G Himangi is a Senior Software Developer at LogicNP Software (http://www.ssware.com) and is a member of LogicNP Software's component and controls development team.
CryptoLicensing uses the latest military strength, state-of-the-art cryptographic technology to generate secure and unbreakable license codes to ensure that your software and intellectual property is protected. Cryptographic licenses are unbreakable even when using brute force computing power. Furthermore, since the licenses can only be generated using the private key (which only you possess), this means that it is impossible for a hacker to develop a 'keygen' (key generator) for your software. This is an excellent first line of defense. It is upto you to provide the next line of defense. The following are some useful tips and guidelines for designing effective licenses using CryptoLicensing and writing effective license validation code using the CryptoLicensing validation API. The philosophy is simple: to make it as difficult as possible for the hacker to 'crack' your software and cause the hacker to lose interest in your software or not make it worthwhile for him/her.
Check license repeatedly
Instead of checking the license at software startup only, check the license at multiple points of time during your software execution and from multiple places in your code. Do not to use a single license validation routine in your software. Check for a license from different places in your software, but don't call a single license validation routine to do this. This ensures that a hacker cannot bypass your licensing scheme by simply hacking a single piece of code in your software and forces the hacker to locate every piece of license validation code in your program.
Use multiple licensing checking layers
In addition to the normal license validation done every time your software is executed, add another layer which checks for a license when a certain random criteria is met. For example, you can check for a license on the 2nd Monday of each month, or every 63 days, or on the February 29th of a leap year. If a hacker bypasses the normal license checking code, the additional 'guerilla' layer is still present which will check for a license and cause the check to fail.
Use encrypted dlls
Move some important part of your software in a dll and encrypt the dll using a key. When generating licenses using CryptoLicensing, embed this key in your license codes (use the custom user-data feature of CryptoLicensing for this) and decrypt the dll using this key before loading it. This ensures that even if a hacker bypasses licensing checking code, your software will not function correctly since it will not be able to load the encrypted dll file.
Check for the hash of your exe/dll to detect tampering
You can include the hash/checksum of your exe/dll in your license codes generated using CryptoLicensing (use the custom user-data feature of CryptoLicensing for this). When your exe/dll is loaded, you can recalculate the hash of the exe/dll, and compare it with that included in the license code. If different, this means that your exe has been tampered or modified. Similar to license checking, perform this check at multiple points of time and place in your software.
Do not display failures immediately
If a license check fails, note this but do not immediately display to the user that the check has failed. Instead wait for some other part of your software to run and notify the user there. This makes it more difficult for the hacker to locate and bypass your license checking.
Don't use explicit error messages
When notifying the user of a failed license check, don't use explicit and obvious messages such as 'License not valid'. Instead, display a generic failure message and ask the user to contact your support department. He may not know that the cause of the error is a failed license check, and when contacted, you may try to make a sale and convert the illegal user into a licensed user or even catch a hacker if he contacts you.
Crash or fail or output incorrect results when license check fails
In combination with above two, when a license check fails or when you determine that your software has been hacked or your license scheme has been compromised, note this and when your software perform some processing at a later point of time, you can crash your software or output incorrect results. Sometimes, a hacker may also lose interest in your 'buggy' program which does not even display informative error messages!
Embed user information in generated licenses
When generating licenses, embed some data about the user in the license such as the user's name, email or company name (use the custom user-data feature of CryptoLicensing for this). Display this information prominently at multiple places in your software. This is a very effective way to discourage the user from sharing his/her license code with others.
Original article : http://www.ssware.com/articles/writing-effective-license-checking-code-and-designing-effective-licenses-with-cryptolicensing.htm
- Related Videos
- Related Articles
- Ask / Related Q&A
- Types of Id Software Components
- Component Software: Standardize the Interfaces between Several Software Components
- Lortu Software Announces the Release of Software Components for Implementing Deduplication, Wafs and Wan Optimization Products
- What is Id Software Components?
- Resume of Poker Software Components
- Software Companies Merge to Increase it Market Presence
- Are you Looking for Selling or Buying Software Intellectual Properties? (ip)
- Component Object Model Explained Easily
More than calling and Texting!
By: Rapidsoft | 08/12/2009The concept of a mobile phone itself has become different! These days, mobile phones serve not only the purpose of communication. A small, tiny handset device can give you much that can be beyond your imagination.
Spotting a Genuine Search Engine Optimization Company
By: kayla tyler | 08/12/2009Those in the know will advice people who are just about to launch their new website that it is more important to acquire the service of a search engine optimization company than to spend time analyzing which design template will work best for their website.
Stay Away from Ineffective SEO Companies
By: kayla tyler | 08/12/2009This is the age of online marketing and advertisement thus the constant demand for a search engine marketing company that is capable of providing an array of services that range from search engine optimization (SEO) to pay per click ads management.
How to Convert FLV video to MP3 for iTunes or Garageband on Mac OS X
By: terryly | 08/12/2009If you have some FLV files but you only get the audio but no video, you can compromise by extract audio from it and then listen to it. You might want to extract MP3 audio from FLV format episodes or a movie to iTunes for playback on your iPod, as ringtones for iPhone, or to create your own masterpiece in Garageband. The question is: how to convert FLV to MP3 for iTunes or Garageband
Blackberry Application Development – A Latest Trend in Market
By: Daviodjones035 | 07/12/2009The above article, by and large brings forth the facts that led to the immediate success and popularity of Blackberry pagers and now, mobile phones. The establishment of which has led to an immense increase in the Blackberry Mobile Application Development and software market.
IEEE 1588 Time Protocol Promises More Accurate Time Synchronisation
By: Richard n Williams | 07/12/2009Despite being around for over twenty years, the current favoured time protocol by most networks, NTP (Network Time Protocol) has some competition.
Change Your Lifestyle with New iPhone App Development
By: Vimal Mistry-seo | 07/12/2009The computing world is shrinking from big computers to desktop to laptop to palmtop and now to mini mobile devices, may be with no limits. Arrival of iPhone in the market has created the buzz like never before.
AJAX CascadingDropdown in Asp.Net
By: pons_saravanan | 07/12/2009A pure webservice based cascading dropdown list developed using ASP.Net.
8 Ways To Protect And Obfuscate Your .Net Code Against Reverse-Engineering Using Crypto Obfuscator
By: G. Himangi | 23/10/2009 | SoftwareCrypto Obfuscator arms .Net developers with a powerful code protection and obfuscation tool which enable them to deploy their .Net software without fear of IP theft, reverse-engineering, hacking, cracking and piracy.
Add Network Floating License Capability To Your Software With CryptoLicensing
By: G. Himangi | 18/09/2009 | SoftwareA network floating license is an essential requirement for some types of software and for some customer scenarios. CryptoLicensing makes it extremely easy to add network floating licenses functionality to your software via its customer deployed license service.
8 Ways To Make Your Software Hacker-Proof and Crack-Proof: Writing Effective License Checking Code And Designing Effective Licenses
By: G. Himangi | 23/04/2009 | ProgrammingThis article provides some useful tips and guidelines for designing effective licenses and writing effective license validation code. The philosophy is simple: to make it as difficult as possible for the hacker to 'crack' your software and cause the hacker to lose interest in your software or not make it worthwhile for him/her.
Folderbrowserdialog Unmasked: Everything You Wanted to Know About the Folder Browser Component From .net Framework
By: G. Himangi | 21/11/2008 | ProgrammingThe FolderBrowserDialog, available as part of the .Net framework, provides a folder browser component for your C# and VB.Net applications. The UI consists of a modal dialog which contains a tree control displaying all the files and folders on the system. The user can then browse and select a folder from the tree. The full path of the selected folder is then returned. In this article we will learn more about the FolderBrowserDialog, its usage, properties and limitations.
Shell Megapack : Shell Browser Components & Controls for Mfc, Vb, .net, C#, Vb.net, C++, Delphi ,vba
By: G. Himangi | 10/09/2008 | ProgrammingShell MegaPack consisting of a folder tree control, a file/folder list control and a drive-selection control completely mimics the Windows Explorer UI including Thumbnail, Detail & Group View, dragdrop, icons, context menus, virtual items, infotips and renaming. Also included is the ShellObjects, set of components for creating quick launch-like appbars, displaying multiple MSN/Office2003 style popups, wizard UIs, animated tray icons, automatic form resizing, Vista-style task dialogs.