469,890 Members | 1,861 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,890 developers. It's quick & easy.

Registration Code

Hello,

I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?

Thanks

Apr 3 '06 #1
10 3640
Math enlightened us with:
But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo
version which expires after some period of time...
Fair enough. What do you want to know from us?
Is this the right place to ask or does anybody know where to look
for more on the subject?


You never asked anything ;-)

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
Apr 3 '06 #2

mmmhhh..UHUH??!!@#
OKAY Sybren..
How does one get the job done?

----------

Math enlightened us with:
But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo
version which expires after some period of time...


Fair enough. What do you want to know from us?
Is this the right place to ask or does anybody know where to look
for more on the subject?


You never asked anything ;-)

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
--
http://mail.python.org/mailman/listinfo/python-list

Apr 3 '06 #3
Hi,

A suggestion:

I would use encryption (ex: AES):

Hide a secret key in your code and generate an encrypted (readable: ex 07 7B
6F ....) version of the correct info (such as full release, or demo expire
in ...) with that very same key.

Have your software input that encrypted info (some GUI dialog box), decypher
the info then act accordingly.

The trick is: where to store that ? I would use some binary data file
(encrypted bziped pickle ?) with a hash or CRC built in to prevent obvious
tampering.

Hope that helps,

Philippe


Math wrote:
Hello,

I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?

Thanks


Apr 3 '06 #4
Math wrote:
Hello,

I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a
registration code or perhaps something like an evaluation demo version
which expires after some period of time...
Is this the right place to ask or does anybody know where to look for
more on the subject?

Thanks


One thing I tried some time ago:

I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.

To encrypt the function, I saved the bytecode of the target function to
a file. Then, in the version to be shipped, I substituted the encrypted
version of bytecode for the original bytecode. The rest of the program
(including the part that asks for the authentication information) works
fine. If the authentication passes, the encrypted function(s) are
decrypted. Normally the encrypted functions are never executed of
course (if authentication fails, the user is notified). If a hacker
bypasses the authentication test, the program will crash when the
program attempts to executed the encypted bytecode.

How to determine the key depends on your application. You may choose to
include hardware serial numbers, for example.

- Ken

Apr 3 '06 #5
Ken Seehart wrote:
Math wrote:
Hello,

I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.


That's a really good idea. I have a couple more questions, if you don't
mind: I am going to distribute an app using py2exe. Is it reasonably
easy to apply this technique to bytecode stored inside the library.zip
file, or should I just include the encrypted Python files as separate
files?

Second, I hear that in general it is very difficult to make a
time-limited demo, because the code has to be all there, so all a
cracker has to do is bypass the "if". It seems that even this method
won't work for that. Do you know of any way to make time limiting
secure?

Thanks.

--
Want to play tabletop RPGs online?
Check out RPZen: http://koboldsoft.com

Apr 3 '06 #6

Dave Mandelin wrote:
Ken Seehart wrote:
Math wrote:
Hello, I encypted the bytecode of a few important functions with a key based on
information required from the user. Without the key, these functions
can't be decrypted. This is somewhat more secure than just testing the
key with an "if" statement since the latter could easily be bypassed by
a hacker.


That's a really good idea. I have a couple more questions, if you don't
mind: I am going to distribute an app using py2exe. Is it reasonably
easy to apply this technique to bytecode stored inside the library.zip
file, or should I just include the encrypted Python files as separate
files?

Second, I hear that in general it is very difficult to make a
time-limited demo, because the code has to be all there, so all a
cracker has to do is bypass the "if". It seems that even this method
won't work for that. Do you know of any way to make time limiting
secure?


If an attacker is determined to 'decompile' your application then it
will be possible.

Although decompiling python byte-code (even from py2exe wrapped
programs) is easy, it's probably a less practised art than breaking C
code. (Although I guess such dissasembly is usually done on an
assembler level).

The obvious way to make it more secure is to include several checks.
Unless you are going to be writing a program used by tens of thousands
of users, it is likely that it is not worth the effort of the hackers
to bother.

I'd release the early versions using simple protection mechanisms, and
develop your protectionas your userbase grows.

Again - there are commercial tools available that will handle this for
you, if you want a higher degree of protectoin (although by no means
infallible) immediately.

Fuzzyman
http://www.voidspace.org.uk/python/index.shtml
Thanks.

--
Want to play tabletop RPGs online?
Check out RPZen: http://koboldsoft.com


Apr 3 '06 #7
On Mon, 03 Apr 2006 19:29:14 +0200, Math wrote:
Hello,

I wonder if I can ask this particular question here...
I'm writing this piece of Python Software and I'm almost done...:-)
But now I want the end-user to register this software with a registration
code or perhaps something like an evaluation demo version which expires
after some period of time...
Is this the right place to ask or does anybody know where to look for more
on the subject?


Is your application really such a gee-whiz super-duper
can't-live-without-it program that your users will put up with all the
inconvenience and hassle, not to mention loss of privacy, of having to
register? Or will they just dump your program when the demo stops working?

It seems to me that the hardest problem for any new application is getting
people to use it: most users won't ever find out about it; of those who
do most won't care about it; of those who care, most can't be bothered
downloading and installing it; and of those who might have, most will
probably know of an alternative that does the job as well or better, or at
least that they are more familiar with.

So every little barrier you put up to make it more difficult for users to
use your application, the greater the chances that your application
disappears into obscurity.

Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation. What are the odds that Vista will have it?
--
Steven.

Apr 3 '06 #8
Steven D'Aprano wrote:
Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation.
Microsoft has been using product activation in it's office software for
a while now, before Windows XP in fact.
What are the odds that Vista will have it?


About 100%.

On the other hand, the original poster is no Microsoft. He, as you
said, should seriously consider whether requiring his software to be
registered is going to be worth the effort.

Ross Ridge

Apr 4 '06 #9
On Tue, 04 Apr 2006 12:02:24 -0700, Ross Ridge wrote:
Steven D'Aprano wrote:
Look at Microsoft. Their first version of Word (for Macintosh, as it
turned out) was copy-protected. Their second version of Word, and every
version since, as well as Excel and Powerpoint, have not included copy
protection, time-limitations, product activation, or any other barrier to
keep users away. On the contrary -- Microsoft have turned a blind eye
to piracy until fairly recently. Same with Windows -- although, a few
years back when Microsoft felt secure in owning the desktop, they
introduced product activation.


Microsoft has been using product activation in it's office software for
a while now, before Windows XP in fact.


You're right, Office has Product Activation as well as Windows, that was
my error.

However, consider how easy Microsoft make it to avoid Product Activation:
if you purchase volume licences, and by volume I mean five licences or
more, you don't have to use PA. I know plenty of people who have activated
their version of Windows; I don't know anyone, home user or corporate, who
has needed to activate their version of Office. It is so easy to legally
avoid PA on Office that I wasn't even aware you needed to do so -- and
let's not even talk about illegal installations.

Presumably there are a few SMEs and home users who have had to do PA on
their Office installs, but as a percentage, I'd be very surprised if it
was more than a tiny minority.

What are the odds that Vista will have it?


About 100%.


Considering that you can hardly walk into a university, school or
corporation without finding Windows or Office supplied without PA, would
you care to revise that number?

(That's a rhetorical question, by the way.)

--
Steven.

Apr 5 '06 #10
Steven D'Aprano wrote:
What are the odds that Vista will have it?
Ross Ridge wrote; About 100%.
Steven D'Aprano wrote: Considering that you can hardly walk into a university, school or
corporation without finding Windows or Office supplied without PA, would
you care to revise that number?


No. Windows Vista is certain have product activation, just like
Windows XP does. The fact that volume licence users of Vista won't be
required to use product activatation, just like volume licence users of
XP, doesn't make it any less certain.

Ross Ridge

Apr 5 '06 #11

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Ashok K Kumar | last post: by
reply views Thread by somespam | last post: by
reply views Thread by Wayne Smith | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.