This question already has answers here:
Is there really any way to uniquely identify any computer at all
(5 answers)
Closed 7 years ago.
I have a Windows Stand Alone Application software that i need to be password protected.For this i have hashed the unique ids of the system and put into the License text file of the Application folder.
Here is my code to get the License key
public string Value()
{
if (string.IsNullOrEmpty(fingerPrint))
{
fingerPrint = GetHash("CPU >> " + cpuId() + "\nBIOS >> " + biosId() + "\nBASE >> " + baseId()
//+"\nDISK >> "+ diskId() + "\nVIDEO >> " + videoId() +"\nMAC >> "+ macId()
);
}
return fingerPrint;
}
private string GetHash(string s)
{
Label2.Text = s;
MD5 sec = new MD5CryptoServiceProvider();
ASCIIEncoding enc = new ASCIIEncoding();
byte[] bt = enc.GetBytes(s);
return GetHexString(sec.ComputeHash(bt));
}
Now here is my doubt points:
How to make the software valid for some specified period of time.
How to Check the License key and Time Duration validation each time software gets started..
Is my way of approach is correct.
I have tried to implement this in this way because i have heard that windows registry is not the secure way to implement Licensing as any one can easily copy that..
Please help me with your Valuable suggestions.
Thanks in advance.
You now have a key that you can use to hardware lock the license to the machine and that's one steps to copy protect your application.
Now you need to save the key to a file and protect it using a private/public key mechanism to prevent the user from tampering the file. In this file you can also save the time duration and any other info you want.
Here you can find a sample on how to do it using the RSA keys, the SignedXml object and how to validate: http://www.dotnetlicensing.net/
You could also try SmartBind (from Wibu Systems). That would also cover the doubting points you mention. It directly ties your software to mac-adress, ip number, bios, cpu-id, hard drives, sid, basically anything that is present in the end-users system.
Related
From research I have found that it is possible to determine the available space for storing app files on iOS, Android and UWP using dependency services with the Platform specific code below:
For iOS:
private double GetRemainingStorageSpace(string directoryPath)
{
var freeExternalStorage = NSFileManager.DefaultManager.GetFileSystemAttributes(directoryPath).FreeSize;
return (double)freeExternalStorage;
}
For Android it can be done like:
var path = new StatFs(directoryPath);
long blockSize = path.BlockSizeLong;
long avaliableBlocks = path.AvailableBlocksLong;
double freeSpace = blockSize * avaliableBlocks;
return freeSpace
or like this:
var fl = new Java.IO.File(directoryPath);
var freeSpace = fl.UsableSpace;
return (double)freeSpace;
For UWP:
string freeSpaceKey = "System.FreeSpace";
StorageFolder folder = await StorageFolder.GetFolderFromPathAsync(directoryPath);
var properties = await folder.Properties.RetrievePropertiesAsync(new string[]
{
freeSpaceKey
});
var freeSpace = properties[freeSpaceKey];
return (UInt64)freeSpace;
My question then is:
1.) Do these lines of code above actually return the amount of bytes that can be stored in a specific directory? Or do they return the amount of bytes that can be stored on the whole device?
2.) For Android I am not too sure what the difference between the two ways of doing this are I am hoping for an explanation of the difference between the both of then and which is a better to use?
Would appreciate an explanation.
1.) Do these lines of code above actually return the amount of bytes that can be stored in a specific directory? Or do they return the amount of bytes that can be stored on the whole device?
Obviously it is specific directory ,because in the code it needs specific folder path as parameter .
You can try to set directoryPath as
System.Environment.GetFolderPath(System.Environment.SpecialFolder.MyDocuments)
and
System.Environment.GetFolderPath(System.Environment.SpecialFolder.Personal)
to see the difference.
2.) For Android I am not too sure what the difference between the two ways of doing this are I am hoping for an explanation of the difference between the both of then and which is a better to use?
I can't tell the difference or which is better, because based on my test the result comes the same , and for details you can refer to here , it's maybe helpful .
So the issue is we have an openLDAP server for authentication of our NAS drives in the office. Every time a computer is restarted the user has to input their password again to access the drives. Simply running a batch script to log into their drives in the morning works but the big boss doesn't like that their passwords are just sitting in raw text in the file.
So I've been plugging away in python to try and get a simple program to retrieve their password from windows credentials and toss that into a NET USE in os.system:
os.system("net use X: \\\\x.x.x.x password /user:username#domain.com")
I can retrieve the user name from a file simply enough from a variable opening a file and reading from a line. The issue is the password.
test_a = open('passtest.cfg', 'r')
test_b = open('passtest2.cfg', 'r')
test2_a = test_a.readline()
test2_b = test_b.readline()
drivepass = keyring.get_password(test2_a, test2_b)
The issue seems to be that keyring doesn't like reading from variables for some reason or another. At least i can't seem to figure out why it doesn't. It works just fine if i use:
drivepass = keyring.get_password("x.x.x.x", "username#domain.com")
The REAL problem is we need it simple enough that we can just move it around from workstation to workstation and just change the username#domain.com in a file and run it. So in the end the end product looks something like
os.system("net use X: \\\\x.x.x.x\foldername" + drivepass + "/user:" + test2_b)
It seems I've accidentally solved my own problem.
Didn't work:
drivepass = keyring.get_password(test2_a, test2_b)
Works:
drivepass = keyring.get_password("x.x.x.x", test2_b)
So the service arg in keyring apparently needs to not be a variable. to be fair though it doesn't need to be anyways. Hopefully somewhere down this line this helps somebody else.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
i've been working on 2 projects, a program made in Game Maker 8 and a RPG made in RPG Maker XP, one of the thing i am trying to do is get RPG Maker XP to read a "Score File" made from Game Maker, the score file itself is just a basic text file which both the Game Maker Program and the RPG Maker XP Game will read to gather data.
the problem i face is that if someone was to open this score file in a text editor like notepad, they could change the data and "cheat", so what i have been trying to do is encrypt the file so that at first glance, it's unreadable, have Game Maker and RPG Maker XP decrypt the file, pull all the data out of it and then encrypt it
however i have hitched a snag, the .dll i was working with in Game Maker seems to encrypt/decrypt the score file differently, i tested the .dll by creating 2 identical .txt file with the same text in them and have then encrypted in the 2 programs, the contents was completely different which means that if i try decrypting a file in RPG Maker XP which was encrypted in Game Maker, it will fail
i have tried other .dlls but they don't seem to work in RPG Maker XP, from what i understand, RGSS is a class of Ruby which means any code which would work in Ruby shoudl work in RPG Maker XP and between Ruby and Game Maker's GML, C is the common language the 2 can use .dlls for
so here is what i am asking, is there any .dll, script, code ect. which i can use to protect the data in my text file from being edited outside Game Maker and RPG Maker XP
Troy "Memor-X" Memor
PS: if there is a method that can also work in a .php program that would be great also, but i can work around that if it can't
XOR is a very simple, but quite effective, solution to this problem.
In GML:
/// script load_xor_file
// arguments: filename
// Prerequisite: Change the "key=" line to your chosen key
var key, kl, file, len, str, i;
key = "YOUR SECRET KEY HERE";
kl = string_length(key);
file = file_bin_open(argument0,0);
len = file_bin_size(file);
str = "";
for( i=0; i<l; i+=1) {
str += chr(file_bin_read_byte(file) ^ ord(string_char_at(key,i mod kl + 1)));
}
file_bin_close(file);
return str;
/// script save_xor_file
// arguments: filename, data
// Prerequisite: Change the "key=" line to the SAME KEY as in load_xor_file
var key, kl, file, len, i;
key = "YOUR SECRET KEY HERE";
file = file_bin_open(argument0,1);
file_bin_rewrite(file);
len = string_length(argument1);
for( i=0; i<len; i+=1) {
file_bin_write_byte(file, chr(string_char_at(argument1,i+1)) ^ chr(string_char_at(key,i mod kl + 1)));
}
file_bin_close(file);
I have never used RPG Maker myself, but I imagine it wouldn't be too hard to write similar code for it.
A couple of notes, it doesn't guarantee security. One could decompile the Game Maker EXE and reveal the key, or the key can just straight-up be broken if it is insecure.
A good, secure key is long, because breaking the encryption relies on the key repeating itself. If the key is the over half the length of the data being encrypted, it is virtually impossible to break the encryption, except by a known-plaintext attack if the file's contents are predictable (for example, I could assume the file contains the player's name and score, so those could be used in a known-plaintext attack).
Overall, this won't guarantee security of the file, but for your purposes should be more than suitable.
Also, since you were asking for a possible PHP solution:
<?php
function load_xor_file($filename) {
$key = "YOUR SECRET KEY HERE";
$in = file_get_contents($filename);
$keyrep = str_repeat($key,ceil(strlen($in)/strlen($key)));
return $in ^ $keyrep;
}
function save_xor_file($filename,$data) {
$key = "YOUR SECRET KEY HERE";
$keyrep = str_repeat($key,ceil(strlen($data)/strlen($key)));
file_put_contents($filename,$data ^ $keyrep);
}
?>
PS. I know this question is fairly old, but I was just randomly browsing Game Maker tags :p
We are planning to distribute the device drivers according to the model of the machine, through SCCM. Device drivers are placed in the SCCM share.Device driver folders are named in such a way that only model number will be there.eg E6410. So we need a script to check the last 3 characters of the registry [HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName.] eg:Dell Latitude E6410 ;Last 3 characters =410. so that it will compare the share and if match found then download the corresponding device driver folder to the local machine.
This should achieve the result you are looking for.
Option Explicit
' Open the WScript.Shell object to read the registry key.
Dim objWS, strKeyValue, strKeySuffix
Set objWS = CreateObject("WScript.Shell")
strKeyValue = objWS.RegRead("HKLM\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName")
' Get last three characters of the key value.
strKeySuffix = Right(strKeyValue, 3)
How about getting the registry entry (as string) and get the last 3 chars by creating a substring with starting position string.length - 3 and length 3?
I'm not well versed in vbscript but it should be easy to achieve the same result as in C#:
string key = "your registry key";
string substr = key.Substring(key.Length - 3, 3);
I think I know how to create custom encrypted RSA keys, but how can I read one encrypted like ssh-keygen does?
I know I can do this:
OpenSSL::PKey::RSA.new(File.read('private_key'))
But then OpenSSL asks me for the passphrase... How can I pass it to OpenSSL as a parameter?
And, how can I create one compatible to the ones generated by ssh-keygen?
I do something like this to create private encrypted keys:
pass = '123456'
key = OpenSSL::PKey::RSA.new(1024)
key = "0000000000000000#{key.to_der}"
c = OpenSSL::Cipher::Cipher.new('aes-256-cbc')
c.encrypt
c.key = Digest::SHA1.hexdigest(pass).unpack('a2' * 32).map {|x| x.hex}.pack('c' * 32)
c.iv = iv
encrypted_key = c.update(key)
encrypted_key << c.final
Also, keys generated by OpenSSL::PKey::RSA.new(1024) (without encryption), don't work when I try password-less logins (i.e., I copy the public key to the server and use the private one to login).
Also, when I open an ssh-keygen file via OpenSSL and then check its contents, it appears to have additional characters at the beginning and end of the key. Is this normal?
I don't really understand some of this security stuff, but I'm trying to learn. What is it that I'm doing wrong?
According to the blog post here:
http://stuff-things.net/2008/02/05/encrypting-lots-of-sensitive-data-with-ruby-on-rails/
You can simply do:
OpenSSL::PKey::RSA.new(File.read('private_key'), 'passphrase')
Best of luck.
I've made some progress on this. If I use the Net::SSH library, I can do this:
Net::SSH::KeyFactory.load_private_key 'keyfile', 'passphrase'
By reading the source code I have yet to figure out what the library does to OpenSSL's PKey::RSA.new to accomplish this... And then I go and test again, and sure enough, OpenSSL can open the private key just fine without Net::SSH... I've made so much tests that somehow I didn't test this correctly before.
But I still have the issue of creating an SSH compatible key pair... and maybe I'll go test again and have the answer :P ... nah, I'm not that interested in that part