1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

C# Licensing System

Discussion in 'C, C++, C#' started by ilPatrino, Aug 22, 2012.

  1. ilPatrino

    ilPatrino Junior Member

    Joined:
    Sep 6, 2011
    Messages:
    130
    Likes Received:
    15
    I would like to know what type of licensing system do the developers use, I am in need of a really simple one.
     
  2. accelerator_dd

    accelerator_dd Jr. VIP Jr. VIP

    Joined:
    May 14, 2010
    Messages:
    2,448
    Likes Received:
    1,010
    Occupation:
    SEO
    Location:
    IM Wonderland
  3. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,061
    Read up about public key encryption
     
  4. ilPatrino

    ilPatrino Junior Member

    Joined:
    Sep 6, 2011
    Messages:
    130
    Likes Received:
    15
    thanks
     
  5. Blackberry_11

    Blackberry_11 Regular Member

    Joined:
    Apr 17, 2011
    Messages:
    266
    Likes Received:
    19
    I am not sure about this. But if you really need that urgently then you should contact with an expert he might give you some solution about this.
     
  6. -=hollyuser86=-

    -=hollyuser86=- Newbie

    Joined:
    Jul 22, 2010
    Messages:
    26
    Likes Received:
    1
    Occupation:
    .NET Developer
    Location:
    skype, hardik8686
    there are so many options for integrating licensing to you application.. right now, all licensing can be crackable but depending on the licensing that you have integrated, you can make difficulties for the cracker. and more difficulties the better system. get some idea over the encryption, n-bit technology and also try the online verification system with wcf if you are .NET professional.
     
  7. metra

    metra Junior Member

    Joined:
    Jun 6, 2012
    Messages:
    156
    Likes Received:
    50
    Location:
    -. ..- .-.. .-..
    If you're looking for an open source licensing system you could potentially modify, I found this after a quick search:
    Link: github.com/ayende/rhino-licensing
    It can create license codes, enable/disable certain features in your application based on certain license codes, subscriptions, time-based licenses etc.

    When it comes to protecting my own applications, I usually write up my own simple licensing system that takes some 'ID' information from the person's computer, stores it in a database,
    and eventually only allow say 2 licenses per user or something of the sort.

    Remember: .NET Applications can be reversed extremely easily by anyone with a brain; don't forget to look up some nice .NET Obfuscators for your code, since this is what will truly determine whether or not your software gets 'cracked' in the future. I recommend confuser v1.9 for an obfuscator (on codeplex, open source project - confuser.codeplex.com/releases/view/90044t) - it is a very effective code obfuscator currently, and will prevent your code from being reversed fairly well.

    Hope I was of help,
    - Metra
     
    • Thanks Thanks x 1
  8. RottenYellow

    RottenYellow BANNED BANNED

    Joined:
    Sep 10, 2010
    Messages:
    68
    Likes Received:
    16
    Online authorization with a custom encryption, preferably use TCP and custom server intead of HTTP + obfuscation as Metra mentioned.
     
  9. metra

    metra Junior Member

    Joined:
    Jun 6, 2012
    Messages:
    156
    Likes Received:
    50
    Location:
    -. ..- .-.. .-..
    Yeah that was the idea. I would agree with using TCP as it won't show up on any web debuggers such as Fiddler which is nice :)

    You said, "instead of obfuscation"? That I don't understand, because if anyone were to disassemble your application they could easily reverse your 'custom encryption' and find out exactly how your TCP requests are sent, rendering it useless either way.
     
  10. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,239
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Who would use Fiddler to examine the traffic of a desktop app? Wireshark captures everything.
     
  11. Chris22

    Chris22 Regular Member

    Joined:
    Sep 29, 2010
    Messages:
    400
    Likes Received:
    1,061
    Sexy plugins
     
    • Thanks Thanks x 2
  12. saxgod

    saxgod Regular Member

    Joined:
    Sep 19, 2010
    Messages:
    351
    Likes Received:
    340
    I setup an object which has a rsa key encrypted with a public key.
    The object also includes the rsa encrypted serialized license object
    The license object has the licensetype, and valid dates.
    This is all serialized again into base64

    So:

    LicenseObject -> Serialized -> RSA Encrypted -> Add RSA Key and encrypt with public key -> Serialize -> Base64


    The app retrieves this from a WCF service with via https.
    Furthermore the app also needs the correct client cert to identify itself (each client has its own cert)
    Decodes the rsa key with its private key decodes the rsa string with the rsa key.
    Then it deserialized the object and has its license info.

    Generally I leave the license valid for 30 days and each time the app starts it gets a new key from the WCF server
     
  13. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,239
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Nice. Here 's how to crack it:

    Start the program, hook into it and inject custom code, gain full access to the codebase, modify the validation routine to say yes.

    ;)
     
  14. saxgod

    saxgod Regular Member

    Joined:
    Sep 19, 2010
    Messages:
    351
    Likes Received:
    340
    Aha! Got you! The validation routine has to return null!

    :p

    I know, but every application can be hacked like this.
    In the end there is always a 1 or 0 to check if your license is valid. There can't be another state...

    This license scheme is more meant to force users to connect to the internet every 30 days, so i can invoice them for their usage.
    And also to synchronize to the backend servers, otherwise the app becomes useless after a month or two
     
    • Thanks Thanks x 1
  15. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,239
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Indeed, you 're absolutely right.

    My big disappointment with .net and java is that it 's too easy not only to crack by (much worse) re-brand the software.

    It 's a design flaw and there 's no robust solution and that 's why I 'm not doing any programs on either language any more.
     
  16. RottenYellow

    RottenYellow BANNED BANNED

    Joined:
    Sep 10, 2010
    Messages:
    68
    Likes Received:
    16
    Most people have no idea what wireshark is or how to use it and even if they do they got custom encrypted auth protocol to deal with.
     
  17. RottenYellow

    RottenYellow BANNED BANNED

    Joined:
    Sep 10, 2010
    Messages:
    68
    Likes Received:
    16
    There are so many ways to protect the app, as long as it cannot be decompiled, you can make it very very difficult to reverse engineer the protocol.

    For example:
    client connects to server
    server sends a random challenge (client accepts only unique challenges)
    client solves the challenge sends the answer to the server
    server sends another challenge which client will calculate and decide ether to authorize or no

    And that's just basic idea, you can take it to the next level with multiple challenge algorithms and mix in bunch of crazy math etc..
     
  18. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,239
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    Only problem is, it not "most people" who will be cracking the app. ;)
     
  19. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,612
    Likes Received:
    11,239
    Occupation:
    Pusillanimous Knitter
    Location:
    Buenos Aires
    No. See one of my previous responses. You don't even need to decompile or de-obfuscate it, you can inject code while it 's running (when it 's running, it 's de-obfuscated).
     
  20. RottenYellow

    RottenYellow BANNED BANNED

    Joined:
    Sep 10, 2010
    Messages:
    68
    Likes Received:
    16
    You're right. What about if you add a method that checks for any of these code injection apps and app simply shuts down if it detects any suspicious apps running?

    Also, what about signing binaries? it wouldn't make any difference since the 'loaded' code can still be accessed in memory and they could just make an application that disables security through memory?
     
    Last edited: Dec 17, 2012