EvilZone
Hacking and Security => Hacking and Security => : Kulverstukas February 08, 2012, 11:15:13 PM
-
Time for me to write my first somewhat commercial application and I'm already stuck...
Of course if an application is to be sold, then it needs protection against illegal use, so I was thinking to implement a serial number system. The application will be done in Java and there isn't much information on this subject either.
How does one write an algorithm to generate keys unique to that program only? links to articles, papers or books would be appreciated, thanks.
-
A quick google search, brought these up:
http://members.chello.at/stefan-schneider/JavaLicenseKit.html
http://java.net/projects/truelicense/
http://stackoverflow.com/questions/3647255/how-do-i-copy-protect-my-java-application
Hope they are helpful :D
-
Thanks, but first two are not free and last link didn't provide much information.
-
i'd like to know this as well
-
Best way is to generate the serial at download time for particular person, give it X amount of activations, and they have to have access to the internets to activate.
-
This might help. (http://www.brandonstaggs.com/2007/07/26/implementing-a-partial-serial-number-verification-system-in-delphi/)
Even though the examples are in Delphi, you can use the same ideas to implement it in Java or any other language for that matter.
Using this as a base, you can add complexity. But I wouldn't bother too much. No matter how hard the protection is, someone will always break it.
-
Sweet. I am developing that app in Delphi now...
-
i remember working on a hack for counter strike source!
It used the hard drive serial number as a validation.. sent back that info to a server.. if the HD serial had changed it wouldnt load..
it had safe guards against reversing too. pretty good. written in C.
There are loads of ways to secure shit down..
Think like a cracker. then think how to stop those attacks
-
I must say the best Anti-Crack way I've seen is the "Online" system.
Basically the client needs to have an internet connection to your server to keep authenticated.
In Java that might not be required as there's no such thing as Java Reverse Engineering, at least not nearly as easy as for a C/Delphi file. The main difference is that with such languages the .exe will be created and it's easy to read the assembly and change value of registers and edit jumps, etc...
In Java however, since it will be interpreted by JVM, unless you know how the JVM interprets the code you won't be able to edit it successfully, not even close.
About creating the key, I think the best way would be for the key to be created on server-side (to prevent client-side cracking) and sending it to the e-mail/program (if you send for the program you should send it encrypted and even the user shouldn't know it, this of course also makes it a lot limited as they can't change computer).
This all depends on the type of license you'll have and the type of program.
Think of it like this:
.EXE = Crackable.
Sent to e-mail = Copyable (Unless you have 2 types of keys, Business/Personal, Business can be logged on in more than 1 computer, Personal cannot.)
Transfer for the program itself after login( User will need Internet connection every time, and you can generate a key at the moment he logs in, preventing the cracking.)
Transfer for the program 1st time use only (No need for internet connection, but if it's not an interpreted language easily crackable)