Re: application licensing scheme?



I didn't say that software using our licensing system could not be
cracked. That would be a stupid claim for the reasons you outlined.
I said a cracker could not reverse engineer a valid key by inspecting
the software alone (even if they had the complete source code). This
is because the keys are validated using public key encryption. In fact
if you take a look at our website (www.infralution.com/licensing.html)
you will see we are very upfront about the fact that any licensing
scheme can be cracked. Some licensing system vendors would like you
to believe that if you purchase their system you will never be cracked.
We are not one of them. If your software is worth cracking it will
be cracked. However cracked keys which work in the genuine (unpatched)
software are more of a problem then patched versions of your
application.

Regards
Grant Frisken
Infralution

Valery Pryamikov wrote:
Grant wrote:
Hi Ben,

You could take a look at Infralutions Licensing System. It generates
short license keys that are validated using a public key encryption
algorithm, making it virtually impossible for a cracker to reverse
engineer them by simply inspecting your code using ildasm.

This is a stupid claim. Cracker with disassembler can crack any
licensing scheme! and licensing schemes that use cryptography are
actually the easiest to crack! (when you use wrong tool for doing the
job, the job is usually purely done)
Btw. rigorous mathematical proof that uncracable licensing scheme is
impossible could be found in "On (Im)possibility of Obfuscation"

So, you are telling that they use signature of something as license,
cracker can:
- obtain valid signature from someone else; (no disassembler required -
just reuse someone's else license).
- or use method that will always work: trivial jump correction
technique (i.e. replacing of conditional jump with unconditional);
for the C# it could look like if you previously had
"if (!IsLicenseValid()) exit();", after jump correction it will be
analogous to
"if (false && !IsLicenseValid())) exit();" that leads that the exit()
due to invalid license will never be executed.

Cryptography and Obfuscation and License protection have completely
deferent goals!
cryptography tries to reduce the large secret (plain text) to the small
secret (encryption key), while as License protection and Obfuscation
(here I mean real obfuscation - not what you get with dotfuscator)
tries to take a little secret (license) and spread it over whole
program body so that almost whole program code depends on a valid
license.
I wrote several blog posts about obfuscation and license protection
that you can read here:
http://www.harper.no/valery/PermaLink,guid,24c827f1-50a9-4bd5-82fa-4af09f81e849.aspx
http://www.harper.no/valery/PermaLink,guid,0f90cf89-2689-4b7f-8d50-84c964795f3e.aspx
http://www.harper.no/valery/PermaLink,guid,dc60e595-cd94-4273-8054-e12d871b8f48.aspx


Its very
reasonably priced and provides a "License Tracker" application for
managing your customers, sales and license keys. You can get more
information and download an evaluation version from:

www.infralution.com/licensing.html

Regards
Grant Frisken
Infralution

-Valery.
http://www.harper.no/valery

.



Relevant Pages

  • Re: How do I stop my software from getting cracked?
    ... separate DLL. ... You can write self-modifying code to confuse the cracker. ... I put all the license check code in a method critical to ... some critical functionality here... ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: How do I store secrets?
    ... > a moderately interested cracker. ... >> could then generate the keypair on the server and distribute the ... >> your client software uses to verify the identity of any signed ... We use technique for our license ...
    (microsoft.public.dotnet.security)
  • Re: How do I store secrets?
    ... a moderately interested cracker. ... (back when it cost $50K a license). ... >> I have encountered a scenario where a segment of VB.Net client CODE needs ... >> so to speak, which is then signed, sealed and delivered to a server. ...
    (microsoft.public.dotnet.security)
  • Re: How do I store secrets?
    ... > a moderately interested cracker. ... License checks are usually centralized and easy to override ... Even assembly code can be altered and reassembled, ... encrypted apps will be much closer to bulletproof. ...
    (microsoft.public.dotnet.security)
  • Re: Authenticating Assemblies/detecting tampering
    ... read it, so can a tamperer. ... > Munging the license in additin to obfuscation of the code could be ... >> stop a very determined tamperer but, coupled with obfuscation of the code ... >>> i) strong name the assemblies and use the private key of the strong ...
    (microsoft.public.dotnet.security)