Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > .net > answers

Licence Key generator

Kiran
Guest
  
Posts: n/a
#1: Jul 19 '05
Hi,
We would like to develop a product in VB.Net. This is the first time I'm
involving in such type of practice. Can any one please provide the
information about the fallowing???
1. How to generate Licence Key(s) for the product? Are there any components
available to do so?
2. Since the product is distributed thru CDs, what is the process to provide
licence keys for the clients?

Please help.

Michael Giagnocavo [MVP]
Guest
  
Posts: n/a
#2: Jul 19 '05

re: Licence Key generator

Hello,

Providing a licensing system can be difficult. There are many
approaches you can take.

On the simple end, you can use a simple algorithm with an encryption
algorithm. An example of this would be to use an int32 and every
number divisible by 13 is valid. Then encrypt the number with
Rijndael and use that as the key. Simple to generate, looks random to
the user.

More advanced, you could require some input from the user to generate
the code, via registration. In this scenario you'd have the user
register his name, and you'd issue a key that is linked to his name.
Again, using Rijndael or some other encryption algorithm would provide
the necessary key. Another way is using a hash and then requiring
some characteristics of the output. This requires you to spend a lot
of computing time finding hashes that work, but can be successful at
limiting key-generators.

For even more protection, you could use a hardware dongle, or require
per-computer activation (like Windows XP). This is best way to
prevent "casual" piracy, where a company buys 1 license, and installs
it on multiple computers.

Regardless, you should most likely develop your own algorithm. Using
a prepackaged protection system can be easier to crack because many
times most of the work has been done before for another product. To
give them to the client, you'll just need to print off one key out of
the sequence of keys available. Your CD manufacturer can give you
more details. Sometimes it's possible to have each CD have a serial
or volume encoded on it, which you can use to require a specific key.
Again, your CD manufacturer can give you more details.

Another thing you need to do are find a way to transfer the licenses
(sending a long binary or Base64 string isn't nice for users). A
packed (where the transform works on one byte at a time instead of
multiple bytes), modified (modify the output so that the 32 characters
are easy to distinguish, for instance, don't use 0 and O, I and l)
Base32 algorithm is a good way to do this.

The most important issue, no matter which scheme you use, is
providing anti-cracking measures. Ignoring this is like having a door
with an advanced digital lock, but having the actual door made of
rotten wood - an attacker will just bypass the lock and break down the
door. If your app just simply does something like this:
If CheckForLicense() Then
MessageBox.Show("Valid license!")
Else
MessageBox.Show("Invalid license!")
Return
End
It will be cracked extremely fast, even if it is obfuscated. An
attacker will simply add a breakpoint for MessageBox.Show, and then
trace the code back up to the branch. For an added bonus, they'll
jump into the CheckForLicense() and reverse engineer it and make a key
generator which will most likely work even across-versions of your
software. This can be easy in x86, and extremely easy in IL.

The use of multiple threads or processes can make debugging much
harder. As well, writing code in IL or x86 embedded in IL that's
designed to be hard to read. The CLR is very flexible and we can take
advantage of this to write very confusing code, if don't mind loosing
verifiability.

Finally, a strong obfuscator that encrypts strings and hides calls to
your code and to system code will make all your code even harder to
read. Then, an encrypted loader (where your .exe has a data section
that contains the encrypted program, and the IL inside the .exe is
just to load it up) can raise the bar very high to even get to your
IL.

If you are interested, I can help you design these features and write
code to do this. As well, I have an internal program that creates an
encrypted loader, as well as does some interesting obfuscation
techniques that have been successful in stopping the .NET debuggers
from attaching to a process and prevent ILDASM/ASM round-tripping. My
email address is mgg@Atrevido.net.

Thanks,
-mike
MVP


"Kiran" <kiranracha@nunet-tech.com> wrote in message
news:uun1ondSDHA.2252@TK2MSFTNGP12.phx.gbl...[color=blue]
> Hi,
> We would like to develop a product in VB.Net. This is the first time[/color]
I'm[color=blue]
> involving in such type of practice. Can any one please provide the
> information about the fallowing???
> 1. How to generate Licence Key(s) for the product? Are there any[/color]
components[color=blue]
> available to do so?
> 2. Since the product is distributed thru CDs, what is the process to[/color]
provide[color=blue]
> licence keys for the clients?
>
> Please help.
>
>[/color]
Michael Giagnocavo [MVP]
Guest
  
Posts: n/a
#3: Jul 19 '05

re: Licence Key generator

Sorry, I meant RC2, not Rijndael (the output will be smaller, which is
useful for codes the user has to type in). Here is a small example
and it's output. As you can see, the results are quite varied, and
make it impossible for someone to determine any algorithm just by
looking at masses of keycodes.

----
13 = MTYzRrmgAS8=
26 = FJ3UJexjokY=
39 = aQvGR1KY4Xg=
52 = R87PYZsb1KM=
65 = SuX6VixFu8A=
78 = ELNcDX4L6Dk=
91 = QSXQi8LCyJY=
104 = XoUHL7Jgqmw=
117 = DJsLb8H8Htc=
130 = 4HNg2zLLXGQ=
143 = aOPKYj056kU=
156 = ewCz0BMCrS8=
169 = hL4zLl7hZ7o=
182 = xHFVolS4h2g=
195 = 5zKC1O0GhAQ=
----

using System;
using System.Security.Cryptography;

namespace testY {
public class Class1 {
static void Main() {
RC2 r = RC2.Create();
r.GenerateIV();
r.GenerateKey();

for (short i = 13; i < 200; i+=13) {
byte[] data = System.BitConverter.GetBytes(i);
byte[] enc = r.CreateEncryptor().TransformFinalBlock(data, 0, 2);
Console.WriteLine("{0}\t= {1}", i, Convert.ToBase64String(enc));
}
Console.ReadLine();
}

}
}

-mike


"Michael Giagnocavo [MVP]" <mggUNSPAM@Atrevido.net> wrote in message
news:uURCcctSDHA.212@TK2MSFTNGP10.phx.gbl...[color=blue]
> Hello,
>
> Providing a licensing system can be difficult. There are many
> approaches you can take.
>
> On the simple end, you can use a simple algorithm with an[/color]
encryption[color=blue]
> algorithm. An example of this would be to use an int32 and every
> number divisible by 13 is valid. Then encrypt the number with
> Rijndael and use that as the key. Simple to generate, looks random[/color]
to[color=blue]
> the user.
>
> More advanced, you could require some input from the user to[/color]
generate[color=blue]
> the code, via registration. In this scenario you'd have the user
> register his name, and you'd issue a key that is linked to his name.
> Again, using Rijndael or some other encryption algorithm would[/color]
provide[color=blue]
> the necessary key. Another way is using a hash and then requiring
> some characteristics of the output. This requires you to spend a[/color]
lot[color=blue]
> of computing time finding hashes that work, but can be successful at
> limiting key-generators.
>
> For even more protection, you could use a hardware dongle, or[/color]
require[color=blue]
> per-computer activation (like Windows XP). This is best way to
> prevent "casual" piracy, where a company buys 1 license, and[/color]
installs[color=blue]
> it on multiple computers.
>
> Regardless, you should most likely develop your own algorithm.[/color]
Using[color=blue]
> a prepackaged protection system can be easier to crack because many
> times most of the work has been done before for another product. To
> give them to the client, you'll just need to print off one key out[/color]
of[color=blue]
> the sequence of keys available. Your CD manufacturer can give you
> more details. Sometimes it's possible to have each CD have a serial
> or volume encoded on it, which you can use to require a specific[/color]
key.[color=blue]
> Again, your CD manufacturer can give you more details.
>
> Another thing you need to do are find a way to transfer the[/color]
licenses[color=blue]
> (sending a long binary or Base64 string isn't nice for users). A
> packed (where the transform works on one byte at a time instead of
> multiple bytes), modified (modify the output so that the 32[/color]
characters[color=blue]
> are easy to distinguish, for instance, don't use 0 and O, I and l)
> Base32 algorithm is a good way to do this.
>
> The most important issue, no matter which scheme you use, is
> providing anti-cracking measures. Ignoring this is like having a[/color]
door[color=blue]
> with an advanced digital lock, but having the actual door made of
> rotten wood - an attacker will just bypass the lock and break down[/color]
the[color=blue]
> door. If your app just simply does something like this:
> If CheckForLicense() Then
> MessageBox.Show("Valid license!")
> Else
> MessageBox.Show("Invalid license!")
> Return
> End
> It will be cracked extremely fast, even if it is obfuscated. An
> attacker will simply add a breakpoint for MessageBox.Show, and then
> trace the code back up to the branch. For an added bonus, they'll
> jump into the CheckForLicense() and reverse engineer it and make a[/color]
key[color=blue]
> generator which will most likely work even across-versions of your
> software. This can be easy in x86, and extremely easy in IL.
>
> The use of multiple threads or processes can make debugging much
> harder. As well, writing code in IL or x86 embedded in IL that's
> designed to be hard to read. The CLR is very flexible and we can[/color]
take[color=blue]
> advantage of this to write very confusing code, if don't mind[/color]
loosing[color=blue]
> verifiability.
>
> Finally, a strong obfuscator that encrypts strings and hides calls[/color]
to[color=blue]
> your code and to system code will make all your code even harder to
> read. Then, an encrypted loader (where your .exe has a data section
> that contains the encrypted program, and the IL inside the .exe is
> just to load it up) can raise the bar very high to even get to your
> IL.
>
> If you are interested, I can help you design these features and[/color]
write[color=blue]
> code to do this. As well, I have an internal program that creates[/color]
an[color=blue]
> encrypted loader, as well as does some interesting obfuscation
> techniques that have been successful in stopping the .NET debuggers
> from attaching to a process and prevent ILDASM/ASM round-tripping.[/color]
My[color=blue]
> email address is mgg@Atrevido.net.
>
> Thanks,
> -mike
> MVP
>
>
> "Kiran" <kiranracha@nunet-tech.com> wrote in message
> news:uun1ondSDHA.2252@TK2MSFTNGP12.phx.gbl...[color=green]
> > Hi,
> > We would like to develop a product in VB.Net. This is the first[/color][/color]
time[color=blue]
> I'm[color=green]
> > involving in such type of practice. Can any one please provide the
> > information about the fallowing???
> > 1. How to generate Licence Key(s) for the product? Are there any[/color]
> components[color=green]
> > available to do so?
> > 2. Since the product is distributed thru CDs, what is the process[/color][/color]
to[color=blue]
> provide[color=green]
> > licence keys for the clients?
> >
> > Please help.
> >
> >[/color]
>
>[/color]
Closed Thread

« previous question | next question »

Similar .NET Framework bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,501 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved