Hi Barry,

I've done some software protection code before..

You have to accept that what ever you do CAN and WILL be broken - there is
no way around it. This is a natural consequence of not having absolute
control over the hardware your software is executing on. The user can do
anything they like and so can break your system.

Having said that, you have to look at it and say how much effort is really
worth it?

You can with reasonable ease develop a system that will stop the average
user from copying your program and giving it to their friends. With a little
extra work, you can make something that you can't write a "key gen" for
(unless they can break a public key crypto system), but you can always write
a patch to remove the protection.

I used a combination of cryptographic Hashes and RSA Public Key crypto. The
basic idea is that you create a block of data containing all the settings
for your program security and the user identification. This is hashed and
digitally signed - this signature is your key. You store this where ever
takes your fancy along with the security information used to generate the
hash. When you start up to check that the signature (the licence key)
matches the information stored and if it does you run, if not then the
license is invalid.

Its a little more complex than that, but that is essentially how I did it.

A word of warning: NEVER AUTO GENERATE keys from a web site. It is far too
easy for someone to just enter a false name etc and the distribute that
perfectly valid key to the world.

I have code (C++) that does this and manages it all if your interested in
licensing it for a small fee. Or I'm happy to discuss how to do it off list
if you like.

Cheers,
Ash.

---
Ashley Roll
Digital Nemesis Pty Ltd
www.digitalnemesis.com
Mobile: +61 (0)417 705 718




> -----Original Message-----
> From: pic microcontroller discussion list
> [mailto:PICLIST@MITVMA.MIT.EDU]On Behalf Of Barry Michels
> Sent: Thursday, 9 May 2002 11:09 AM
> To: PICLIST@MITVMA.MIT.EDU
> Subject: Re: [OT]: Software Protection
>
>
> I visit astalavista periodically, which is why I wanted to
> ask here before
> developing an elaborate protection scheme.  I'll probably do
> some simple
> challenge/response type thing where they can use a temporary
> code e-mailed
> to them upon download, but they have to e-mail in a locally
> generated code
> that will be use to generate a key that is e-mailed back.
> Then store that
> key somewhere deep in the registry.  The only problem is,
> before I re-invent
> the wheel, is there some information already out there on
> what kind of math
> to use for generating these keys?  I've been doing searches
> on Google about
> authorization codes, but after sifting through debates on Microsoft's
> methods, I've gotten nowhere.
>
> Barry

--
http://www.piclist.com hint: The list server can filter out subtopics
(like ads or off topics) for you. See http://www.piclist.com/#topics