|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As featured in the
July 2001 Visual Basic Programmers Journal, Protect Your Application .
The LicenseKey class is the product of that article. Use the class to add
license key protection to your application, and use the LicenseDlgLib to help
protect those keys from SoftICE crackers.
If you are researching the subject, then you have probably discovered a million
places that want to teach you how to crack applications, while finding nothing
about how to protect them from crackers. Unfortunately, the subject is a bit
taboo since no one wants to give away techniques on how to crack their applications.
Truth is, there's no silver bullet here; you just need to learn the tricks of
defeating protection routines. For this I would recommend reading my article as
a starting point, and then read some of the cracker tutorials. There are
hundreds of newbie crackers out there defeating applications with little or no
protection, don't let your applications be one of them.
|
|
The LicenseKey Tester Application
|
|
|
This application demonstrates the license key generator, and creates a key that
stores license counters and expiry information. It also demonstrates the
LicenseDlgLib, which is used as a means to display or enter license
information. Make certain to change the code if you use it!
|
|
The LicenseDialogLib
|
|
|
This dialog demonstrates one technique to protect your application from
SoftICE crackers that watch your application execute, waiting for the moment
when your application compares a bogus serial number to one your application
generates to verify against. This technique is used by hundreds of newbie
crackers; and it works every time against an unsuspecting author.
|
|
The Sample Web Application
|
|
|
The sample Web application demonstrates how one might generate license
keys from a Web server in a shopping cart application. It includes a SQL Server
script to create a database used by the sample application,
|
|
|
|
P KeyGenerator.Vbp
|
|
|
|
Classes
|
|
|
|
|
|
P LicenseKey.Vbp
|
|
|
|
Forms
|
|
|
|
|
Classes
|
|
|
|
|
|
P LicenseDialog.Vbp
|
|
|
|
Forms
|
|
|
|
|
Classes
|
|
|
|
|
| |
|
|
|
|
|
| |
| |
|
| Frederick Samson |
| I found that the 'SwapBit' method doesn't work.
It doesn't matter if you add many bits swaps, you always get the same serial number...
It works if you replace the sub by :
Private Sub SwapBit(ByRef tBits As tBits, ByRef vKeySegs As Variant)
With BitList
Dim lWord1 As Long
Dim lWord2 As Long
Dim lMask1 As Long
Dim lMask2 As Long
lWord1 = SegmentValue(KeySegs(.iWord1))
lWord2 = SegmentValue(KeySegs(.iWord2))
lMask1 = 2 ^ .iBit1
lMask2 = 2 ^ .iBit2
' Change the word 1
If (lWord2 And lMask2) > 0 Then
KeySegs(.iWord1) = HexWORD((lWord1 Or lMask1)) ' Set the bit to 1
Else
KeySegs(.iWord1) = HexWORD((lWord1 And Not (lMask1))) ' Set the bit to 0
End If
' Change the word 2
If (lWord1 And lMask1) > 0 Then
KeySegs(.iWord2) = HexWORD((lWord2 Or lMask2)) ' Set the bit to 1
Else
KeySegs(.iWord2) = HexWORD((lWord2 And Not (lMask2))) ' Set the bit to 0
End If
End With
End Sub
Hope this can help...
P.S. Great article and gread code. It gives a great insight on the subject!
Frederick Samson |
 |
| Tony |
| Where's the sample web application located?.. I couldn't find it on the site.
Thanks |
|
| Carlos Sierra - UESA |
| Thanks for sharing such a GOOD JOB!
Carlos Sierra
from Mexico City |
|
| Shane Lawson - Homestead |
This is very good! Why can't I find anything on this subject?
BTW: Your article in the Visual Basic Programmers Journal was the ONLY thing I could find that helped me understand what I was up against.
Thanks Monty! |
|
| Raghu Nagumalli |
| Though I am repeating the same words some others already told, I just want to say that this code is a very good code. Nothing I have seen comes even close to this. |
|
| Mark Vetanen |
| Great work on the License Key. I am in the software industry and the issue of Software/CD-Keys is a constant problem to stay one jump ahead of the common cracker. One issue that I have yet to think about is after the program is registered to have some way that is crack proof for the program to know it is registered and not prompt for a license key. Currently the project I am working on only requires the CD-key to be put in on the Install, that is fine. But I have other projects that the program run in evaluation mode until the proper cd-key is entered. Currently we are just createing a few registry keys and populating the strings that tell the program it is registered. Yes it is a easy hack for anyone who has a registry watcher program. Let me know what you think about the this issue.
Mark |
|
| Frederick Samson |
I found that the 'SwapBit' method doesn't work.
It doesn't matter if you add many bits swaps, you always get the same serial number...
It works if you replace the sub by :
Private Sub SwapBit(ByRef tBits As tBits, ByRef vKeySegs As Variant)
With BitList
Dim lWord1 As Long
Dim lWord2 As Long
Dim lMask1 As Long
Dim lMask2 As Long
lWord1 = SegmentValue(KeySegs(.iWord1))
lWord2 = SegmentValue(KeySegs(.iWord2))
lMask1 = 2 ^ .iBit1
lMask2 = 2 ^ .iBit2
' Change the word 1
If (lWord2 And lMask2) > 0 Then
KeySegs(.iWord1) = HexWORD((lWord1 Or lMask1)) ' Set the bit to 1
Else
KeySegs(.iWord1) = HexWORD((lWord1 And Not (lMask1))) ' Set the bit to 0
End If
' Change the word 2
If (lWord1 And lMask1) > 0 Then
KeySegs(.iWord2) = HexWORD((lWord2 Or lMask2)) ' Set the bit to 1
Else
KeySegs(.iWord2) = HexWORD((lWord2 And Not (lMask2))) ' Set the bit to 0
End If
End With
End Sub
Hope this can help...
P.S. Great article and gread code. It gives a great insight on the subject! |
|
| Codeslinger |
| I am like the previous post, this was the ONLY page/code I could find that had a legitimate process on this subject. All the other pages that were proclaiming "Great program security... foil software piracy" was nothing but junk code, mostly saving their info right out in the open in the registry or ini files, fooling only those people who think of the puter as a "magical box" ;). (Also found alot of pages wanting to sell you their ocx that protected your application.... But what's the fun in that? ;) )
Do you have anymore information (your knowledge, other sites, etc.) that you could share with us?
Thanks a ton!! |
|
| Clockmaker |
| Hi Monte,
A few lines from a cracker.
Not bad man. A good implementation of code, avoiding strings and direct comparing of entered key and calculated key. The LicDlg .dll can be patched esaily ( one JE to JNE ). At the weak point for all this kind of protection stuff you finished your work. The problem is not the generation and/or validation of serials or keys, but the implementation of the result. The call of: If m_Key.ValidateKey(txtSerial.Text, m_PrivKey, txtLicensee.Text, m_ProdCode, ExpireDate, UserData) Then .... ALWAYS !!! ends up in a assembler code like:
cmp eax,ebx
jne 000067.... -> change one byte and your work is blown away.
Anyway, keep up this good work
|
|
| Tony |
| Ok, found the code. For those like myself who can't see it first hand click on the link labeled "The Code".
Great Code - Keep up the good work! |
|
| SIGIMUND - LIN |
| This code was VERY helpfull. I am very gratefull to you for your article. |
|
| A VB.NET Coder - N/A |
| Is there any chance you'll release the source code for your DLL files? I am asking because I don't like running DLL's that are pre-compiled. |
|
| Trieu Nguyen - Minhtue |
| It work good in vb, could you generate to vb7(VB.Net).
Which key word replace for "varptr" in vb.net?
Thank you!
|
|
| Chris Mayers |
| Excellent! This looks really good. I haven't gone through the code in any detail yet, but I have been looking for a way to implement key security like this for some time, and this seems to be just what I need!
With reference to the hacker who posted a comment earlier, I guess it's worth making that point again, all this hard work is rendered useless, unless you try to disguise the calls to ValidateKey somehow.
Once again, GOOD WORK!
ChrisM
|
|
| Joshua |
| Would you guys recommend using some version of this for an Internet enabled app?
I have three versions of my app, one free, and two that are paid for. They are Internet applications so require a connection to work. I was planning on sending the license key to the server, checking it to see if it is valid and if not, disabling the local application. The thing is, I also want to make sure that a paid version is not on multiple computers so I would need to check to make sure that the key is only registered for ONE machine, which I am not sure how to do.
Any thoughts? |
|
| craig |
| in your application you write 'TODO: lots of push pops'. What does this mean? How do I do that in VB?
Thanks,
Craig |
|
|
| |
|
|
|
