Geek Answers Handbook

Key Activation Algorithm - Security

I am writing a software application for which the user needs to buy a license and activate it. I need suggestions on how to start writing a powerful code generation algorithm and, of course, code verification. I know that people can reverse engineer the code and make keygen, however my question has two parts:

  • In general, no matter how the application is cracked in such a way, how can I start writing an algorithm to accept a specific Serial or String or combination. (for example, this is what is correct: for example: the first number from 3 to 9 should be the first - 3, and the third number should be the second * + .... regardless ... ??)

  • What is the best approach to protect your desktop application from piracy without using the Internet. This is an algorithm (to make it harder for reverse engineering), to protect the source code from visibility after the application is installed somewhere? ... ??

PS: Maybe it’s worth mentioning that I use Java as my development language. Thanks

+6
algorithm copy-protection
source share
6 answers

  • It looks like you could use a cryptography key .

  • This can be divided into two sub-points:

    • A. Have you read this topic here on SO? This may give you some latitude in the problem.
    • Q. As @Jaka said, this is not a big problem (from what I read) for creating human readable code from Java byte code. You can run your code through an obfuscator to make it more difficult for someone to get human readable code from him, but if someone really wants to read your code, they will almost always find a way. The best way to deal with this is to take the advice I got attached to SO: make it so that someone can buy your application, than someone to steal it.

(edited after he claimed to use Java)

+2
source share

For license keys, you can use public key encryption. That way, you can insert the private key into the software and encrypt the string that will mean something for your software (for example, what features of your software are licensed). Or you can insert an audience and give the program a line with a special value and sign it with your private key. The software can then verify that the signature is valid.

edit: labratmatt was faster with public-private key response :)

Obviously, the second part of your protection will require solving the problem with the failure and debugging of your software (this is how crackers check your software and try to bypass the protection using a patch, or they try to figure out how they can make a serial). This part is actually much more complicated and includes methods such as encrypting the entire executable file and transferring it inside the bootloader, which decrypts it at run time. The loader can also use various methods to detect the presence of debuggers.

edit:. Since you mentioned that the application is written in JAVA, this encryption and packaging step is even more important because JAVA can be easily decompiled into a form that is very understandable to humans. There are "obfuscator" programs that handle classes, so decompilers cannot generate readable code, but cracking it is still much easier than cracking something compiled for machine code.

If you do not want to spend time developing your own protection, you can also use one of the commercial protection programs. There are quite a lot of them, and they offer many protection schemes (keys, temporary licenses, ...)

Many commercial programs use such packages as FlexNet, HASP, Wibu-key

+1
source share

Suggestion: encrypt the part of the application that provides licensed features. The user needs the key that you provide at the time of purchase in order to use this part of the code.

If you have ever allowed a user to run the code that you want to protect before they purchased, there is no reliable standalone solution. At best, you can stop the most random piracy.

0
source share

You must also do this so that one key cannot be used on two different computers. Just not to let the company buy one key and use it for many installations.

0
source share

Did you write your own JRE too? Creating a safe, capable activation system that smoothly considers the range of user scenarios that you will encounter (people without a network connection, a firewall, proxy server, etc.) and have been thoroughly tested in the field, have considerable experience and time in work.

As a supplier of such systems, we have as a personal interest for the announcement, but we also have data - we see that many companies trust the developer who says they can build a licensing system, and then they will come back to us, since he never did what they needed. This article (mine) expands the possibilities: http://knol.google.com/k/dominic-haigh/issues-to-consider-before-building-your/2zijsseqiutxo/6#

0
source share

https://superuser.com/questions/14224/how-to-explain-drm-cannot-work/14254#14254

Even if you put a very powerful lock on your software, pirates will still find a way to crack it and put it on a torrent site. (example: Spore)

You are talking about DRM, and there is no easy way (if any) to block pirates from piracy of your software. And besides, you compete with free products that can do what your software does (always do), so you should focus more on making your software easy to install and use, rather than hard to install and use. for more than you expected.

0
source share

More articles:


All Articles