Protecting your apps 
Author Message
 Protecting your apps

I've been working on ways to generate registration codes for my apps but
It's giving me a major headache!!!! Has anyone done this already? The
methods I've thought of so far include things like poping a unique key
file with the registration data into the app directory saying when the
trial expires and then if the user registers before that time the app
could edit that file to show that it's a reg copy .. am I in the right
direction? anyone? no more coffee ... I can't cope ;)

Rue



Fri, 10 Aug 2001 03:00:00 GMT  
 Protecting your apps
Is it the key generation or validating the keys that is causing you
problems?  In any case here's some advice based on my personal experience
and definitely not definitive:

* Key generation:  There are many methods to do this, none that I know of
which are unhackable.  The more complex the algorithm the more likely you
are to deter potential hackers but nothing lasts forever.  Two ideas, simple
and complicated:
    i.  A predefined list of constant numbers that can be validated from
your binary code.
    ii. A string encoder which turns the users name into an encrypted
string, then convert the string to Asci numbers using Asc keyword.

* Key storage:  The registry, an ini file and a encrypted file are good
places.

* Key verification: In the first case it is simple matter of taking the key
provided and checking it against the list of known keys in your program.
The second case you a) convert the Asc numbers to character using Str
keyword b) decode using your strind decoder and check it matches the
provided username.

To allow time limited version where users can't easily extend the time of
usage you may try a the second method above but using a date as the
username.

Hope this helps.

--
Cheers,

Seyed P. Razavi
Online Applications Developer
KMP Internet Solutions
http://www.kmpinternet.com/

Visit: http://www.code-freaked.com
The Programmer's Sanction

----------------------------------------------------------------------------
-----------
All comments and opinions are mine and have nothing
to do with my employer.
----------------------------------------------------------------------------
-----------

Quote:

>I've been working on ways to generate registration codes for my apps but
>It's giving me a major headache!!!! Has anyone done this already? The
>methods I've thought of so far include things like poping a unique key
>file with the registration data into the app directory saying when the
>trial expires and then if the user registers before that time the app
>could edit that file to show that it's a reg copy .. am I in the right
>direction? anyone? no more coffee ... I can't cope ;)

>Rue



Fri, 10 Aug 2001 03:00:00 GMT  
 Protecting your apps
Maybe you should put it into a secret location which is apart
from your current registry tree.

Or maybe a secret "filename.dll" in C:\windows\system ?

Check out GetSystemDirectory to get system directory path.

Save the date as hex of ascii of the chars itself
like

ABC

65 66 67

Now convert 65 into hex and store it then a space, and again
etc. But you will have to find a way to split it! :)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

http://wss.hypermart.net/

Quote:

>I've been working on ways to generate registration codes for my apps but
>It's giving me a major headache!!!! Has anyone done this already? The
>methods I've thought of so far include things like poping a unique key
>file with the registration data into the app directory saying when the
>trial expires and then if the user registers before that time the app
>could edit that file to show that it's a reg copy .. am I in the right
>direction? anyone? no more coffee ... I can't cope ;)

>Rue



Fri, 10 Aug 2001 03:00:00 GMT  
 Protecting your apps

Quote:

>Maybe you should put it into a secret location which is apart
>from your current registry tree.

>Or maybe a secret "filename.dll" in C:\windows\system ?

        The trick here is that the first place hackers look is the
export table of dll files that are included in the setup kit of the
application. If they popup a dll in the quickview window or do a
dumpbin on it, and all the file really is is a text file that has been
renamed into a DLL you will be found out for sure...

        If you are going to use this method I recomened that you use a
REAL dll. Create on that has some REAL functions that you use, and
store the key(s) in there. Create a function that has a name with
nothing to do with registration. Make the function accept a key value
that the user had to enter as a reg code they get from you. Call this
function to validate the code. The best thing to do is to call this
code from various points in the application so there will be many
places to chop code, not just ONE. Also, a function that is called
from inside another function durring NORMAL processing is usually not
suspect, but one that is only called on program start up is.



Sun, 12 Aug 2001 03:00:00 GMT  
 Protecting your apps
In which case it is quite easy to read the program and patch around the
calls to the DLL. The bottom line is, if a hacker wants to get your program,
you will not be able to stop them. Make sure you analyze the development
cost to you against the loss of revenue from hackers.

If you are looking to prevent a "non-hacker" from copying your program, then
a simple registry entry will do the trick. If you are trying to prevent
hackers from pirating, spend your money on something else.

.00002 worth

--
John De Lello
DelWare Consulting Group
Programming solutions for today's complex problems

Sign up for the PB-PFC e-mail list. Technical discussions on PBPFC related
topics only:

SUBSCRIBE PBPFC first last
(replace first and last with your name)

Other lists available are:
MSSQL - Microsoft SQL Server
SmallBusiness - Small business owner discussions
QuoteODay - Receive a quote each day from words of wisdom.


Quote:

>Maybe you should put it into a secret location which is apart
>from your current registry tree.

>Or maybe a secret "filename.dll" in C:\windows\system ?

The trick here is that the first place hackers look is the
export table of dll files that are included in the setup kit of the
application. If they popup a dll in the quickview window or do a
dumpbin on it, and all the file really is is a text file that has been
renamed into a DLL you will be found out for sure...

If you are going to use this method I recomened that you use a
REAL dll. Create on that has some REAL functions that you use, and
store the key(s) in there. Create a function that has a name with
nothing to do with registration. Make the function accept a key value
that the user had to enter as a reg code they get from you. Call this
function to validate the code. The best thing to do is to call this
code from various points in the application so there will be many
places to chop code, not just ONE. Also, a function that is called
from inside another function durring NORMAL processing is usually not
suspect, but one that is only called on program start up is.



Sun, 12 Aug 2001 03:00:00 GMT  
 Protecting your apps


Quote:

>>Maybe you should put it into a secret location which is apart
>>from your current registry tree.

>>Or maybe a secret "filename.dll" in C:\windows\system ?

> The trick here is that the first place hackers look is the
>export table of dll files that are included in the setup kit of the
>application. If they popup a dll in the quickview window or do a
>dumpbin on it, and all the file really is is a text file that has been
>renamed into a DLL you will be found out for sure...

> If you are going to use this method I recomened that you use a
>REAL dll. Create on that has some REAL functions that you use, and
>store the key(s) in there. Create a function that has a name with
>nothing to do with registration.

Why not implement another (private) interface to the DLL that only your
program will know about?

- Show quoted text -

Quote:
>Make the function accept a key value
>that the user had to enter as a reg code they get from you. Call this
>function to validate the code. The best thing to do is to call this
>code from various points in the application so there will be many
>places to chop code, not just ONE. Also, a function that is called
>from inside another function durring NORMAL processing is usually not
>suspect, but one that is only called on program start up is.



Sun, 12 Aug 2001 03:00:00 GMT  
 Protecting your apps

Quote:

>In which case it is quite easy to read the program and patch around the
>calls to the DLL. The bottom line is, if a hacker wants to get your
program,
>you will not be able to stop them. Make sure you analyze the development
>cost to you against the loss of revenue from hackers.

>If you are looking to prevent a "non-hacker" from copying your program,
then
>a simple registry entry will do the trick. If you are trying to prevent
>hackers from pirating, spend your money on something else.

>.00002 worth

I don't believe in just giving up. With a little effort you can keep out
almost all but the most determined hackers, and unless you program is a top
selling game then none will be that determined.

To keep them from patching around your checks, just make those checks set
variables that are needed by the program somewhere else. IMO, the best
defense is to make the program _slowly_ disintegrate rather than fail in one
spot. If some check fails then don't pop up a message box right away so they
can easily patch around it. Make it set some important object reference to
Nothing, corrupt some memory, anything to make it die in some procedure
completely unrelated to the protection code.



Sun, 12 Aug 2001 03:00:00 GMT  
 
 [ 7 post ] 

 Relevant Pages 

1. Protecting My App.

2. PDS 7.1 protected mode apps

3. Protecting VB apps from piracy

4. Protecting your app against crackers -- read this

5. Protecting VB apps from piracy

6. Copy protecting VB3 app on Windows 3

7. Protecting your apps

8. Any ideas on how to Copy Protect my VB3.0 App - Any Help Appreciated

9. Any ideas on how to Copy Protect my VB3.0 App - Any Help Appreci

10. copy protect Visual Baisc apps

11. How to copy protect my VB apps

12. Copy Protect My VB App

 

 
Powered by phpBB® Forum Software