Hello Everyone,
I have a little program which I want to put some limitations on. I never thought having a serial number could be so hard or preventing people from installing on more than one system can be such a daunting task. Anyhow, basically my program will have full access to internet and can contact a server to verify the serial number. I am just not sure what the standard procedures are for assigning serial numbers, registering a software and how to tie it with a specific system hardware, or how to securely authenticate the serial number.
Any feedback will be appreciated.
13  8710 
I hope you realize that this kind of a protection system is trivial to bypass. If somewhere in your code, you have code like (if serial_from_user == serial_from_server) and simplistic checks like that...
Thanks for the reply. Well, what is a better system in your view? Also, I was thinking of something simple like generating a number with combination of CPU ID and HDD serial number and then posting it to some webpage. On the next install the system will fetch the data and check it against the hardware. What programming language would better answer my needs if not C? I am deploying the porgrame in CentOS 5. Thanks
Well, what is a better system in your view?
I’m probably not the best to ask for an opinion on this. I’ll say mine anyway: program protections are rather easily broken. So you might have a simplistic system (that you acknowledge will be broken as needed), but primarily, one that does not annoy your paying customers or clients.
So designing a system that transmits information over the net, or anything elaborate is not a good idea. Bugs in your implementation will render your program unusable. And even if it does work, having your program rely on contacting a third party server for authentication will tick off a lot of people.
Also, I was thinking of something simple like generating a number with combination of CPU ID and HDD serial number and then posting it to some webpage. On the next install the system will fetch the data and check it against the hardware.
But ultimately, that check will be bypassed. You make all these elaborate schemes, but do nothing to prevent bypassing them. Look, to design a non-trivial system to bypass, you should know how programs are cracked and how authentication is faked. It’s like designing an anti-robbery system, without an idea of how you are actually getting robbed.
What programming language would better answer my needs if not C?
Certainly, you don’t think switching languages will solve the issue here?
Thanks for the great comments. I really don't care if someone goes to the extend to sniff the packets or reverse engineer the program to install the program on more than one computer since the program goes for less than $10 per license. In addition it changes every few months. Older versions render useless. What would be the specific commands to record CPU ID and HDD serial number in C? Also, what commands can I use to post the info to a web page and to retrieve it?
P.S. I will post the serial numbers to somewhere like googlepages where the probability of being down is really low. I know it's silly that I want to go this way but again I know that people who pay for this don't bother to reverse engineer thing for $5.
Thanks,
Hello all,
I don't mean to hijack this thread, but I have searched hi and lo and this is as close as i could get to an answer.
I have the same sort of question, Slightly different. I have been looking for info on how to have vb write code into itself. Example and I realize this is quite simplistic. and it's more or less for me to understand a few things
Dim registered As Boolean
Dim thankyou As Boolean
Dim regkey As Double
Dim regdate As Date
Dim regbirth As Date
Dim regdateconv As Double
Dim regbirthconv As Double
Private Sub registration()
'first run unregistered
regdate = Now
regbirth = InputBox("Enter your birthday (ie 12/11/1953)")
regdateconv = regdate
regbirthconv = regbirth
regkey = regdateconv - regbirthconv ^ 2 / 4
registered = True
thank_you_for_registering()
End Sub
Private Sub thank_you_for_registering()
MsgBox ("Thank you for Registering")
thankyou = True
' at this point I need the code to go to the form load section and hard code in that registered is true.
so that it never makes the trip thru Private Sub registration() again.
End Sub
and as I stated this is not for a real world app it's just me trying to learn.
I haven't really thought about the way the serial will be generated other than my date minus date code. I am sure if I was planning on making this a real world app I would devise something more intricate.
any help will be greatly appreciated.
Microsoft makes a shareware starter kit, its old and probably not maintained anymore but it will give you something to start with...
http://blogs.msdn.com/danielfe/archi...10/437293.aspx
and this...
http://sharewarestarterkit.com/
thank you for the pointer. I think the guy that started this thread may need something along those lines, but what I am really after is how to make vb edit it's own code in the exe file. I need it to actually write this piece of code into the form load section "Registered = true", This is after the user registers. I found a thread that used a script to execute a vb statement from code, but it dosen't actually write the code. again I thank you for your response, and i will keep looking. I may not be stating correctly what it is I am looking for.
Thanks for all the contributions. I checked the link and I think they only support Windows Environment. I am using CentOS for the program. In addition I can dedicate a server for this purpose myself. I am wondering if anyone can post snippets of code on how to harness CPU ID and HDD serial number and also to post it to a web page.
Thanks
I was thinking of something simple like generating a number with combination of CPU ID and HDD serial number and then posting it to some webpage. On the next install the system will fetch the data and check it against the hardware.
... Suppose your customer has several hard disks.
... Suppose your customer replaces their hard disk after a crash.
... Suppose your customer upgrades to a new computer.
Is it your intention to require your customer to buy a new copy of your program for any of these cases?
... Suppose your customer's internet connection is down.
Is it your intention to deny your customer access to your program?
How about you store CPU ID and HDD in the program itself, or in a data file; and respond to id mismatch by popping up a window just that one time asking if the user wants to pay for the program. This is a shareware model.
a) This increases the distribution of your program, although users have the option to use it without paying you.
b) Your paying customers aren't frustrated by your program sometimes refusing to run; although they will have to suffer through spurious pay-me messages every time they change their hardware.
That's an amazing idea. It cuts down on the internet need but on the same token I would not know how much of the software is being pirated since there is no inquiry to my server. I guess I can accept that for the customer's interest. However, I am still looking for the commands for CPU ID and HDD ID. Thanks for the great input again.
C++ nor C nor any other language (that I can think of this late at night) has a built-in command for performing a hardware inventory scan. You might want to look into the use of the 'system' command to attempt to parse hardware information from files stored at a "standard" or "known" location on the disk (such as /dev or C:/Windows), but that could lead to other problems. For one, depending on the access permissions of the user running the application, those directories may be inaccessible.
Most authentication routines (that ultimately fail, but do provide the illusion of control) use a user-input value and create a hash token based on that input. The trouble is "simply" developing (or implementing a pre-existing) hashing algorithm. You code a hashing algorithm into your application that calculates a one-way hash on the user-input. You provide the key to the user based on her user-input string. The user enters the user-input string (such as a username, etc.) and the key that was received from you into the application. The application computes the one-way hash of the user-input string and does a byte comparison of the computed hash and the input key. If the two values match, a registration flag could be set in a datafile (but ultimately the user could just create a datafile with this byte set in the first place).
It's really a slippery-slope. You'll have to be the judge to decide whether the trouble of developing a one-way hashing function and implementing it is really worth the cost. In short, most control/restriction schemes only serve to keep the "honest" people honest.
In short, most control/restriction schemes only serve to keep the "honest" people honest.
:) I like your analogy on this. I am not going to use the one way hash. I am thinking for using the "system" command in Linux and /dev to actually register a computer via internet. I think this is the only option that I have. I should also manually include a serial number to every copy of the software. Again, this is not a highly sensitive money making program but the nature of the program is so that people tend to install on several computers and Virtual Machines which is unfair use of the program.
Thanks for the inputs. I will post back with some snippets of the code and ask for more help if any needed.
I guess you could manually add a cd key to each program and then add that key to your server database. This is going to require work for you to do on each purchase of your software. You will also need to offer some sort of support or method of support for people who do change their system configuration which is quite common to do every couple of years or so.
From a user perspective if i buy a piece of software, especially a rather cheap piece of software and I find it sending information going to the web, I'm going to be very upset. If this software is going to sell a limited number of copies. My suggestion is to make a simple serial number algorithm as someone suggested above and just take the hit on the multiple system installs. If I bought your software and I tried to install it on multiple computers or I changed my computer hardware and I couldn't install the software again, I wouldn't purchase another program from you nor would i buy from you again in the future. Oler1s made a good point when he stated that the protection shouldn't "annoy your paying customers or clients". If you annoy your paying customers they will one not come back and two will be encourage to crack and share your program.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Niy |
last post by:
what does that mean? what for? I searched a lot but
failed to find explanation.
Sometimes I really have difficulty finding documentation
for some views.
|
by: tom |
last post by:
Hi,
How do I get the serial number of the harddisk in .NET?
I want this to be the same number even if the user has
reformatted, so I do not want the volume serial number.
Thanx,
t
|
by: |
last post by:
Hi,
Do memory sticks have serial numbers like harddrives? If so how can I get
this, I want to uniquely identify a memory stick (removable drive) for
authentication.
Thanks
|
by: Klaus Bonadt |
last post by:
In order to protect software from being copied without licence, I would like
to use something like a key, which fits only to the current system. The
serial number of the CPU or the current...
|
by: Mark Harris |
last post by:
I have an installer which uses a Customer Information page in it, is there
an easy way to pass the
serial number entered to a custom action?
If not, where would i find the serial number in the...
|
by: Lauren Wilson |
last post by:
Discovered this interesting comment on MSDN:
"To programmatically obtain the hard disk's serial number that the
manufacturer assigns, use the Windows Management Instrumentation (WMI)...
|
by: Nebojsa4 |
last post by:
Hi.
First, sorry on my weak English to all.
Qusetion:
How to read (in VB) Manufacturer serial number of Hard disk drive?
Not volume/serial number of C:, D:, etc. partitons.
For reading...
|
by: scriptx |
last post by:
Hello Everyone,
I have a little program which I want to put some limitations on. I never thought having a serial number could be so hard or preventing people from installing on more than one...
|
by: Keshia |
last post by:
I have a database that is for keeping track of inventory. I need to have my form for entering new inventory to automatically make a new serial number based on the category of the new item.
The...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |
