion about cracked software and the process of cracking does not really fit into the scope of Forum Nokia.

[Paul.Todd]

There is a whole thread devoted to this on David Wood's blog and I covered where it could be fixed as well.

Basically it works great until you realized that Devcerts are handed out to all and sundry which is where the the whole process breaks down rather quickly.