Hi there,
I am pretty new to VB.net so excuse me if this sounds simple.
I have an application which i want to distribute over the internet -
now i know it probably wont be possible to completely secure it from
people copying and distributing but i would like secure it as much as
possible.
I would like for when the user buys the software for them to be sent
some sort of activation key that will unlock the software. What would
be the best way of doing this? Interfacing some sort of online
database? I would like to avoid this if possible since i have a PDA
version of the software....
Would it be feasable to create some sort of hash - that encompasses
some user information that is then sent to them as a serial number....
I really dont know guys i am clutching at straws here. Any help woudl
be much appreciated. 9 3477
On 26 Sep 2006 01:44:40 -0700, an****@playdar.co.uk wrote:
Hi there,
I am pretty new to VB.net so excuse me if this sounds simple.
I have an application which i want to distribute over the internet -
now i know it probably wont be possible to completely secure it from
people copying and distributing but i would like secure it as much as
possible.
I would like for when the user buys the software for them to be sent
some sort of activation key that will unlock the software. What would
be the best way of doing this? Interfacing some sort of online
database? I would like to avoid this if possible since i have a PDA
version of the software....
Would it be feasable to create some sort of hash - that encompasses
some user information that is then sent to them as a serial number....
I really dont know guys i am clutching at straws here. Any help woudl
be much appreciated.
Andrew, this isn't what you want to hear, but it's one viewpoint.
IF your program is one in which the pirates are going to be interested then
there is practically no amount of 'protection' you can provide, there's one
of you and <probablymillions of them - you spend two moonths 'protecting'
your program and as a group they can crack it in a couple of days (at
worst).
I've seen keygens appear within minutes of some program being updated with
the newest anthi-theft device. If you provide 'John' with the key to his
program - and 'Frank' wants a copy then John just gives him a copy with his
key ... no win. If you tie it to some system configuration then you're
going to have some unhappy customers when they, oh add a new hard drive or
RAM, for example.
MultiMedia Australia has taken the approach that everytime they issue an
update the require the authorized use to request a new key. That probably
slows down the copying, but it also gets irritating (for me as a legit
user) since I have to install the update and then go to their website to
request a new key which is sent in a day or two - irritating.
Now for the professionals responses. //al
I dont mind tieing the software down in this way - especially since the
software is sold in combination with a monthly subscription.
It is a niche product - and really as much as i can tie it down the
better, just need a feasble solution for doing this.
<an****@playdar.co.ukwrote in message
news:11*********************@d34g2000cwd.googlegro ups.com...
Hi there,
I am pretty new to VB.net so excuse me if this sounds simple.
I have an application which i want to distribute over the internet -
now i know it probably wont be possible to completely secure it from
people copying and distributing but i would like secure it as much as
possible.
I would like for when the user buys the software for them to be sent
some sort of activation key that will unlock the software. What would
be the best way of doing this? Interfacing some sort of online
database? I would like to avoid this if possible since i have a PDA
version of the software....
Would it be feasable to create some sort of hash - that encompasses
some user information that is then sent to them as a serial number....
I really dont know guys i am clutching at straws here. Any help woudl
be much appreciated.
There are 3rd party tools out there that can help with this sort of thing.
Another issue you need to worry about is people decompiling your code and
removing any copy protection routines (there are also tools for decompiling.)
What tools are we talking about here? I am after a solution that will
stop the casuals passing the software on. Im not expecting to stop the
people who are really determined.
Mike Lowery wrote:
<an****@playdar.co.ukwrote in message
news:11*********************@d34g2000cwd.googlegro ups.com...
Hi there,
I am pretty new to VB.net so excuse me if this sounds simple.
I have an application which i want to distribute over the internet -
now i know it probably wont be possible to completely secure it from
people copying and distributing but i would like secure it as much as
possible.
I would like for when the user buys the software for them to be sent
some sort of activation key that will unlock the software. What would
be the best way of doing this? Interfacing some sort of online
database? I would like to avoid this if possible since i have a PDA
version of the software....
Would it be feasable to create some sort of hash - that encompasses
some user information that is then sent to them as a serial number....
I really dont know guys i am clutching at straws here. Any help woudl
be much appreciated.
There are 3rd party tools out there that can help with this sort of thing.
Another issue you need to worry about is people decompiling your code and
removing any copy protection routines (there are also tools for decompiling.)
Hi Andrew,
Here's (approximately) how I do it, with some pseudo-code.
The app has two passwords hard-coded into it, we'll call them A and B.
When the program is installed, it generates a string:
Right(CDriveSerialNo() & "|" & Rnd(1) & "12345678901234567890", 20)
It then encrypts that string with password A, converts it to a hex
string, and stores it in the registry as a challenge code. When the
user wants to register, the software displays that code, which has to
be sent to me.
I then de-hex and decrypt the string, re-encrypt with password B and
re-hex, and send that string as an unlock code to the user. The
program stores that string in the registry as well. At any time, it
can de-hex and decrypt the strings with the appropriate passwords and
compare; if the strings match, the program is registered.
I can also insert some extra data into the beginning of unlock code
prior to re-encrypting it, which the program can use as flags on what
features to unlock:
If DecryptedChallenge = Right(DecryptedUnlock, 20) Then
Registered = True
UnlockFlags = Left(DecryptedUnlock, Len(DecryptedUnlock) - 20)
End If
If the user later contacts me saying they need to reinstall the
software, they have to tell me why. I keep their last keycode on file
so I can determine the drive serial number, which gives me at least a
little information to verify their story and determine whether this is
a legitimate reinstallation or not.
This isn't the most secure method in the world, but it works for me. I
have a small userbase of technically-challenged people, and little
demand for this application outside a tiny niche.
One obvious step in improving the security of this is to obfuscate the
hard-coded passwords A and B, so they do not appear in plain-text in
your program when viewed in a hex editor.
Beyond that, there are many methods to foil a cracker, and many methods
crackers have to foil you. Google is your friend for techniques, as
well as commercial protection packages that implement these techniques
for you. I'm afraid I don't have links/names handy, or experience with
any of these packages.
Hope this helps!
Hi Andrew,
Here's (approximately) how I do it, with some pseudo-code.
The app has two passwords hard-coded into it, we'll call them A and B.
When the program is installed, it generates a string:
Right(CDriveSerialNo() & "|" & Rnd(1) & "12345678901234567890", 20)
It then encrypts that string with password A, converts it to a hex
string, and stores it in the registry as a challenge code. When the
user wants to register, the software displays that code, which has to
be sent to me.
I then de-hex and decrypt the string, re-encrypt with password B and
re-hex, and send that string as an unlock code to the user. The
program stores that string in the registry as well. At any time, it
can de-hex and decrypt the strings with the appropriate passwords and
compare; if the strings match, the program is registered.
I can also insert some extra data into the beginning of unlock code
prior to re-encrypting it, which the program can use as flags on what
features to unlock:
If DecryptedChallenge = Right(DecryptedUnlock, 20) Then
Registered = True
UnlockFlags = Left(DecryptedUnlock, Len(DecryptedUnlock) - 20)
End If
If the user later contacts me saying they need to reinstall the
software, they have to tell me why. I keep their last keycode on file
so I can determine the drive serial number, which gives me at least a
little information to verify their story and determine whether this is
a legitimate reinstallation or not.
This isn't the most secure method in the world, but it works for me. I
have a small userbase of technically-challenged people, and little
demand for this application outside a tiny niche.
One obvious step in improving the security of this is to obfuscate the
hard-coded passwords A and B, so they do not appear in plain-text in
your program when viewed in a hex editor.
Beyond that, there are many methods to foil a cracker, and many methods
crackers have to foil you. Google is your friend for techniques, as
well as commercial protection packages that implement these techniques
for you. I'm afraid I don't have links/names handy, or experience with
any of these packages.
Hope this helps!
<te******@hotmail.comwrote in message
news:11**********************@i3g2000cwc.googlegro ups.com...
Hi Andrew,
Here's (approximately) how I do it, with some pseudo-code.
The app has two passwords hard-coded into it, we'll call them A and B.
When the program is installed, it generates a string:
Right(CDriveSerialNo() & "|" & Rnd(1) & "12345678901234567890", 20)
It then encrypts that string with password A, converts it to a hex
string, and stores it in the registry as a challenge code. When the
user wants to register, the software displays that code, which has to
be sent to me.
I then de-hex and decrypt the string, re-encrypt with password B and
re-hex, and send that string as an unlock code to the user. The
program stores that string in the registry as well. At any time, it
can de-hex and decrypt the strings with the appropriate passwords and
compare; if the strings match, the program is registered.
I can also insert some extra data into the beginning of unlock code
prior to re-encrypting it, which the program can use as flags on what
features to unlock:
If DecryptedChallenge = Right(DecryptedUnlock, 20) Then
Registered = True
UnlockFlags = Left(DecryptedUnlock, Len(DecryptedUnlock) - 20)
End If
If the user later contacts me saying they need to reinstall the
software, they have to tell me why. I keep their last keycode on file
so I can determine the drive serial number, which gives me at least a
little information to verify their story and determine whether this is
a legitimate reinstallation or not.
This isn't the most secure method in the world, but it works for me. I
have a small userbase of technically-challenged people, and little
demand for this application outside a tiny niche.
One obvious step in improving the security of this is to obfuscate the
hard-coded passwords A and B, so they do not appear in plain-text in
your program when viewed in a hex editor.
Beyond that, there are many methods to foil a cracker, and many methods
crackers have to foil you. Google is your friend for techniques, as
well as commercial protection packages that implement these techniques
for you. I'm afraid I don't have links/names handy, or experience with
any of these packages.
Hope this helps!
What's to stop the registered user copying both registry entries and
importing them onto another PC though? The app will presumably still check
these quite happily and say it's registered. Or does it re-generate the key
each time it runs by checking the disk serial number again?
James
james wrote:
What's to stop the registered user copying both registry entries and
importing them onto another PC though? The app will presumably still check
these quite happily and say it's registered. Or does it re-generate the key
each time it runs by checking the disk serial number again?
James
Good catch. I forgot to include that detail, it decrypts the stored
key on startup and compares the drive serial number.
Actually, I don't store this stuff in the registry at all; I hide it
somewhere else. Like I said, this is "approximately" how I do it. I
gave enough info to make a working system, but I'm not giving away
*all* my secrets. :)
<te******@hotmail.comwrote in message
news:11**********************@k70g2000cwa.googlegr oups.com...
james wrote:
>What's to stop the registered user copying both registry entries and importing them onto another PC though? The app will presumably still check these quite happily and say it's registered. Or does it re-generate the key each time it runs by checking the disk serial number again? James
Good catch. I forgot to include that detail, it decrypts the stored
key on startup and compares the drive serial number.
Actually, I don't store this stuff in the registry at all; I hide it
somewhere else. Like I said, this is "approximately" how I do it. I
gave enough info to make a working system, but I'm not giving away
*all* my secrets. :)
Don't blame you! This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: tom |
last post by:
Hi,
How do I get the serial number of the harddisk in .NET?
I want this to be the same number even if the user has
reformatted, so I do not want the volume serial number.
Thanx,
t
|
by: |
last post by:
Hi,
Do memory sticks have serial numbers like harddrives? If so how can I get
this, I want to uniquely identify a memory stick (removable drive) for
authentication.
Thanks
|
by: Klaus Bonadt |
last post by:
In order to protect software from being copied without licence, I would like
to use something like a key, which fits only to the current system. The
serial number of the CPU or the current...
|
by: Stewart Allen |
last post by:
Hi there
I'm trying to find part serial numbers between 2 numbers. The user selects a
part number from a combo box and then enters a range of serial numbers into
2 text boxes and the resulting...
|
by: P1ayboy |
last post by:
I need advice on how to best to protect software with licenses.
We are developing a windows application that people can purchase and
download off the net, but the software needs to be protected...
|
by: Nebojsa4 |
last post by:
Hi.
First, sorry on my weak English to all.
Qusetion:
How to read (in VB) Manufacturer serial number of Hard disk drive?
Not volume/serial number of C:, D:, etc. partitons.
For reading...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |