|
-
Nov 19th, 2002, 01:21 AM
#1
Thread Starter
Frenzied Member
Hack me, Hack me
ok i am talking about software here u perverts..
i am about to give my clients a app that i been working on for so long (done in vb)
has there been successful ways of actually cracking the following..
Each client that i give the app to will provide me with their hard driver serial number. i will take this serial number and compile a unique version of the app based on the serial number provided...
is there a way that anyone knows that this can be cracked or resued by other people with different hard driver serial numbers?
..?
-
Nov 19th, 2002, 05:05 AM
#2
for most people that would be enough to stop them.
An experienced hacker will be able to get in without much trouble (same as any form of checking you do). All that needs to be done is to change the statement/function that checks the number so that it always returns true. The only way of making it hard for them is to do the check repeatedly (but not by calling the same piece of code - re-write it each time!).
The important thing to consider is whether your program will be worth a hacker's time.
-
Nov 19th, 2002, 05:16 AM
#3
Hyperactive Member
Compile a unique EXE based on the serial number? Well, what exactly does it do? If you are simply putting the serial number as an unencrypted constant, you are in for trouble. If I were u, this is the approach i would use:
1) have a constant that stores the HD Serial number encrypted with PKI (or any other double key encryption). Using this approach, only the decryption function would be kept in the EXE. The Encryption function would be with u
2) Distribute the checking routine throughout the EXE. Create an unnecessary complex HDSerial checking routine for every procedure and make sure its well distributed.
This should keep at least the kiddies out like saracen and Celest (jokin).... If you have something you really need to hide, you need to work at the assembly level testing your own code and editing it to make it more secure.
-
Nov 19th, 2002, 05:34 AM
#4
Thread Starter
Frenzied Member
ok thanks that does help a bit..
i highly doubt my clients know enough about hackers and decryption etc..
the program is going to be worth 300$/year subscription with approximately 10 clients to start..
so i guess using a encrypted harddrive serial number is the way to go...
anyone by any chance got code that does this.. encrpyt the serial number.. decrpyt.. check against the machines hard drive..
i can whip this up.. but if its done why redo it?
thanks everyone
-
Nov 19th, 2002, 08:21 AM
#5
Fanatic Member
I can see one major problem with this method, no matter how much encryption you use.
Where I work we have several machines that are all cloned - this means every one has the same Hard Drive serial number.
This is common practice in companies with lots of PCs and means only one copy of your program would be needed to run on all the machines.
Martin J Wallace (Slaine)
-
Nov 19th, 2002, 02:47 PM
#6
Thread Starter
Frenzied Member
I was under the impression that harddrives had unique numbers?
-
Nov 19th, 2002, 03:07 PM
#7
Fanatic Member
tried and probably true method... place a constant in your code that has something that stands out (i.e. "XXXXXXXX")
have the program display the contents of that constant when some obscure condition is true (i.e. "/Show Serial" is present on the command line)
next, locate the offset using a hex editor... (remember, vb encodes everything into unicode)
write a program that can change the constant for each copy produced. keep track of who gets your program and the contents of the constant.
place a clause in your license agreement that each copy of the program can be uniquely identified and if that copy is foud elsewhere (i.e. on Kazaa) the client will have severe legal problems.
-
Nov 19th, 2002, 03:09 PM
#8
Addicted Member
Last edited by MasterBlaster; Nov 21st, 2002 at 05:35 PM.
-
Nov 19th, 2002, 03:12 PM
#9
Thread Starter
Frenzied Member
ya i know nics have unique mac addresses.. but i though hard drives did to...
if i need to put a nic in the computer then i will
-
Nov 20th, 2002, 04:26 AM
#10
Fanatic Member
Hard Drive numbers are far from unique.
In fact here is a utility that lets you set it to whatever you wish.
http://www.sysinternals.com/ntw2k/so...shtml#VolumeId
Martin J Wallace (Slaine)
-
Nov 20th, 2002, 05:15 AM
#11
Retired VBF Adm1nistrator
The methods described above won't work properly in my opinon, basically because like si_the_geek said.
It still boils down to one line in the code that's going to check if something is something else.
So you always just say yes.
An idea I've been toying with, is that one would perhaps pull a whole load of values from the computer.
So HDD serial number and a whole load of other goodies.
Those values are then sent to the developer somehow, and he or she compiles an app that uses those values to run the application.
So instead of this :
You would do this :
VB Code:
For i = 0 To CLng(HDDSN / 196)
You could then extend that further to be required in lots of areas of code.
That would then require a hacker to actually change your loops and pieces of code.
If they didn't know what precisely was going on and what you as a developer were thinking when writing this piece of code, then they'd be ****ed...
Microsoft MVP : Visual Developer - Visual Basic [2004-2005]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|