I would like to add to a C++ application for Windows/Linux some basic
protection using an expiration date and a serial number. Where could I
find some reference on the web to avoid reinventing the wheel?
Thanks!
Andrew
Andrew
> I would like to add to a C++ application for Windows/Linux some basic
> protection using an expiration date and a serial number. Where could I
> find some reference on the web to avoid reinventing the wheel?
If you're clear, that this never will be securely possible, it's very
easy to "reinvent".
Yours,
VB.
--
> My windows XP is updated for all critical updates including survive pack 2.
Norman Perry in c.s.f
I think the best solution for you would be EXECryptor
http://www.strongbit.com
I know it as one of the today's strongest software
protection/licensing. Also they recently updated it to new version. So
if you're interested, have a look.
James
An implementation example:
An approach is to provide your users with a code that works only for
one particular machine. Basically you inspect the hardware for serial
numbers and unique numbers (like mac addresses) then build a "message"
from this information that can be used to generate/calculate a key
possibly using a cryptographic hash function. To implement the notion
of expiration you can include an expiration date in the message so that
the key gets valid for a given hardware and until a given date. Note
that most of the time you won't be able to calculate the expiration
date from the key (because of the properties of cryptographic hash
functions) - so either you should "guess" it by trying a range of
values of otherwise you'll need to store it somewhere.
Problems to address:
Reverse engineering. This might allow an attacker to a/ understand the
mechanisms of the protection and build a key generator, or b/ to remove
the protection. Against a/ you might want to use some programs to make
your executable difficult to reverse engineer - make a google search
for this. You might also want to implement your protection following a
logic that is difficult to follow (but don't underestimate the
motivation of an attacker). Against b/ you should make several calls to
the protection in different areas of the program and in different
manners. Probably, the best would be to implement some sort of
self-inspection, assuring the executable was not changed. But this
self-inspection part is subject to the same sort of attacks than the
protection itself.
In any case a regular communication with a server controlled by the
editor helps a lot.
Kind regards
Ludovic Joly