Serial Number and Registration

I hope you realize that this kind of a protection system is trivial to bypass. If somewhere in your code, you have code like (if serial_from_use r == serial_from_ser ver) and simplistic checks like that...

Thanks for the reply. Well, what is a better system in your view? Also, I was thinking of something simple like generating a number with combination of CPU ID and HDD serial number and then posting it to some webpage. On the next install the system will fetch the data and check it against the hardware. What programming language would better answer my needs if not C? I am deploying the porgrame in CentOS 5. Thanks

I’m probably not the best to ask for an opinion on this. I’ll say mine anyway: program protections are rather easily broken. So you might have a simplistic system (that you acknowledge will be broken as needed), but primarily, one that does not annoy your paying customers or clients.

So designing a system that transmits information over the net, or anything elaborate is not a good idea. Bugs in your implementation will render your program unusable. And even if it does work, having your program rely on contacting a third party server for authentication will tick off a lot of people.

But ultimately, that check will be bypassed. You make all these elaborate schemes, but do nothing to prevent bypassing them. Look, to design a non-trivial system to bypass, you should know how programs are cracked and how authentication is faked. It’s like designing an anti-robbery system, without an idea of how you are actually getting robbed.

Certainly, you don’t think switching languages will solve the issue here?

Thanks for the great comments. I really don't care if someone goes to the extend to sniff the packets or reverse engineer the program to install the program on more than one computer since the program goes for less than $10 per license. In addition it changes every few months. Older versions render useless. What would be the specific commands to record CPU ID and HDD serial number in C? Also, what commands can I use to post the info to a web page and to retrieve it?

P.S. I will post the serial numbers to somewhere like googlepages where the probability of being down is really low. I know it's silly that I want to go this way but again I know that people who pay for this don't bother to reverse engineer thing for $5.

Thanks,

I didnt realize this was a c c++ thread appologies

Hello all,
I don't mean to hijack this thread, but I have searched hi and lo and this is as close as i could get to an answer.

I have the same sort of question, Slightly different. I have been looking for info on how to have vb write code into itself. Example and I realize this is quite simplistic. and it's more or less for me to understand a few things

Dim registered As Boolean
Dim thankyou As Boolean
Dim regkey As Double
Dim regdate As Date
Dim regbirth As Date
Dim regdateconv As Double
Dim regbirthconv As Double

Private Sub registration()
'first run unregistered
regdate = Now
regbirth = InputBox("Enter your birthday (ie 12/11/1953)")
regdateconv = regdate
regbirthconv = regbirth
regkey = regdateconv - regbirthconv ^ 2 / 4
registered = True
thank_you_for_r egistering()
End Sub

Private Sub thank_you_for_r egistering()
MsgBox ("Thank you for Registering")
thankyou = True

' at this point I need the code to go to the form load section and hard code in that registered is true.
so that it never makes the trip thru Private Sub registration() again.
End Sub

and as I stated this is not for a real world app it's just me trying to learn.
I haven't really thought about the way the serial will be generated other than my date minus date code. I am sure if I was planning on making this a real world app I would devise something more intricate.

any help will be greatly appreciated.

Microsoft makes a shareware starter kit, its old and probably not maintained anymore but it will give you something to start with...



and this...

thank you for the pointer. I think the guy that started this thread may need something along those lines, but what I am really after is how to make vb edit it's own code in the exe file. I need it to actually write this piece of code into the form load section "Registered = true", This is after the user registers. I found a thread that used a script to execute a vb statement from code, but it dosen't actually write the code. again I thank you for your response, and i will keep looking. I may not be stating correctly what it is I am looking for.

Thanks for all the contributions. I checked the link and I think they only support Windows Environment. I am using CentOS for the program. In addition I can dedicate a server for this purpose myself. I am wondering if anyone can post snippets of code on how to harness CPU ID and HDD serial number and also to post it to a web page.

Thanks

... Suppose your customer has several hard disks.
... Suppose your customer replaces their hard disk after a crash.
... Suppose your customer upgrades to a new computer.
Is it your intention to require your customer to buy a new copy of your program for any of these cases?

... Suppose your customer's internet connection is down.
Is it your intention to deny your customer access to your program?

How about you store CPU ID and HDD in the program itself, or in a data file; and respond to id mismatch by popping up a window just that one time asking if the user wants to pay for the program. This is a shareware model.
a) This increases the distribution of your program, although users have the option to use it without paying you.
b) Your paying customers aren't frustrated by your program sometimes refusing to run; although they will have to suffer through spurious pay-me messages every time they change their hardware.

That's an amazing idea. It cuts down on the internet need but on the same token I would not know how much of the software is being pirated since there is no inquiry to my server. I guess I can accept that for the customer's interest. However, I am still looking for the commands for CPU ID and HDD ID. Thanks for the great input again.

C++ nor C nor any other language (that I can think of this late at night) has a built-in command for performing a hardware inventory scan. You might want to look into the use of the 'system' command to attempt to parse hardware information from files stored at a "standard" or "known" location on the disk (such as /dev or C:/Windows), but that could lead to other problems. For one, depending on the access permissions of the user running the application, those directories may be inaccessible.

Most authentication routines (that ultimately fail, but do provide the illusion of control) use a user-input value and create a hash token based on that input. The trouble is "simply" developing (or implementing a pre-existing) hashing algorithm. You code a hashing algorithm into your application that calculates a one-way hash on the user-input. You provide the key to the user based on her user-input string. The user enters the user-input string (such as a username, etc.) and the key that was received from you into the application. The application computes the one-way hash of the user-input string and does a byte comparison of the computed hash and the input key. If the two values match, a registration flag could be set in a datafile (but ultimately the user could just create a datafile with this byte set in the first place).

It's really a slippery-slope. You'll have to be the judge to decide whether the trouble of developing a one-way hashing function and implementing it is really worth the cost. In short, most control/restriction schemes only serve to keep the "honest" people honest.

:) I like your analogy on this. I am not going to use the one way hash. I am thinking for using the "system" command in Linux and /dev to actually register a computer via internet. I think this is the only option that I have. I should also manually include a serial number to every copy of the software. Again, this is not a highly sensitive money making program but the nature of the program is so that people tend to install on several computers and Virtual Machines which is unfair use of the program.

Thanks for the inputs. I will post back with some snippets of the code and ask for more help if any needed.

I guess you could manually add a cd key to each program and then add that key to your server database. This is going to require work for you to do on each purchase of your software. You will also need to offer some sort of support or method of support for people who do change their system configuration which is quite common to do every couple of years or so.

From a user perspective if i buy a piece of software, especially a rather cheap piece of software and I find it sending information going to the web, I'm going to be very upset. If this software is going to sell a limited number of copies. My suggestion is to make a simple serial number algorithm as someone suggested above and just take the hit on the multiple system installs. If I bought your software and I tried to install it on multiple computers or I changed my computer hardware and I couldn't install the software again, I wouldn't purchase another program from you nor would i buy from you again in the future. Oler1s made a good point when he stated that the protection shouldn't "annoy your paying customers or clients". If you annoy your paying customers they will one not come back and two will be encourage to crack and share your program.