1. Advice wanted!
- Posted by hacker Mar 09, 2010
- 1924 views
I'm planning on marketing some software (written in Euphoria of course!) but I want to implement a security measure which will stop users from distributing the program. One way of doing this (so I thought) would be for the program to get some ID from the computer (the first time it's run) and on subsequent usage it would check the ID and abort if there's no match.
That's the idea, but I'm short on detail. What "ID" could I use? and could anyone suggest some Eu code which will do the trick? Obviously the ID would need to be stored on disc, I was thinking of using a Eu database file.
Any suggestions appreciated and thanks in advance!
2. Re: Advice wanted!
- Posted by euphoric (admin) Mar 09, 2010
- 1818 views
What "ID" could I use?
How about the serial number of the first local hard drive (C:)?
What you'll have to figure out is what to do when their drive "crashes" and they "can't recover anything."
I don't know from where the following originates, but it's Windows-only. This is also probably old and duplicates something in the standard library.
--include dll.e --include machine.e --include get.e constant kernel32 = open_dll( "kernel32.dll" ), xGetVolumeInfo = define_c_func( kernel32, "GetVolumeInformationA", {C_POINTER, C_POINTER, C_UINT, C_POINTER, C_POINTER, C_POINTER, C_POINTER, C_UINT }, C_INT) global function getVolSerial( object root_dir ) -- Input: A string that contains the root directory of the volume to be described. -- A trailing backslash is required. For example, you would specify -- \\MyServer\MyShare as "\\\\MyServer\\MyShare\\", or the C drive as "C:\\". -- Output: Volume Serial Number atom rootPathName, volSerNum sequence ret_val if atom(root_dir) then root_dir = root_dir & ":\\" end if rootPathName = allocate_string( root_dir ) volSerNum = allocate( 4 ) if not c_func( xGetVolumeInfo, { rootPathName, NULL, NULL, volSerNum, NULL, NULL, NULL, NULL } ) then --puts( 1, "\n**xGetVolumeInfo failed in function getVolSerial**\n" ) --puts(1, root_dir) end if ret_val = { peek4u( volSerNum ) } free( rootPathName ) free( volSerNum ) return ret_val end function
3. Re: Advice wanted!
- Posted by hacker Mar 13, 2010
- 1623 views
Thanks for the input. An alternative and more generic solution might be to get the mac address of the network card. I'm not sure how to do this though, I suspect you need to use some low-level functions.
4. Re: Advice wanted!
- Posted by jimcbrown (admin) Mar 13, 2010
- 1631 views
Thanks for the input. An alternative and more generic solution might be to get the mac address of the network card. I'm not sure how to do this though, I suspect you need to use some low-level functions.
Or you could be lazy and pull the information from the output of ipconfig.exe
5. Re: Advice wanted!
- Posted by petelomax Mar 13, 2010
- 1568 views
Thanks for the input. An alternative and more generic solution might be to get the mac address of the network card. I'm not sure how to do this though, I suspect you need to use some low-level functions.
Or you could be lazy and pull the information from the output of ipconfig.exe
How would that help?
With some snipping:
C:\Program Files\Edita>ipconfig
Windows IP Configuration
IP Address. . . . . . . . . . . . : 10.203.13.58
disconnect:
C:\Program Files\Edita>ipconfig Windows IP Configurationreconnect:
C:\Program Files\Edita>ipconfig
Windows IP Configuration
IP Address. . . . . . . . . . . . : 10.203.200.85
Confused? I am.
6. Re: Advice wanted!
- Posted by DerekParnell (admin) Mar 13, 2010
- 1573 views
Confused? I am.
Use the /all switch to get the physical address of the NIC.
Windows IP Configuration
Host Name . . . . . . . . . . . . : red-beast
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxx.xxxxxxx.xxt.xx
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : xxx.xxxxxxx.xxx.xx
Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 000.000.0.000
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 000.000.0.0
DHCP Server . . . . . . . . . . . : 000.000.0.0
DNS Servers . . . . . . . . . . . : 00.0.000.00
00.0.000.000
Lease Obtained. . . . . . . . . . : Sunday, 14 March 2010 2:29:22 AM
Lease Expires . . . . . . . . . . : Monday, 15 March 2010 2:29:22 AM
7. Re: Advice wanted!
- Posted by jimcbrown (admin) Mar 13, 2010
- 1558 views
Deleted. Sorry, my post and Derek's crossed.
Derek, can you delete this post?
8. Re: Advice wanted!
- Posted by petelomax Mar 13, 2010
- 1564 views
Confused? I am.
Use the /all switch to get the physical address of the NIC.
Windows IP Configuration
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF
Understood, I got it a little wrong above, but still when I disconnect, ipconfig gives me nothing. If hacker's app always needs an internet connection then no problem, or accept that no internet=no app. I'm not sure what happens with mobile broadband or wifi either. With some certainty, I would not be impressed if I made a shopping list at home on a netbook, and it stopped working when I got to the shop.
9. Re: Advice wanted!
- Posted by jimcbrown (admin) Mar 13, 2010
- 1568 views
Confused? I am.
Use the /all switch to get the physical address of the NIC.
Windows IP Configuration
Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF
Understood, I got it a little wrong above, but still when I disconnect, ipconfig gives me nothing. If hacker's app always needs an internet connection then no problem, or accept that no internet=no app. I'm not sure what happens with mobile broadband or wifi either.
Both ethernet and wifi cards will show their physical address thru ipconfig even when disconnected. (I'm not sure about mobile broadband, as I don't have one offhand here atm to test.)
I'm not sure why ipconfig /all would give no output at all when you are disconnected. The only type of connection that completely disappears like that that I know of is a Dial-up Adapter, which in any case can't be used for this purpose (of uniquely identifying a computer).
10. Re: Advice wanted!
- Posted by petelomax Mar 13, 2010
- 1565 views
The only type of connection that completely disappears like that that I know of is a Dial-up Adapter, which in any case can't be used for this purpose (of uniquely identifying a computer).
Yes, my dongle connects via a dial-up adapter.
11. Re: Advice wanted!
- Posted by jimcbrown (admin) Mar 13, 2010
- 1526 views
The only type of connection that completely disappears like that that I know of is a Dial-up Adapter, which in any case can't be used for this purpose (of uniquely identifying a computer).
Yes, my dongle connects via a dial-up adapter.
What kind of dongle is it?
12. Re: Advice wanted!
- Posted by petelomax Mar 13, 2010
- 1535 views
What kind of dongle is it?
I just pulled it out and on the back it says HUAWEI Mobile Broadband HDSPA USB Slider. A Christmas present, so I've only had it a couple of months, and of course silly me it is indeed prepaid mobile broadband.
Regards, Pete
13. Re: Advice wanted!
- Posted by ghaberek (admin) Mar 15, 2010
- 1473 views
I've put quite a lot of thought into this over the years. IMHO, tying the software to any amount of hardware is bad practice. Parts are broken and replaced all the time. Don't be like Microsoft and pull a "Vista activation" nightmare. Here's how I'd do it:
- Generate self-checking product keys similar to Microsoft Windows or Office. Develop your own method for this and don't tell anyone. Otherwise somebody might get wise and develop a "generator" for your keys.
- Supply those keys with your software for installation. Have the installation program verify the check digits in key before proceeding. If you develop your own installer, you could even encrypt each installation package with key, then provide a "personalized" download or CD to each person so they cannot "share" the software.
- After installating the files, have your installer collect some information about the current system, but not about the hardware. I suggest the following registry keys:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DigitalProductId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\InstallDate
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LicenseInfo
- Combine your product key with one or more of the value above, plus some optional salt and generate a hash value. Store this hash with your product key in your application data.
- At program startup, re-hash the key + registry info + salt and verify it against the stored hash. Maybe offer your user the opportunity to re-enter their key to verify the installation.
- Have your program "call home" to verify its product key is not registered to another user. A good time to do this is while "checking for updates", so people don't think you're calling Big Brother for no reason.
Of course, there are ways to circumvent anything. People will try to break your methods simply because they can. People will attempt to pirate good software despite their ability to pay for it. In the commercial software industry, piracy is often the highest form of flattery. If nobody wants to pirate your software then you must not be making a very good product. 
-Greg
14. Re: Advice wanted!
- Posted by hacker Mar 16, 2010
- 1310 views
Thanks Greg, this is useful. I was moving away from the hardware ID approach for the same reasons you mention. An alternative would be to get the time and date at which a system file was created (and convert it to seconds). The probability would be very high that this would be a number unique to that particular PC. However, I think I prefer your suggestions. Thanks again.
