| Author |
Message |
|
Albino De Bias
#1 / 10
|
 License key protection Hello everyone..
I have been search through this newsgroup trying to find information
on how to protect my application, and I have read several 'theories'
about the subject. The major consensus is that you enter a key and
there is logic that validates the key.
My question is that, do you, or could you, embed the same key in the
code so you can compare it to what the user enters.
Now I know I am going to get responses saying that any scheme can be
cracked or that I should not even try to protect the application, just
give it away. This is not the issue. The reasoning with entering a
key for an application is to validate the proper owner.
Thanks for your help.
|
| Sat, 30 Jul 2005 09:32:20 GMT |
|
 |
|
Whitt Batchele
#2 / 10
|
License key protection It's highly annoying, but you could tie the serial key to thier hard drive
serial number. It makes them call you or e-mail you every time they
want to install the software. I did this in a piece of financial software
that I did, and it very effectively controls who can use the software
and who cannot. This function gets the drive's serial number, and you
can then write some algorithim to change the numbers.
'***************************************************************************
****
'Function Name: GetSerialNumber(String)
'Parameters: Accepts a string, a drive letter, as input and returns the
serial
' number as a string.
'Description: This function makes a call to the GetVolumeInformation API
and
' gets the hard drive's serial number. It returns a nullstring on error.
'***************************************************************************
****
Public Function GetSerialNumber(sDriveLetter As String) As String
Dim retval, lDriveSerialNumber, lDriveName, lMaxCom, lFileSystem As Long
Dim sDriveName, sFileSystem As String
sDriveName = String(255, Chr(0))
sFileSystem = String(255, Chr(0))
retval = GetVolumeInformation(sDriveLetter, sDriveName, Len(sDriveName),
lDriveSerialNumber, 0, 0, sFileSystem, Len(sFileSystem))
GetSerialNumber = Str(lDriveSerialNumber)
End Function
Whitt Batcheler
Quote: > Hello everyone.. > I have been search through this newsgroup trying to find information
> on how to protect my application, and I have read several 'theories'
> about the subject. The major consensus is that you enter a key and
> there is logic that validates the key.
> My question is that, do you, or could you, embed the same key in the
> code so you can compare it to what the user enters.
> Now I know I am going to get responses saying that any scheme can be
> cracked or that I should not even try to protect the application, just
> give it away. This is not the issue. The reasoning with entering a
> key for an application is to validate the proper owner.
> Thanks for your help.
|
| Sat, 30 Jul 2005 10:13:37 GMT |
|
|
|
john dingle
#3 / 10
|
License key protection Also if your code contains something like the following, it will be cracked
very quickly, either as a patch, or if x or y is hardcoded or entered then
as a number to register.
if x=y then
register
else
refuse_regsitration
end if
Quote: > Hello everyone.. > I have been search through this newsgroup trying to find information
> on how to protect my application, and I have read several 'theories'
> about the subject. The major consensus is that you enter a key and
> there is logic that validates the key.
> My question is that, do you, or could you, embed the same key in the
> code so you can compare it to what the user enters.
> Now I know I am going to get responses saying that any scheme can be
> cracked or that I should not even try to protect the application, just
> give it away. This is not the issue. The reasoning with entering a
> key for an application is to validate the proper owner.
> Thanks for your help.
|
| Sat, 30 Jul 2005 20:01:27 GMT |
|
|
|
the Wi
#4 / 10
|
License key protection
Quote: >Hello everyone.. >I have been search through this newsgroup trying to find information
>on how to protect my application, and I have read several 'theories'
>about the subject. The major consensus is that you enter a key and
>there is logic that validates the key.
>My question is that, do you, or could you, embed the same key in the
>code so you can compare it to what the user enters.
>Now I know I am going to get responses saying that any scheme can be
>cracked or that I should not even try to protect the application, just
>give it away. This is not the issue. The reasoning with entering a
>key for an application is to validate the proper owner.
>Thanks for your help.
You can embed the encrypted password in the code but you need to provide some
obfuscation. Require the password to be some number of characters (say 5 to 8)
and put the encrypted password in a larger string of semi-random characters.
Base the encryption and the random characters on the character entered and its
position in the larger string.
Example: (for illustration only, not an especially secure method). Use a 6 or 8
character password in an 18 byte field. Where I mention a character ("w"), I'm
referring to its ASCII value. In the 18 byte field, byte 1 is "Z" plus the
length of the password, byte 2 is the first character of the password + 6, byte
3 is the character "q" + the length of the password, byte 4 is random, byte 5 is
the last character of the password + 7, byte 6 is random, byte 7 is character 2
of the password - 8, etc...
Instead, put the encoded key in the registry or a file in the \winxxx\system
directory. You could create a small OCX or DLL with a place to store the
encoded key.
You could provide a "dongle" with the software. Some of the dongles have
writeable memory, so you could put the encoded ID and password in the dongle.
More about me: http://thelabwiz.home.mindspring.com/
VB3 source code: http://thelabwiz.home.mindspring.com/vbsource.html
VB6 source code: http://thelabwiz.home.mindspring.com/vb6source.html
VB6 - MySQL how to: http://thelabwiz.home.mindspring.com/mysql.html
Fix the obvious to reply by email.
|
| Sun, 31 Jul 2005 04:07:07 GMT |
|
|
|
mike
#5 / 10
|
License key protection You want to make it difficult for someone to find
a way around your
protection.
Accept ANY registration code and run the
application.
At several/many places in your code, check and
increment various counters
and read the registration code. When the counters
reach some number
(different number every run and the condition is
satisfied at one of many
places in your code) crash the program. Put as
much distance as you can between entering
the code and rejection of that code. They're
still gonna steal your code if
it's popular, but at least make 'em work for it.
The downside to all this is
that people will complain that your program
crashes. Send the business software alliance
out to help them debug their system.
mike
Quote:
> Also if your code contains something like the following, it will be cracked
> very quickly, either as a patch, or if x or y is hardcoded or entered then
> as a number to register.
> if x=y then
> register
> else
> refuse_regsitration
> end if
> > Hello everyone..
> > I have been search through this newsgroup trying to find information
> > on how to protect my application, and I have read several 'theories'
> > about the subject. The major consensus is that you enter a key and
> > there is logic that validates the key.
> > My question is that, do you, or could you, embed the same key in the
> > code so you can compare it to what the user enters.
> > Now I know I am going to get responses saying that any scheme can be
> > cracked or that I should not even try to protect the application, just
> > give it away. This is not the issue. The reasoning with entering a
> > key for an application is to validate the proper owner.
> > Thanks for your help.
--
Bunch of stuff For Sale and Wanted at the link
below.
Police Scanner, LCD overhead projector
Tek 2465, ham radio, 30pS pulser
Tektronix Concept Books, spot welding head...
http://www.geocities.com/SiliconValley/Monitor/4710/
|
| Sun, 31 Jul 2005 08:02:44 GMT |
|
|
|
MTC
#6 / 10
|
License key protection I personally have a way to ensure the safety of my application, not fool
proof but the best I can do!
I randomly generate a 13 alpha numeric number! then I process each part of
the 13 characters and adjust it accordingly to create a 16 alphanumeric
string! the user provides me with the 13 characters, and I provide them
with the 16. after 45 days I shut the application down if not entered! the
basis of the 45 days is the day the .database is created! now with
everything there is ways around it, but I find the people I am dealing with
don't worry about trying to figure out the code to break the code!
this works for me, all other ideas welcome!
mike
Quote: > Hello everyone.. > I have been search through this newsgroup trying to find information
> on how to protect my application, and I have read several 'theories'
> about the subject. The major consensus is that you enter a key and
> there is logic that validates the key.
> My question is that, do you, or could you, embed the same key in the
> code so you can compare it to what the user enters.
> Now I know I am going to get responses saying that any scheme can be
> cracked or that I should not even try to protect the application, just
> give it away. This is not the issue. The reasoning with entering a
> key for an application is to validate the proper owner.
> Thanks for your help.
|
| Sun, 31 Jul 2005 08:14:06 GMT |
|
|
|
mike
#7 / 10
|
License key protection Sounds interesting, but I'm confused.
Random 13 characters? User provides 13
characters?
Please restate.
Thanks, mike
Quote:
> I personally have a way to ensure the safety of my application, not fool
> proof but the best I can do!
> I randomly generate a 13 alpha numeric number! then I process each part of
> the 13 characters and adjust it accordingly to create a 16 alphanumeric
> string! the user provides me with the 13 characters, and I provide them
> with the 16. after 45 days I shut the application down if not entered! the
> basis of the 45 days is the day the .database is created! now with
> everything there is ways around it, but I find the people I am dealing with
> don't worry about trying to figure out the code to break the code!
> this works for me, all other ideas welcome!
> mike
> > Hello everyone..
> > I have been search through this newsgroup trying to find information
> > on how to protect my application, and I have read several 'theories'
> > about the subject. The major consensus is that you enter a key and
> > there is logic that validates the key.
> > My question is that, do you, or could you, embed the same key in the
> > code so you can compare it to what the user enters.
> > Now I know I am going to get responses saying that any scheme can be
> > cracked or that I should not even try to protect the application, just
> > give it away. This is not the issue. The reasoning with entering a
> > key for an application is to validate the proper owner.
> > Thanks for your help.
--
Bunch of stuff For Sale and Wanted at the link
below.
Police Scanner, LCD overhead projector
Tek 2465, ham radio, 30pS pulser
Tektronix Concept Books, spot welding head...
http://www.geocities.com/SiliconValley/Monitor/4710/
|
| Sun, 31 Jul 2005 08:52:10 GMT |
|
|
|
MTC
#8 / 10
|
License key protection when the application starts, I do a loop 13 times and create random numbers.
I convert 3 of the 13 numbers to Letters using ASCII values to get them. so
for example as it loops it creates a string with a length of 13 like this
example!
1469P97K6E465
the application then saves this random string! next the application will
tear apart the string character by character! as it does, again in a Loop
(this time 16 times through) it will use the strings portion value or the
ASCII Value if a letter, and calculate a math formula on it, say (
Character_Value*8+24*66/55) MOD 10 just some real random math! this returns
a value from 0 to 9! and if I want a letter I do
(Character_Value*8+24*66/55) MOD 26 to get a value between 0 and 26! I add
this to the ASCII Value for "A" and get a new random letter!
NOTE: Each math calculation is different!
I add in some other calculations as well to get a string of 16! if the user
enters a registration code, it compares the two! and if the code entered by
the user matches the code the computer generates then the user is in!
Almost impossible to calculate the code, and nobody wants to delete the
database to lose the information, so....it is a win win! as mentioned there
are ways around it, but there are ways around everything!
I wrote a small application that allows me to input the code the user gives
me to calculate the correct code to provide the user for registration!
mike
Quote: > Sounds interesting, but I'm confused. > Random 13 characters? User provides 13 > characters? > Please restate. > Thanks, mike
> > I personally have a way to ensure the safety of my application, not fool
> > proof but the best I can do!
> > I randomly generate a 13 alpha numeric number! then I process each part
of
> > the 13 characters and adjust it accordingly to create a 16 alphanumeric
> > string! the user provides me with the 13 characters, and I provide
them
> > with the 16. after 45 days I shut the application down if not entered!
the
> > basis of the 45 days is the day the .database is created! now with
> > everything there is ways around it, but I find the people I am dealing
with
> > don't worry about trying to figure out the code to break the code!
> > this works for me, all other ideas welcome!
> > mike
> > > Hello everyone..
> > > I have been search through this newsgroup trying to find information
> > > on how to protect my application, and I have read several 'theories'
> > > about the subject. The major consensus is that you enter a key and
> > > there is logic that validates the key.
> > > My question is that, do you, or could you, embed the same key in the
> > > code so you can compare it to what the user enters.
> > > Now I know I am going to get responses saying that any scheme can be
> > > cracked or that I should not even try to protect the application, just
> > > give it away. This is not the issue. The reasoning with entering a
> > > key for an application is to validate the proper owner.
> > > Thanks for your help.
> --
> Bunch of stuff For Sale and Wanted at the link
> below.
> Police Scanner, LCD overhead projector
> Tek 2465, ham radio, 30pS pulser
> Tektronix Concept Books, spot welding head...
> http://www.geocities.com/SiliconValley/Monitor/4710/
|
| Sun, 31 Jul 2005 19:56:40 GMT |
|
|
|
Avi Man
#9 / 10
|
License key protection
Quote: > Hello everyone.. > My question is that, do you, or could you, embed the same key in the
> code so you can compare it to what the user enters.
http://www.ealaddin.com/hasp/xplatform.asp?cf=tl
I use it with great success
Avi
|
| Mon, 01 Aug 2005 18:43:30 GMT |
|
|
|
Franci
#10 / 10
|
License key protection Take a look at http://groups.yahoo.com/group/ActiveLock/
Open source software protection project.
Quote: > > Hello everyone.. > > My question is that, do you, or could you, embed the same key in the
> > code so you can compare it to what the user enters.
> Have you considered using a protection plug, like this one:
> http://www.ealaddin.com/hasp/xplatform.asp?cf=tl
> I use it with great success
> Avi
|
| Sat, 06 Aug 2005 02:05:56 GMT |
|
| |
|
