How to use application keys?

elloco999

Well-known member
Joined
Dec 21, 2004
Messages
49
Programming Experience
5-10
Hi,

Most applications today have some form of activation, to protect it against illegal use (user didn't pay for it). Usually the user has to enter a key when installing the application. The key is then checked against some algorithm to see if it is a valid key.

I was wondering how to implement something like this in my app. How do you generate these keys for the users, and how do you check them after the user enters them?

Greets,
El Loco
 

JuggaloBrotha

VB.NET Forum Moderator
Staff member
Joined
Jun 3, 2004
Messages
4,524
Location
Lansing, MI; USA
Programming Experience
10+
i dont know how to actually do any of tat but i do know that you're probably going to want to be looking up the .net Regular Expressions later tonight i can post a few links for ya (if i remember)
 

tresqboy

Member
Joined
Sep 6, 2005
Messages
7
Location
Manchester NH/Boston MA
Programming Experience
3-5
Well, Iam new to this forum so please forgive me if I violate few rules in here. Back to the point:
First as a word of advice; anyone can disassamble ur .net application by using reflection calls to read your private data. You may want to set ReflectionPermission to your whole assembly. That can be done by modifying AssemblyInfo.vb/AssemblyInfo.cs depending on ur lang.
<assembly: ReflectionPermission(SecurityAction.RequestRefuse,.. )>
make sure that u set a securityAction to RequestRefuse... I cant pull the exact parameters for the class but u can check on the documentations. That atribute will prevent any reflection calls (by hackers/disassemblers) to read from .net framework but it wont prevent decompilers as MS ILDASM, or salamander, etc...
second, use obfuscator tools to scramble ur code and make it real mess to read using disasemblers. (remotesoft salamander,dotfuscator...)
third, u may want to create some mechanism for generating encripted keys (symetrical/assymetrical keys) please check system.security.cryptography for encryption like MD5, SHA1, DES, TripleDES.
What u can do is create a key using encryption algorithm mentioned above (symetrical or assmetrical). To make it short.... A program can createsa key using HDD serial number, NIC Mac address, or any other seed u want and then a user pass the key to u (developer). U verify the algorithm if the key is valid and then u generate a privateKey and send it to the user through (email/internet). When the key is entered the application verifies it and unlock the software.
Just remember there are many ways of activation using the same concept. It could be a symetric(using a single key), assymetric(using private and public keys) or combination of both.
But u must know that at some point, someone will crack ur software. when that will ahppen it is just a matter of time.
PS: there are also other methods of protecting(dongles,subscription, etc...) ur work but this method seems to work to many peeps outta there
that is my 2cents...if I miss anything lemme know
 
Top Bottom