Page 1 of 3 123 LastLast
Results 1 to 15 of 38
  1. #1
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397

    Unanswered: Izy's Demo-Licensing

    Hi Izy,

    I downloaded your Licensing demo

    Excellent work!!!

    It is generating License Key in table.

    But I did not understand the flow how it works. How to use this great facility with client’s db?

    A couple of questions:

    1. Which of the from/(s) of your Licensing db I should include in the clients
    db?
    2. Which will be the start up for my clients db. If it yours, (frmStartup) then
    will it run one time only to request license?
    3. If start up form is set different than your in my client’s db, then how the
    client will request me the Licensing Key Code in case he placed my db in
    newly formatted pc?

    Please explain me steps so that I would include your db forms in my db to run it at clients pc.

    With kind regards,

    Ashfaque

  2. #2
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    hi Ashfaque,

    sorry for the delayed reply - work (& dead forum over the w/e) got in the way.

    did you get it sorted out yet?

    if not, it works like this:
    your firmly locked-down MDE application has an 'artificial' startup form set in Tools/Startup (easy for you to find which form i'm talking about from that menu). the job of this startup form is to get some sort of user/machine ID and hash around with it and compare the resultant hash with the stored hash in the one-row table.
    if the hashes match, the startup form closes and opens the 'real' startup form of your application (name is probably declared as a constant in the startup form and is probably something original like 'frmMain').
    if the hashes don't match then the register prompt shows: the user registers or quits.

    those are the two 'client side' forms in the demo. your 'real' application hangs off 'frmMain' or whatever you set the constant to for the launch form of your app.

    there is a third form possibly called 'frmGenerator' or similar that you always keep locked away under your bed - that's the form that creates licences for the client application. it will create billions of licences so it is not something you want to distribute.

    TAKE CARE - the demos (i put more than one on this site) use S/N from BIOS via WMI as the 'machine ID' -- i have never checked how unique this value is and i have no plans to do so. i seriously doubt that it is sufficiently unique. i chose this 'lite' S/N approach to provoke folk into thinking about what they use as ID.

    a decent user +/or machineID scheme is only the start. then you have to lock your application real tight without locking yourself out of your development version. and then you have to make your application fail if the licence check fails or doesn't take place (one poss is to change some constants to global vars and only populate the vars in the deepest layer of your licence-OK routine).

    ...and just for balance, let's be a bit negative about copy protection in general.

    if you do a really good job, you can prevent civilians copying your app. there are defenses against stupid criminals with smart tools, but smart criminals with smart tools will walk straight in.

    so you are left handling stupid criminals and faithful users.

    how many stupid criminals will buy your app if they can't steal it?

    compare with how many faithful users will change their hardware or net config during your app's lifetime and get annoyed when the licence breaks.

    one set already gave you money, the other set wont, ever!

    take extreme care not to alienate faithful users unless you expect compensating revenues from stupid criminals.

    izy
    currently using SS 2008R2

  3. #3
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Thanks Izy,

    I will follow your instructions and let you know soon.

    Thanks again for reply.

    With kind regards,
    Ashfaque

  4. #4
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    My db contains following forms:

    1. F_Logon (Start up form_
    2. F_Main (Second form after F_Logon)
    3. Some other forms that are opens after F_Main thur command buttons.

    Demo-Licensing contains following objects:

    Forms:
    1. frmStartup
    2. frmMain
    3. frmGenerator

    Tables:
    1. tblLicence

    Module:
    1. mdlHash

    Now, from which of the objects of your Demo I should to copy into my db? I tried other way but do not work.

    What I understood is

    A. Get first serial number of client’s pc. (by any mean)
    B. Copy your frmStarup, tblLicense and mdlHash into my db and take the following steps.

    Set frmStartup as first start up into my db. Then need to replace name frmMain to F_main in vbe code of Activate Command button. It is storing the code in tblLicence.

    But the problem is : every time it is opening your frmStartup even after providing the lengthy code. Why it is not checking with existing code from tblLicence and close permanently your frmStartup and open my next form? How to set your frmStartup form to appear one time only? Is there any code I need to remove or make as commects?

    Can please specify clearly?

  5. #5
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    see if this helps.

    there are two MDBs in the ZIP
    ashfaque.mdb is your application (i used a placeholder F_Logon form)
    ashfaqueGEN.mdb is your licence generator

    this time i hashed the ID and added a constant to define the application so the lix applies only to the named app. i added sendobject.

    you will need to modify the mail address in the .sendobject line
    you will need to add mdlHash, tblLicence, frmStartup to your app (DO NOT add my placeholder form F_Logon, use the real F_Logon from your application)
    your application must set frmStartup as the startup form in menu Tools/Startup

    ...you still need to find a better ID than SN
    ...you still need to move some essential consts to glovars and populate only if lix is OK
    ...you need something smarter than cstAppName
    ...and a thousand other improvements are possible
    and then
    ...you must use MDE
    ...you must lock-down that MDE as tightly as you know how: this simple lix scheme depends on frmStartup running without interference when your app starts - research! research!! research!!!

    izy
    Attached Files Attached Files
    currently using SS 2008R2

  6. #6
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Izy,

    I have tested your demo (2 MDBs) at the following environment.

    I have 2 computers with my in my office. Let us say pc1 (mine) and pc2(other user)

    So far what did I do at pc1 as per your instructions are as under:

    1. I changed application name vba code of frmstartup as follows:
    Const cstAppName As String = " DahimLab #1"
    2. Changed the mail address in the .sendobject line.and placed my own
    3. Copied your 3 objects (mdlHash, tblLicence, frmStartup) into the db (let us say the db name is DahimLab.MDB) which will be given to my client.
    4. I set your frmStartup form as startup form and updated next form name that will open after closing of this frmStartup (Main form)

    Now the db is ready at pc1 for the deployment.

    5. I someway picked up serial number of pc2 which is (552840205)
    6. Placed & Run the DahimLab.MDB at pc2 and your frmstartup appeared & asking License and Key.
    7. Considering it (pc2) is a client’s pc and he did not receive any key before hence clicked to GetCode command button. An outlook opened one email along with a lengthy code : ACF2D118D04F7936FEBBE24C8EC14889C480A49E
    8. This email forwarded from pc2 to my pc (pc1). Please note again that pc1 is my pc where I am working and pc2 is my client’s pc.
    9. NOW WHAT NEXT?

    Please look at the steps I did and correct my flow of working if found wrong.

    Hopefully I did not miss from the instructions you gave me.

    Regards,

    Ashfaque

  7. #7
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    the pc that has an MDE containing frmStartup and mdlHash and tblLicence and your real application DahimLab #1 including it's launch form F_Logon is the customer.

    the other pc is the programmer and needs an application like the second db in the ZIP ashfaqueGEN.mdb containing frmGenerator and mdlHash (but see later discussion).

    for this primitive demo:

    customer sends the mail with the HashID ACF2D118D04F7936FEBBE24C8EC14889C480A49E to ask for a licence. in principle, this HashID is supposed to uniquely identify the customer machine and your application DahimLab #1 (but see later discussion).

    the programmer machine receives the mail with the HashID ACF2D118D04F7936FEBBE24C8EC14889C480A49E

    programmer runs frmGenerator from ashfaqueGEN.mdb and copy/pastes the HashID into the users Serial Number box.

    programmer obtains a LicenceNumber from somewhere (for the demo scenario the LicenceNumber defaults to 1234 but see later discussion).

    programmer hits the [Make Code] button to generate a LicenceKey (in the demo scenario this is a simple hash of LicenceNumber and HashID but see later discussion).

    programmer then sends a mail to customer with LicenceKey and LicenceNumber.

    customer copy/pastes LicenceKey and LicenceNumber into frmStartup and is ready to run.

    here is the later discussion.

    DahimLab #1 application needs to be modified:
    the e-mail sent by customer to programmer should include the name of your application in plaintext.

    you must make your application crash if the licence check is bypassed - one way is to kill a few constants and redefine them as global variables. set the value of the globals in frmStartup after the licence check is passed.


    ashfaqueGEN.mdb needs to be modified:
    add a table so that you can capture the following data:
    e-mail address of the customer (from the e-mail)
    name of the application (DahimLab #1 in this case) (from the e-mail)
    HashID (from the e-mail) ACF2D118D04F7936FEBBE24C8EC14889C480A49E
    LicenceNumber (from frmGenerator)
    LicenceKey (from frmGenerator)
    ...you want to store this stuff so you can make intelligent decisions later when the user writes back to you saying he has lost his licence or changed his machine.

    be warned of the following:

    1. swapping mails like this is not a fun way to become a millionaire - too much work if you really have a hot-selling application. something automated and web based that also takes the payment via credit card would be ideal.

    2. S/N from BIOS may not be sufficiently unique. here is my machine's HashID using " DahimLab #1" as the application name:
    3DE5CB19216F95C145BEE2038D929B842CCCD6D0
    so this method can tell the difference between your machine and my machine, but can it tell the difference between all machines????

    3. this demo scheme provides too many generous hints to a potential hacker.
    the lengthy code as you call it is obviously a hash.
    the number of bits in the hash reduces the number of possible hash algorithms to just a few candidates.
    the mail with LicenceKey and LicenceNumber that you send to customer would let even a stupid hacker crack the scheme in 5 minutes.

    ...which takes us to improvements required.

    your licence number should be generated automatically and unique for each licence. anything you like: random number, random autonumber in the table, sequential number, even clng(now()) if you wont sell more than one licence per day.

    make frmGenerator more complicated (...you will need to make corresponding changes in frmStartup's licence verification routine). things to try include hybrid-hashes
    replace
    Me.ActCode = Hash(Me.SN & Me.Lix)
    with something like
    h1 = hash(me.sn, md5)
    h2 = hash(me.lix, md2)
    Me.ActCode = Hash(h1 & h2)

    you also have the application name (and the user's e-mail address if you can work out how to obtain this automatically) to play with!
    make it as complicated as you can so amateur hacker cant work out the scheme in a few minutes.

    the customer needs to send a much more complex message - PLEASE do google around for WMI and discover all the other good things it can do for you. here for example is the HashID of my own machine for an application called " DahimLab #1" using my real licence scheme:
    075E0816CB8AC40A4146949B18C877BBA938F952
    3187F6DF5EA9E7F4E86AEF7603F098BDB8548DC3
    467ADE6A6E9C2051CD064E2743B19557EFA740E3
    5FCA844AB70F14A2ED60913AF26985C776AB7B5C
    4AC7F09CF38DECD6A50B778713CDBE81015D6D22
    FE71775B704608D1D6504623A49E164C4D4DFC26
    16B29F38AB429530ADEF9CCBB2A2253166DA5888
    D039772F41B4915125DD0FCA1733F483014BC28F
    95F32D4CE6DAD9EE54A944D6424492DB5CB7BC1B
    AE702392657E8C95848C20EDF5AC2ECD16B70680
    17404EF0AE83D9A2BDD9FDBF9330B3129427766F

    what is all that stuff?
    each line is different attempt to fingerprint the client machine. two of them relate to the network environment. six of them relate to various non-disk aspects of the hardware. one relates to the boot disk. one relates to the total harddisk environment. one is unique to the current boot of the client machine. all are salted by something specific to the application (i use something much more difficult to discover than the application name). to the best of my knowledge it is strictly impossible for two machines to return the same id (and the boot-unique line theoretically never repeats) my licence scheme uses part or all of some of the lines. the client stores all eleven lines in a table (plus the licence number and the licence key). no, i am not telling you how my HashID is generated or which line is which or which lines i use, but it is all do-able with WMI after an hour with google. amateur hacker now has 11 times more bits to work with when trying to crack the scheme. i can lock licences to disks and/or other hardware and/or network setup. amateur hacker has to guess and this ties him up for quite a while - your hope is that he gets bored. pro hacker runs your app in a debugger. you counter by quitting the app if running in debug environment. black-hat hacker spoofs the response to your checks for the debug environment ...in the end, black-hat hacker wins!

    izy
    currently using SS 2008R2

  8. #8
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Izy,
    Sorry for my late reply.

    In fact I was testing the demo according to your instructions.

    With your permission, I have put additional VBA code lines. Also I prepared a 2pages instruction manual that shows step-by-step how to implement your Demo-Licensing db. What steps should be taken before its implementation. The instructions are written in very easy and clear manner so that the new user will understand immediatly. (not like me as I am still bothering you). This manual I will surely upload here soon.

    I attached herewith my experiemental db. Please check why the activate buton in db Test-2007 is not working while code is correct. Everything goes fine like creation of License #, generation of lenghty code etc...

    Also I would like to know; is there any limitations for Lincense Number (Lix) field to accpet Not > 99999 ?. It is a text field but not accepting more than 5 character. ( I checked the lenght of the filed which I set 30)

    Please have a look at my db and correct me where I am wrong.

    With kind regards,
    Ashfaque
    Attached Files Attached Files

  9. #9
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397

    Thumbs up

    Hi Izy,

    With you permission, here is the corrected Lincesing Db demo. I also included a ReadMe docment in which I stated step-by-step instructions from my own experience. Hopefully this would help to our Access community.

    With kind regards,
    Ashfaque

    P.S.: Please note that this is not a perfect solution. A smarter hacker can find out your settings. But general users won't be able to break it.
    Attached Files Attached Files

  10. #10
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    hi Ashfaque,
    glad you got it working, but you kept it too simple.

    attached zip contains your dummy application licenced for my machine using a slightly tougher scheme - see if you can find a way to make it run on your machine (i.e. get it to show your FrmLogin).

    to give you a head start, let's assume that you hijacked my mail - the request and the reply with the licence. here they are:

    the request mail:
    Challenge
    CEEE85742F3DF5572F0B284CF992A5AC3763F4B7


    the licence mail:
    New License Number:
    5664
    New KeyCode Number:
    7C1F32AEA4C5BDEC6C7F2DD7A75F93B42E66B00C
    Please copy/paste these values into the startup screen of the application


    next hint: the modified LicenseGen.MDB creates and saves some secrets that are specific to all instances of a given application. programmer conceals these secrets in the application at design time ...so the secrets are known to both client and programmer.

    another hint: when i ask for a licence for a different application, my 'machineID'
    CEEE85742F3DF5572F0B284CF992A5AC3763F4B7
    will NOT be the same because the shared secrets are different for each different application.

    final hint: if by total chance the request for licence for a different application turned out to have the same 'machineID' as before
    CEEE85742F3DF5572F0B284CF992A5AC3763F4B7
    -and- for whatever stupid reason programmer uses the same licence number to generate the activation code for this different application, the activation code will NOT be the same. again it is to do with the shared secrets being different for each application.

    have a hack. it should be possible to break.

    i'll post the source in a few days.

    (and i'm still using the 'demo' SN from BIOS as machine fingerprint - i'm not convinced it is good enough as i have mentioned before)

    izy

    PS: ZIP contains an MDE in A2K3 format
    Last edited by izyrider; 02-05-08 at 14:26.
    currently using SS 2008R2

  11. #11
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Yes, you are right Izy. This tact is more secure than before.

    I tried and found not working with me.

    I could reach to see db window to see objects somehow in your mde but even though it won't run.

    Good work!!

    I will be waiting for your this latest version of License Generator.

    With kind regards,
    Ashfaque

  12. #12
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    here is the MDB version.
    ...it still comes with a 'health warning' about the uniqueness of SN from BIOS

    no special references need to be set - it late binds to WMI, CAPICOM and uses inherent-DAO.

    i also removed the 4075 refs from your demo and /decompiled to get it down from 2.5 Meg

    izy
    Attached Files Attached Files
    currently using SS 2008R2

  13. #13
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Thanks Izy,

    I gone thru the code. Looks better. But I did not test it fully. May be tomorrow I will test it n will come back to you with the result.
    In the mean time I would like to ask you one thing. Can we put any characters (play with upto 40) we like in the Secret1 & Secrect2 boxes ?

    With kind regards,
    Ashfaque
    Last edited by Ashfaque; 03-10-07 at 09:29.

  14. #14
    Join Date
    Dec 2002
    Location
    Préverenges, Switzerland
    Posts
    3,740
    you saw the MDB

    the demo 'secrets' are any garbage you have available...
    ...and that is one possible direction: what can you discover about your .MDE that does not require you to embed an artificial (and highly visible) 'secret' ???

    move the demo to MDE and attack it with a hex editor and you see:
    Code:
    Offset      0  1  2  3  4  5  6  7   8  9  A  B  C  D  E  F
    00012BD0                                                 41                  A
    00012BE0   00 38 00 31 00 32 00 37  00 39 00 43 00 35 00 44   .8.1.2.7.9.C.5.D
    00012BF0   00 46 00 37 00 44 00 46  00 35 00 37 00 45 00 35   .F.7.D.F.5.7.E.5
    00012C00   00 44 00 31 00 43 00 44  00 39 00 33 00 43 00 32   .D.1.C.D.9.3.C.2
    00012C10   00 30 00 34 00 33 00 45  00 36 00 30 00 42 00 30   .0.4.3.E.6.0.B.0
    00012C20   00 37 00 45 00 42 00 33  00 36 00 35 00 39         .7.E.B.3.6.5.9
    there's one of the 'secrets' in unicode.
    ...that's not secret enough for my taste. as shown above, secret-1 in the demo MDE is blindingly obvious. it only takes a few minutes from there to crack the licencing scheme.

    ?? but what if you pulled some 'secret' from the MDE itself without the artificial injection in the .tag property used by the demo?

    enough hints from me i guess! if you go for a scheme like this, the very last thing you should do is discuss the details in public.

    lessons: WMI can provide you with a lot of info; you must give ZERO hints to amateur-hacker; your 'secrets' need to be carefully designed; your licence request msg can be as complicated as you like (copy/paste doesn't care); you want to have some understanding from comparing new-ID and old-ID of what changed on the machine when an existing user asks for a new licence so you can compare this with the user's explanation; and whatever you do - some smart-ass can crack it.

    izy
    currently using SS 2008R2

  15. #15
    Join Date
    Jan 2005
    Location
    Nanded, India
    Posts
    397
    Sorry again for my late reply. I was busy with some other issue.

    Anyway, I was testing your newly loaded db (with 2 secrets) from all the possible way to work it. But it doesn’t works.

    I followed these steps:

    1. When I received m/c id from clients, I first opened the Secret form in your db and just put the client's db name and clicked btn ‘GO’ it generated 2 secrets automatically. I did not play with these 2 secrets and quit the db.

    2. Next, I run LecenseGen form and entered all the information and clicked btn 'Make Code' and send to the client along with the license number.

    BUT IT WON'T WORK. AND GONE THRU THE CODE

    With this of your latest db (With 2 secrets), I did not understand why the code behind Active btn in Demo db deals with only secret 2? Then what is the use of keeping or generating 1st secret? Should we change 1st secret in .tag property of the form Demo?

    Please put on some light how it works and advice me where goes wrong.

    Thanks for your precious time.

    With kind regards,
    Ashfaque

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •