Board index » cppbuilder » Authorization/Unlock Codes

Authorization/Unlock Codes


2007-07-12 01:27:12 AM
cppbuilder39
Does anyone know of best practices when implementing shareware expiration in
their applications? I'd like to develop a piece of software that has a
trail period (expiration date) and need to understand how best to lock the
program and how to develop a unlock key generation algorithm.
Thanks,
Jeff
 
 

Re:Authorization/Unlock Codes

"Jeff" < XXXX@XXXXX.COM >wrote in message
Quote
Does anyone know of best practices when implementing
shareware expiration in their applications? I'd like to develop
a piece of software that has a trail period (expiration date)
and need to understand how best to lock the program and
how to develop a unlock key generation algorithm.
That is a very broad question. There is no single best approach to it, as
there are many approaches and each has its advantages and disadvantages.
This topic has been discussed in lengthy detail many many times before. Go
to www.deja.com to search through the newsgroup archives.
Also, have a look at MJFSecurity (www.mjfreelancing.com) to get your
started.
Gambit
 

Re:Authorization/Unlock Codes

"Jeff" < XXXX@XXXXX.COM >wrote in message
Quote
Does anyone know of best practices when implementing shareware expiration
in their applications? I'd like to develop a piece of software that has a
trail period (expiration date) and need to understand how best to lock the
program and how to develop a unlock key generation algorithm.
This topic is probably far beyond the scope of this newsgroup. There are
many different ways to protect your application, just as there are many ways
to defeat protection.
The easiest thing to do is probably to buy a software protection library,
because doing this yourself is a LOT of work. I know because I did it once
(and I would definitely do it differently if I had it to do over again). It
is not an easy task and you would probably be much better off simply leaving
it to experts.
However, if you still want to do it yourself, or if you don't need a high
level of protection, then a fairly straightforward method of accomplishing
what you ask (and similar to what I did) is to use some kind of encryption
to encode information about your program with a private key/password, and
store that information in the registry. If the registry information does
not exist, or if the information is invalid (cannot be decoded for any
reason, or the number of days remaining has expired), then you disable your
program. This requires that you have some way of initializing the registry,
perhaps with an installer program. One difficulty you will have to overcome
is how to make your system immune to changes to the system clock. After
all, you don't want your user to be able to set his clock back and get
unlimited use of your program! Another problem you have to worry about is
how to keep CBuilder Developers from sharing their registry information to
unlock other copies of your application for their friends. This requires
that you have some way of identifying each computer where your software is
installed with a unique identifier that won't change -- and this in itself
is a very difficult task. If you can combine a unique machine identifier
with a random element and a strong encryption algorithm, you can make it
very difficult for hackers to figure out (and defeat) your protection
mechanism.
That's a pretty simplistic description of a particular software protection
mechanism (one I employed to protect software for a client once), and it
comes from someone who is relatively naive about how *good* software
protection systems work. So take my description with a grain of salt. The
best advice I can give you is to suggest that you invest in a library that
is designed to give you the kind of protection you want.
Of course, the effectiveness of any protection mechanism is inversely
proprtional to the sophistication of the user trying to defeat it. And any
protection can be disabled if all tests go through a single point of control
in your application. Unfortunately, most protection schemes work that way
and can be easily defeated by anyone smart enough to disassemble the machine
code and read the resulting assembly to find and disable that single control
point.
Good luck,
- Dennis
 

{smallsort}

Re:Authorization/Unlock Codes

Quote
That is a very broad question. There is no single best approach to it, as
there are many approaches and each has its advantages and disadvantages.
This topic has been discussed in lengthy detail many many times before.
Go
to www.deja.com to search through the newsgroup archives.

Also, have a look at MJFSecurity (www.mjfreelancing.com) to get
your
started.
Thanks Gambit, I'm just looking for some ideas to get started.