StarWind Service / Remote Sharing

Software-based VM-centric and flash-friendly VM storage + free version

Moderators: anton (staff), art (staff), Max (staff), Anatoly (staff)

Locked
randomperson
Posts: 2
Joined: Fri Dec 09, 2011 2:41 am

Fri Dec 09, 2011 3:07 am

This is probably a little off topic but any help would be very much appreciated as I try to resolve an ongoing situation. I really hate playing detective but, I have no choice if I want to protect my efforts and I will appreciate any help!

I am a hobbyist software developer and I've come to find out that one of my customers has been using StarWind and I suspect it might be to circumvent my anti-piracy protection. I am not sure how likely this is but with speaking to the person, they've become aggressive when asked so I thought I would come to the next best place to find expert opinions from users and StarWind developers themselves.

In light of that, I want to learn more about how StarWind works and how likely it is this individual could compromise a pretty straight-forward Internet-based validation system, where my software would do a simple HTTP request and check against hardware with a remote server at the start of each execution.

This person I feel is playing dumb as well so, I'm also curious about (1) the level of technicality this might require as well in using this product, seeing as this package is quite expensive. I would also like to know (2) if there is a way of determining beyond doubt that this is in fact taking place, possibly to allow for multiple user access of my product and if you know of anything I can check for, I would certainly appreciate this more than you know.

Running process : StarWindServiceAE.exe
Ports in use : (3260 / 3261)

0.0.0.0:3260:StarWindServiceAE:2992
0.0.0.0:3261:StarWindServiceAE:2992

Thanks in advance for any help, it would mean a lot.
Top
User avatar
anton (staff)
Site Admin
Posts: 4010
Joined: Fri Jun 18, 2004 12:03 am
Location: British Virgin Islands
Contact:
Contact anton (staff)

Fri Dec 09, 2011 4:03 pm

It's stripped-down version of StarWind (Alcohol 120% edition) and it's neither expensive (there're no way to buy it directly except with Alcohol 120%) not supported for end-users directly (like any OEM product on Earth).
Regards,
Anton Kolomyeytsev

Chief Technology Officer & Chief Architect, StarWind Software

Image
Top
User avatar
Aitor_Ibarra
Posts: 163
Joined: Wed Nov 05, 2008 1:22 pm
Location: London

Fri Dec 09, 2011 7:00 pm

I had to look up Alcohol 120% as it sounded like a drink!

A CD/DVD burning app, with Starwind built in to share drives over the network.

Randomperson : starwind cannot be used to compromise your anti-piracy measures in the way you describe. Your customer probably wants to share his drive with other machines on your network. Theoretically, multiple PCs could be launching your software from one disk (if this is how your software is distributed) but only if this version of Starwind allows clustering (connection by multiple inititators) and your customer could do exactly the same thing with a common simple network share. If you are authenticating each PC, then you are impervious to this. Nothing about starwind has any functionality which would allow multiple PCs to pretend to be one to your authentication system.

<opinion>if your software is doing portscans and checks what services are using what ports, and then reporting this back to you, I hope your EULA covers this. I certainly wouldn't be happy installing that unless you have valid technical reasons for doing so (not just anti-piracy)</opinion>
Top
User avatar
anton (staff)
Site Admin
Posts: 4010
Joined: Fri Jun 18, 2004 12:03 am
Location: British Virgin Islands
Contact:
Contact anton (staff)

Fri Dec 09, 2011 7:24 pm

1) AFAIK, yes, that was a plan :))

2) That's right! Modern copy-protection systems check disc rotation speed / angular velocity to determine is it a real one or not. Multiple connects will ruin handshake sequence resulting media non-recognition. Also we've added random delays for command execution (native CD/DVD mode only) to break this thing completely even with one connect over a high speed LAN connection.
Aitor_Ibarra wrote:I had to look up Alcohol 120% as it sounded like a drink!

A CD/DVD burning app, with Starwind built in to share drives over the network.

Randomperson : starwind cannot be used to compromise your anti-piracy measures in the way you describe. Your customer probably wants to share his drive with other machines on your network. Theoretically, multiple PCs could be launching your software from one disk (if this is how your software is distributed) but only if this version of Starwind allows clustering (connection by multiple inititators) and your customer could do exactly the same thing with a common simple network share. If you are authenticating each PC, then you are impervious to this. Nothing about starwind has any functionality which would allow multiple PCs to pretend to be one to your authentication system.

<opinion>if your software is doing portscans and checks what services are using what ports, and then reporting this back to you, I hope your EULA covers this. I certainly wouldn't be happy installing that unless you have valid technical reasons for doing so (not just anti-piracy)</opinion>
Regards,
Anton Kolomyeytsev

Chief Technology Officer & Chief Architect, StarWind Software

Image
Top
randomperson
Posts: 2
Joined: Fri Dec 09, 2011 2:41 am

Thu Dec 15, 2011 7:43 am

Aitor_Ibarra wrote:I had to look up Alcohol 120% as it sounded like a drink!

A CD/DVD burning app, with Starwind built in to share drives over the network.

Randomperson : starwind cannot be used to compromise your anti-piracy measures in the way you describe. Your customer probably wants to share his drive with other machines on your network. Theoretically, multiple PCs could be launching your software from one disk (if this is how your software is distributed) but only if this version of Starwind allows clustering (connection by multiple inititators) and your customer could do exactly the same thing with a common simple network share. If you are authenticating each PC, then you are impervious to this. Nothing about starwind has any functionality which would allow multiple PCs to pretend to be one to your authentication system.

<opinion>if your software is doing portscans and checks what services are using what ports, and then reporting this back to you, I hope your EULA covers this. I certainly wouldn't be happy installing that unless you have valid technical reasons for doing so (not just anti-piracy)</opinion>
Much appreciated and thank you for a quick rely.
I do have a couple of follow-up questions though:

1. Is that executable / port usage correct, yes or no?
2. Is there an easy way to determine if clustering is enabled?
3. How much was the Starwind package he is using?
4. What purpose is Starwind most commonly used for?
5. What is the level of knowledge required for it's use (certainly a basic knowledge of ports / networking correct?)

Thanks again for your quick response, it means a lot.
Top
User avatar
anton (staff)
Site Admin
Posts: 4010
Joined: Fri Jun 18, 2004 12:03 am
Location: British Virgin Islands
Contact:
Contact anton (staff)

Thu Dec 15, 2011 10:24 am

1) Ports can be changed.

2) Send RESERVE/RELEASE sequence verification.

3) As I've told it's OEM. He got it for free with Alcohol 120%.

4) SAN. Shared storage.

5) Wrong. In his case - zero. Everything is wrapped inside Alcohol GUI.

== thread closed as this is StarWind technical support forum ==
randomperson wrote:
Aitor_Ibarra wrote:I had to look up Alcohol 120% as it sounded like a drink!

A CD/DVD burning app, with Starwind built in to share drives over the network.

Randomperson : starwind cannot be used to compromise your anti-piracy measures in the way you describe. Your customer probably wants to share his drive with other machines on your network. Theoretically, multiple PCs could be launching your software from one disk (if this is how your software is distributed) but only if this version of Starwind allows clustering (connection by multiple inititators) and your customer could do exactly the same thing with a common simple network share. If you are authenticating each PC, then you are impervious to this. Nothing about starwind has any functionality which would allow multiple PCs to pretend to be one to your authentication system.

<opinion>if your software is doing portscans and checks what services are using what ports, and then reporting this back to you, I hope your EULA covers this. I certainly wouldn't be happy installing that unless you have valid technical reasons for doing so (not just anti-piracy)</opinion>
Much appreciated and thank you for a quick rely.
I do have a couple of follow-up questions though:

1. Is that executable / port usage correct, yes or no?
2. Is there an easy way to determine if clustering is enabled?
3. How much was the Starwind package he is using?
4. What purpose is Starwind most commonly used for?
5. What is the level of knowledge required for it's use (certainly a basic knowledge of ports / networking correct?)

Thanks again for your quick response, it means a lot.
Regards,
Anton Kolomyeytsev

Chief Technology Officer & Chief Architect, StarWind Software

Image
Top
Locked

Return to “StarWind Virtual SAN (VSAN) [+Free], HCI Appliance (HCA), Virtual HCI Appliance (VHCA) [+Free]”