Jump to content

  • Log In with Google      Sign In   
  • Create Account

Who has implemented a licensing API/SDK


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
25 replies to this topic

#21 Adam_42   Crossbones+   -  Reputation: 2507

Like
0Likes
Like

Posted 26 September 2013 - 06:45 PM


If you do not require online validation the program itself needs to validate the key and any decent hacker can extract whatever counts as the private key from the executable.

 

The private key can't be extracted from the executable, because it's not stored there.

 

The developer signs a message with the private key which they keep secure and don't distribute. The application which contains the public key can then verify that the message is signed by the developer.

 

See http://en.wikipedia.org/wiki/Public-key_cryptography


Edited by Adam_42, 26 September 2013 - 06:47 PM.


Sponsor:

#22 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 01 October 2013 - 04:21 PM

My experience was that it was an utter waste of time and trivially cracked by an amateur reverse engineer (me) in a matter of a few minutes for the simpler solutions, and a couple of days of hardcore reversing for the more sophisticated options out there. (I won't name them, for legal reasons.)

Can you tell me what tools you used to crack your app?  I've implemented a very basic scheme so far and would like to see what is visible to the potential hacker.



#23 ApochPiQ   Moderators   -  Reputation: 15737

Like
0Likes
Like

Posted 01 October 2013 - 05:27 PM

Tools aren't really important - understanding the machine code and how to modify it are what really matters. Even the debugger shipped with Visual Studio is plenty to reverse most apps, combined with a hex editor and careful fingers. If you're really industrious you might learn and love WinDbg. OllyDbg is also pretty good and has some handy tools.

 

There are of course other high-caliber options out there, but they're generally expensive and don't offer much if you don't already know what you're doing.



#24 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 01 October 2013 - 08:16 PM

Thanks Apoch, just youtubed it and saw how easy it is to crack a serial key. sigh



#25 ChaosEngine   Crossbones+   -  Reputation: 2357

Like
0Likes
Like

Posted 01 October 2013 - 10:00 PM

My $0.02: don't put much time into it. As others have said, all it will do is end up annoying your legitimate customers.

 

If you really feel you must do something like this, favour unobtrusiveness and simplicity over security. No matter what you do (short of hosting all the content remotely) it will be cracked, so look at your DRM as something to inconvenience amateurs rather than something that will stop determined hackers.


if you think programming is like sex, you probably haven't done much of either.-------------- - capn_midnight

#26 sweetRum   Members   -  Reputation: 119

Like
0Likes
Like

Posted 01 October 2013 - 10:37 PM

@ChaosEngine - I think you are right. That is how I am approaching it. I just wish it wasn't SO easy. It is easier than registering the product! No wonder so many companies are gravitating towards cloud SAAS solutions.


Edited by sweetRum, 01 October 2013 - 10:38 PM.





Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS