serial keys

[kelphis]

im not sure if this question would go in this category but here it is.

 

im looking into implementing a cd key or serial key feature into my software. kind of like what microsoft does with there software. if i give someone a copy of my program i want to insure that only they are able to install it so that if they give the software to their friend that i will either know about it or they wont be able to run it unless i give them the key.

 

i understand that this may be a tough question or would require a very long answer so any information would be very much appreciated

[Nate Bross]

The title is about games, but the concepts apply to all programs, link.

 

Additionally, you might want to impliment a function similar to this.

 

Function GenSerial() as String
   Randomize
   Dim val1, val2, val3

   While val1 + val3 <> val2
       val1 = Rnd()
       val2 = Rnd()
       val3 = Rnd()
   Wend

   Return val1.ToString() & val2.ToString() & val3.ToString()
End Function

Function IsValid(serial as String) as Boolean
   Dim chrar(2) as Integer
   For i as Integer = 0 to 2
       chrar(i) = serial.Substring(i,1)
   Next i
   If charar(0) + charar(2) = charar(1) Then
       Return True
   Else
       Return False
   End If
End Function

 

Obviously you would not want to call these functions with these names, and it would be harder to crack if you included this code in a core function of your program. It makes it much harder to crack if the serial checking is done inside a core function. You could make a function called IsValid, and have it do a lot of branching that has nothing to do with actually checking the serial; that would help waste any crackers time.

Edited October 31, 2005 by Nate Bross

[snarfblam]

Serial keys do not prevent "buddy swapping". You must implement some sort of method of verifying that not only are serial keys valid, but unique per installation, and at the same time, in the event that the user buys a new PC, he must be able to install on the new machine (uninstalling the old installation, of course) and use the same serial key without problems.

 

The only way I know of to verify serial keys in such a manner is to "phone home", i.e. do it Windows Xp activation style. I am not a big fan of activating software, and it requires the implementer to have a server and an IP which will not change.

[mskeel]

There's a cheesy key/serial number option you can pop on your installation. It would offer you minimal protection but be extremely easy to do. Plop on a Customer information dialog and set the ShowSerialNumber property to true. You can then specify the serial number and other things. I say cheesy because it is easily hacked. Basically all you do is specify what the serial number should look like (number, letter, number, number, etc..) and what parts of the serial number will be used in the key. Then a standard algorithm is applied where if the sum of all numbers involved in the key mod 7 = 0 then you pass, otherwise you fail. So to break it, put in all 0's -- 0%7 = 0 (seven goes into 0, 0 times with 0 remainder). To prevent that, require letters. But, if that wasn't cheesy enough, as I recall, the dialog will tell you when you entered a number but it should have been a letter and vice versa. So, to break it, put in zeros for every number and don't worry about the letters.

 

On the other hand, that's only if you know the tricks. To 85% of users who will be completely mystified by smoke and mirrors, this is fairly impressive (annoying?) and will scare of at least 1 or 2 potential hackers...but then they'll just get the serial number from their friend or hack it using more advanced means downloadable via the closest script kitty/warez site so what's the point?

 

That was a good article, nate_boss, thanks for posting that.

[Nate Bross]

Here's another resource, not very professionally writen materials; but it's informitive. http://www.searchlores.org/protec/protec.htm. - They are hostile to Microsoft, you have been warned.