I am trying to create licensing functionality in a .NET application.
When the software is licensed then I want it to store this fact somewhere on
the user's computer, this way the next time the program is run it will know
it is licensed. Does windows provide a secure store for applications to put
data such as this?
It seems to me that windows could easily provide a store class that
would store data in an os protected location authenticated by the hash of
the calling dll or executable. Not much space would be needed only 1K or so
to store a private key for the application to use to encrypt/decrypt larger
data stored in unsecure locations.
Additional details:
Basically I need to store three pieces of information, an installID, a
licensed flag, and a license expiration date.
I need to make it impossible or difficult for someone with
administrative rights to change the licensed flag and/or license expiration
date to make the software think it has been licensed. The location at least
needs to be very difficult to find or detect (such as entropy scanning).
I know these demands are difficult and it is an age old problem ensuring
legitimate software use in the face of people that write crack programs etc.
I have given the issue some thought and have come to the conclusion that the
only way to make this perfectly secure is for it to be a feature available
in hardware (such as the CPU). However, I believe there must be many less
perfect solutions that would work well. Any ideas?
Thanks,
-Chris 5 1610
According to this article there is no good way of doing this http://msdn.microsoft.com/msdnmag/is...a/default.aspx
"Chris" <ch************ *********@techn ocisive.com> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. .. I am trying to create licensing functionality in a .NET application. When the software is licensed then I want it to store this fact somewhere
on the user's computer, this way the next time the program is run it will
know it is licensed. Does windows provide a secure store for applications to
put data such as this? It seems to me that windows could easily provide a store class that would store data in an os protected location authenticated by the hash of the calling dll or executable. Not much space would be needed only 1K or
so to store a private key for the application to use to encrypt/decrypt
larger data stored in unsecure locations.
Additional details: Basically I need to store three pieces of information, an installID, a licensed flag, and a license expiration date. I need to make it impossible or difficult for someone with administrative rights to change the licensed flag and/or license
expiration date to make the software think it has been licensed. The location at
least needs to be very difficult to find or detect (such as entropy scanning).
I know these demands are difficult and it is an age old problem ensuring legitimate software use in the face of people that write crack programs
etc. I have given the issue some thought and have come to the conclusion that
the only way to make this perfectly secure is for it to be a feature available in hardware (such as the CPU). However, I believe there must be many less perfect solutions that would work well. Any ideas?
Thanks,
-Chris
Hello Chris,
Thanks for your post. As I understand, you want to license in a .NET
application. Please correct me if there is any misunderstandin g. I now
share the following information with you:
1. In the .NET Framework, licensing is designed into the runtime. You can
create you main class as a licensed class which requires run-time license.
Please refer to the following articles for detailed information:
.NET Licensing http://windowsforms.net/articles/Licensing.aspx
Licensing Components and Controls http://msdn.microsoft.com/library/de...us/cpguide/htm
l/cpconlicensingc omponentscontro ls.asp
2. In addition, you can also encrypt your license information (say,
installID, a licensed flag, and a license expiration data) and then save it
to the persistent storage say, registry, file, etc, during the installation
of your application. What the app startup, it will check if the license
inforamtion exists, descrypt it, and then verify it. .NET Class Library
provides cryptographic services.
.NET Samples - How To: Cryptography http://msdn.microsoft.com/library/de...us/cpqstart/ht
ml/cpsmpnetsamples-howtocryptograp hy.asp
System.Security .Cryptography Namespace http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemSecu rityCryptograph y.asp?frame=tru e
Hope this helps.
Regards,
HuangTM
Microsoft Online Partner Support
MCSE/MCSD
Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
Thanks for the information on licensing. I am aware of the .NET
cryptography namespace. The problem is not hiding the license information
from being seen, but preventing someone from replacing the licensing
information to activate the software without licensing it. I could encrypt
the license file so only my application would be able to decrypt it. The
problem is that my application would need to have the key to decrypt the
license file(where can this key be safely stored so the administrator cannot
obtain it, use it, or replace it?). If I embed this key in my code a
cracker could easily find this key in my application's code by searching for
areas in the code containing high randomness. Once they have obtained the
key they can use it to decrypt the license file and see the format it is in.
Once this is done they can change any flags such as the licensed flag to
true, re-encrypt the file and replace the legitimate license file with their
own.
I was not aware there were licensing classes in .NET thank you for
drawing my attention to them. I am however concerned that the .NET license
classes might become a common target for crackers however, perhaps it is
built strongly enough to withstand attack. Unless the operating system
protects the .NET licensing dll from the administrator it seems to me that a
cracker could simply replace the .NET licensing dll with their own which
would of course provide them with the ability to render this license
checking class ineffective.
-Chris
"Tian Min Huang" <ti******@onlin e.microsoft.com > wrote in message
news:XS******** ******@cpmsftng xa10.phx.gbl... Hello Chris,
Thanks for your post. As I understand, you want to license in a .NET application. Please correct me if there is any misunderstandin g. I now share the following information with you:
1. In the .NET Framework, licensing is designed into the runtime. You can create you main class as a licensed class which requires run-time license. Please refer to the following articles for detailed information:
NET Licensing http://windowsforms.net/articles/Licensing.aspx
Licensing Components and Controls http://msdn.microsoft.com/library/de...us/cpguide/htm l/cpconlicensingc omponentscontro ls.asp
2. In addition, you can also encrypt your license information (say, installID, a licensed flag, and a license expiration data) and then save
it to the persistent storage say, registry, file, etc, during the
installation of your application. What the app startup, it will check if the license inforamtion exists, descrypt it, and then verify it. .NET Class Library provides cryptographic services.
NET Samples - How To: Cryptography http://msdn.microsoft.com/library/de...us/cpqstart/ht ml/cpsmpnetsamples-howtocryptograp hy.asp
System.Security .Cryptography Namespace http://msdn.microsoft.com/library/de...us/cpref/html/ frlrfSystemSecu rityCryptograph y.asp?frame=tru e
Hope this helps.
Regards,
HuangTM Microsoft Online Partner Support MCSE/MCSD
Get Secure! -- www.microsoft.com/security This posting is provided "as is" with no warranties and confers no rights.
Thanks for the information on licensing. I am aware of the .NET
cryptography namespace. The problem is not hiding the license information
from being seen, but preventing someone from replacing the licensing
information to activate the software without licensing it. I could encrypt
the license file so only my application would be able to decrypt it. The
problem is that my application would need to have the key to decrypt the
license file(where can this key be safely stored so the administrator cannot
obtain it, use it, or replace it?). If I embed this key in my code a
cracker could easily find this key in my application's code by searching for
areas in the code containing high randomness. Once they have obtained the
key they can use it to decrypt the license file and see the format it is in.
Once this is done they can change any flags such as the licensed flag to
true, re-encrypt the file and replace the legitimate license file with their
own.
I was not aware there were licensing classes in .NET thank you for
drawing my attention to them. I am however concerned that the .NET license
classes might become a common target for crackers however, perhaps it is
built strongly enough to withstand attack. Unless the operating system
protects the .NET licensing dll from the administrator it seems to me that a
cracker could simply replace the .NET licensing dll with their own which
would of course provide them with the ability to render this license
checking class ineffective.
-Chris
"Tian Min Huang" <ti******@onlin e.microsoft.com > wrote in message
news:XS******** ******@cpmsftng xa10.phx.gbl... Hello Chris,
Thanks for your post. As I understand, you want to license in a .NET application. Please correct me if there is any misunderstandin g. I now share the following information with you:
1. In the .NET Framework, licensing is designed into the runtime. You can create you main class as a licensed class which requires run-time license. Please refer to the following articles for detailed information:
NET Licensing http://windowsforms.net/articles/Licensing.aspx
Licensing Components and Controls http://msdn.microsoft.com/library/de...us/cpguide/htm l/cpconlicensingc omponentscontro ls.asp
2. In addition, you can also encrypt your license information (say, installID, a licensed flag, and a license expiration data) and then save
it to the persistent storage say, registry, file, etc, during the
installation of your application. What the app startup, it will check if the license inforamtion exists, descrypt it, and then verify it. .NET Class Library provides cryptographic services.
NET Samples - How To: Cryptography http://msdn.microsoft.com/library/de...us/cpqstart/ht ml/cpsmpnetsamples-howtocryptograp hy.asp
System.Security .Cryptography Namespace http://msdn.microsoft.com/library/de...us/cpref/html/ frlrfSystemSecu rityCryptograph y.asp?frame=tru e
Hope this helps.
Regards,
HuangTM Microsoft Online Partner Support MCSE/MCSD
Get Secure! -- www.microsoft.com/security This posting is provided "as is" with no warranties and confers no rights.
Hello Chris,
Thanks for your response. I suggest that you can also encry each machine's
hareware information to the license information, so that the license
information cannot be deployed to other machines and it's also difficult to
crack. Please also kindly note that there is no system which is 100% cecure.
In addition, I'd also recommend you post such security questions to more
appropriate newsgroups, say,
microsoft.publi c.win2000.secur ity
microsoft.publi c.platformsdk.s ecurity
microsoft.publi c.dotnet.securi ty
Have a nice day!
Regards,
HuangTM
Microsoft Online Partner Support
MCSE/MCSD
Get Secure! -- www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: YK |
last post by:
All,
What is the best way to protect IL code?
---------------------------------------------------
Typical scenario:
Visual Studio .NET 2003 includes Dotfuscator Community Edition, which intends to protect IL code. However, many .NET applications use data binding in UI forms. For example:
Employee e = new Employee();
|
by: siliconmike |
last post by:
Is there a way to protect data files from access by root ?
I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.
Any ideas?
Thanks
Mike
|
by: Frank Millman |
last post by:
Hi all
I am writing a multi-user accounting/business system. Data is stored in
a database (PostgreSQL on Linux, SQL Server on Windows). I have written
a Python program to run on the client, which uses wxPython as a gui,
and connects to the database via TCP/IP.
The client program contains all the authentication and business logic.
It has dawned on me that anyone can bypass this by modifying the
program. As it is written in Python, with...
|
by: Tolga Tanriverdi |
last post by:
i saw something named obfuscator and its decompiling the source code of my
program which written in c# and my program includes mysql root password
inside of it
is there anyway to protect my program against this decompilers.
Thanks
|
by: John Blair |
last post by:
Hi,
I updated the latest .Net patch on my system this moring and now my SQL Web
Data Administrator application is not working. I get the following error:
Server Application Unavailable
The web application you are attempting to access on this web server is
currently unavailable. Please hit the "Refresh" button in your web browser
to retry your request.
| |
by: SpIcH |
last post by:
Hi All,
This is all about protecting my data in Executable file.
I have developed a program in Visual Basic .NET 2002. I have many
questions in mind... please help me to complete my project.
1. I have very much data to be incorporated into the executable file. I
have to add much data into my developed program into 2 Combo Boxes and 1
List Box control. For that i have created an xml element with all of the
|
by: Chris |
last post by:
I am trying to create licensing functionality in a .NET application.
When the software is licensed then I want it to store this fact somewhere on
the user's computer, this way the next time the program is run it will know
it is licensed. Does windows provide a secure store for applications to put
data such as this?
It seems to me that windows could easily provide a store class that
would store data in an os protected location...
|
by: teejayem |
last post by:
Hi,
I am new to programming with databases and was wanting some help.
Is there any way to password protect an access database and access
sent sql commands to it via vb.net code?
Any help would be much appreciated.
Thanks in advanced.
|
by: eltonchew |
last post by:
Hi,
We have an inhouse developed VB.NET Windows application which runs
successfully only when the user is given a local administrator rights.
Without which, it fails to start. There isn't anything reported on the
event viewer. Giving the user full access to C:\ drive also doesn't do
the trick. Unfortunately, we do not have the code of this application
and hence cannot view what the application is trying to access. Note
that we have both...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |