Home »» Delphi [Programming]
Thread Profile: licensing / security question
licensing / security question
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to a
server, and have the application check the disk serial number on startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
Wincanton plc is a leading European provider of supply chain solutions. We design, implement and operate creative solutions for customers in 15 countries. business has a turnover of over EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations. Warehousing, transport and specialist services are provided for customers in a range of sectors including automotive, retail, FMCG, petrochemicals and manufacturing. Further information on our unique achievements and competencies can be found by visiting
www.wincanton.co.uk This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual(s) to whom it is addressed. If you have received this e-mail in error please contact IT Service Desk on +44 (0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely those of the author and do not necessarily represent those of Wincanton plcor any of its subsidiary companies. Unauthorised publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachment(s) is strictly prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to a
server, and have the application check the disk serial number on startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
Wincanton plc is a leading European provider of supply chain solutions. We design, implement and operate creative solutions for customers in 15 countries. business has a turnover of over EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations. Warehousing, transport and specialist services are provided for customers in a range of sectors including automotive, retail, FMCG, petrochemicals and manufacturing. Further information on our unique achievements and competencies can be found by visiting
www.wincanton.co.uk This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual(s) to whom it is addressed. If you have received this e-mail in error please contact IT Service Desk on +44 (0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely those of the author and do not necessarily represent those of Wincanton plcor any of its subsidiary companies. Unauthorised publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachment(s) is strictly prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
- 8Answer
- Total
at [2008-5-6 4:30:55]
You've got lots of options, most of them not very good :-)
You can build your own, but keep in mind two things: (1) Cryptology is
tough to get right. An good encryption algorithm can easily be rendered
useless by using it the wrong way (do a search for WEP crack). (2)
"Design your protection as if everyone has access to the source" - this
is a Rob Kenedy almost citation - the wording might be wrong. Why? Maybe
you can't read/write assembler but for someone that can read assembler
your compiled exe is just as informative as your non-compiled (source
files). If you can disable your protection by altering a single line of
code in your source file, some one can do the same for the compiled exe
(change a few bytes).
You may also use commercially available solutions. Those are easily
deployed, probably provide good cryptographic implementations but also
attract a larger base of hackers - so "generic" cracks might be
available. Ask the list for details and experiences using ready-made
protection applications.
Finally, take into account the time it takes to implement a security
system and how it affects the final user. If it takes too long to
implement or it's too inconvenient for the final user, it's not worth it.
- 1No.
- Answer
at [2008-5-6 4:31:55]
You don't want to put the serial on a server, online.
If your server is down or the user don't have access to the Internet
(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
the road), it won't be able to use the program.
Next problem is: what will happen if the user changed the hardware? You
will have to generate a new serial, over and over. Finally the user may
figure it out and will lie to you that it changed the hardware only to
get a new serial for a new machine.
I use this system in this moment. It is very safe, but very difficult to
manage.
By the way: there are tools that can change the serial number of a
partition.
Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to a
server, and have the application check the disk serial number on startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
--
Wincanton plc is a leading European provider of supply chain solutions. We design, implement and operate creative solutions for customers in 15 countries. business has a turnover of over EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations. Warehousing, transport and specialist services are provided for customers in a range of sectors including automotive, retail, FMCG, petrochemicals and manufacturing. Further information on our unique achievements and competencies can be found by visiting
www.wincanton.co.uk This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual(s) to whom it is addressed. If you have received this e-mail in error please contact IT Service Desk on +44 (0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely those of the author and do not necessarily represent those of Wincanton plcor any of its subsidiary companies. Unauthorised publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachment(s) is strictly prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
If your server is down or the user don't have access to the Internet
(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
the road), it won't be able to use the program.
Next problem is: what will happen if the user changed the hardware? You
will have to generate a new serial, over and over. Finally the user may
figure it out and will lie to you that it changed the hardware only to
get a new serial for a new machine.
I use this system in this moment. It is very safe, but very difficult to
manage.
By the way: there are tools that can change the serial number of a
partition.
Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to a
server, and have the application check the disk serial number on startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
--
Wincanton plc is a leading European provider of supply chain solutions. We design, implement and operate creative solutions for customers in 15 countries. business has a turnover of over EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations. Warehousing, transport and specialist services are provided for customers in a range of sectors including automotive, retail, FMCG, petrochemicals and manufacturing. Further information on our unique achievements and competencies can be found by visiting
www.wincanton.co.uk This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual(s) to whom it is addressed. If you have received this e-mail in error please contact IT Service Desk on +44 (0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely those of the author and do not necessarily represent those of Wincanton plcor any of its subsidiary companies. Unauthorised publication, use, dissemination, forwarding, printing or copying of this e-mail and its associated attachment(s) is strictly prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
- 2No.
- Answer
at [2008-5-6 4:32:50]
why not grant a permisson for 'x' days after the serial was verified by the
server,
so in worst case scenario user kan keep on working for a number of days
before
it has te verified again, offcourse this means storing a permission key,
wich brings
in the subject of encryption again
Message
From: "CubicDesign" <cubicdesign (AT) gmail (DOT) com>
To: "Borland's Delphi Discussion List" <delphi (AT) elists (DOT) org>
Sent: Thursday, February 22, 2007 11:53 AM
Subject: Re: licensing / security question
You don't want to put the serial on a server, online.
If your server is down or the user don't have access to the Internet
(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
the road), it won't be able to use the program.
Next problem is: what will happen if the user changed the hardware? You
will have to generate a new serial, over and over. Finally the user may
figure it out and will lie to you that it changed the hardware only to
get a new serial for a new machine.
I use this system in this moment. It is very safe, but very difficult to
manage.
By the way: there are tools that can change the serial number of a
partition.
Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
>Hi,
>I have a standard delphi .exe that I want to distribute to authorised
>Users, but do not want the application to be copied/sent to their
>friends/colleagues.
>I need a way of linking the executable to a specific computer, and only
>allowing it to run on that machine. I have already looked at using the
>disk serial number to make the computer unique, so that if John sent the
>executable to Fred, it wouldn't work on his compuer because the disk
>serial number is different. But, the administration of this is a bit
>unwieldy, because Fred would have to run a program to tell him his unique
>disk serial number, he would email it to me, and I could then save it to
>a
>server, and have the application check the disk serial number on
>startup -
>or something similar.
>>
>Basically, I'd like some advice on how to best control software &
>distribution easily, quickly, and cheaply - preferably by using a Delphi
>component, or by any other easy method
>>
>Regards,
>Steve Bowker
>>
>>
>Wincanton
>plc is a leading European provider of supply chain solutions. We design,
>implement and operate creative solutions for customers in 15 countries.
>business has a turnover of over EUR2.7bn /GBP1.81bn and employs
>27,000 staff across 360 locations. Warehousing, transport and specialist
>services are provided for customers in a range of sectors including
>automotive, retail, FMCG, petrochemicals and manufacturing. Further
>information on our unique achievements and competencies can be found by
>visiting
>www.wincanton.co.uk
>This
>e-mail and any files transmitted with it are confidential and intended
>solely for the use of the individual(s) to whom it is addressed. If you
>have received this e-mail in error please contact IT Service Desk on +44
>(0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or
>opinions expressed are solely those of the author and do not necessarily
>represent those of Wincanton plcor any of its subsidiary companies.
>Unauthorised publication, use, dissemination, forwarding, printing or
>copying of this e-mail and its associated attachment(s) is strictly
>prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
>
>
>Delphi mailing list -Delphi (AT) elists (DOT) org
>
>>
>>
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
server,
so in worst case scenario user kan keep on working for a number of days
before
it has te verified again, offcourse this means storing a permission key,
wich brings
in the subject of encryption again
Message
From: "CubicDesign" <cubicdesign (AT) gmail (DOT) com>
To: "Borland's Delphi Discussion List" <delphi (AT) elists (DOT) org>
Sent: Thursday, February 22, 2007 11:53 AM
Subject: Re: licensing / security question
You don't want to put the serial on a server, online.
If your server is down or the user don't have access to the Internet
(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
the road), it won't be able to use the program.
Next problem is: what will happen if the user changed the hardware? You
will have to generate a new serial, over and over. Finally the user may
figure it out and will lie to you that it changed the hardware only to
get a new serial for a new machine.
I use this system in this moment. It is very safe, but very difficult to
manage.
By the way: there are tools that can change the serial number of a
partition.
Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
>Hi,
>I have a standard delphi .exe that I want to distribute to authorised
>Users, but do not want the application to be copied/sent to their
>friends/colleagues.
>I need a way of linking the executable to a specific computer, and only
>allowing it to run on that machine. I have already looked at using the
>disk serial number to make the computer unique, so that if John sent the
>executable to Fred, it wouldn't work on his compuer because the disk
>serial number is different. But, the administration of this is a bit
>unwieldy, because Fred would have to run a program to tell him his unique
>disk serial number, he would email it to me, and I could then save it to
>a
>server, and have the application check the disk serial number on
>startup -
>or something similar.
>>
>Basically, I'd like some advice on how to best control software &
>distribution easily, quickly, and cheaply - preferably by using a Delphi
>component, or by any other easy method
>>
>Regards,
>Steve Bowker
>>
>>
>Wincanton
>plc is a leading European provider of supply chain solutions. We design,
>implement and operate creative solutions for customers in 15 countries.
>business has a turnover of over EUR2.7bn /GBP1.81bn and employs
>27,000 staff across 360 locations. Warehousing, transport and specialist
>services are provided for customers in a range of sectors including
>automotive, retail, FMCG, petrochemicals and manufacturing. Further
>information on our unique achievements and competencies can be found by
>visiting
>www.wincanton.co.uk
>This
>e-mail and any files transmitted with it are confidential and intended
>solely for the use of the individual(s) to whom it is addressed. If you
>have received this e-mail in error please contact IT Service Desk on +44
>(0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or
>opinions expressed are solely those of the author and do not necessarily
>represent those of Wincanton plcor any of its subsidiary companies.
>Unauthorised publication, use, dissemination, forwarding, printing or
>copying of this e-mail and its associated attachment(s) is strictly
>prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
>
>
>Delphi mailing list -Delphi (AT) elists (DOT) org
>
>>
>>
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
- 3No.
- Answer
at [2008-5-6 4:33:52]
Hello Steve,
I use Dongles in a few applications: http://www.marx.com/en/ not
expencieve and very safe. Some people dont like these things, so you
loose customars unless your product is free of concurency. Same for all
other security of course.
I also have some applications where customar name and address is in the
forms, or / and report printing. Pretty safe, just do a CRC check on the
strings. If program is copied the everyone can see it is stolen, so it
is pretty safe.
I have somewhere code to read the CPU serial. But some computers can
switch that off in Bios. approach is MAC address of network card.
These 2 latter are not so safe of course, but if a customar phone you
every month he has changed his network card then you can be pretty sure
he is not honesd :)
Rgds, Wilfried
http://www.mestdagh.biz
Delphi mailing list -Delphi (AT) elists (DOT) org
I use Dongles in a few applications: http://www.marx.com/en/ not
expencieve and very safe. Some people dont like these things, so you
loose customars unless your product is free of concurency. Same for all
other security of course.
I also have some applications where customar name and address is in the
forms, or / and report printing. Pretty safe, just do a CRC check on the
strings. If program is copied the everyone can see it is stolen, so it
is pretty safe.
I have somewhere code to read the CPU serial. But some computers can
switch that off in Bios. approach is MAC address of network card.
These 2 latter are not so safe of course, but if a customar phone you
every month he has changed his network card then you can be pretty sure
he is not honesd :)
Rgds, Wilfried
http://www.mestdagh.biz
Delphi mailing list -Delphi (AT) elists (DOT) org
- 4No.
- Answer
at [2008-5-6 4:35:02]
I use Armadillo/Software Passport from Silicon Realms. It wraps up your app and encrypts it and then provides all the required tools for registration etc.
Regards
Sean Cross
IT Systems Development Manager
Catalyst Risk Management
P Box 230
Napier 4140
DDI: 06-8340362
mobile: 021 270 3466
Visit us at www.crm.co.nz
in Auckland, Napier, Wellington & Christchurch
Disclaimer:
"The information contained in this document is confidential to the addressee(s) and may be legally privileged. Any view or opinions expressed are those of the author and may not be those of Catalyst Risk Management. No guarantee or representation is made that this communication is free of errors, viruses or interference. If you have received this e-mail message in error please delete it and notify me. Thank you."
Message
From: delphi-bounces (AT) elists (DOT) org [mailto:delphi-bounces (AT) elists (DOT) org]
Behalf Steve.Bowker (AT) wincanton (DOT) co.uk
Sent: Thursday, 22 February 2007 2:30 a.m.
To: delphi (AT) elists (DOT) org
Subject: licensing / security question
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent
the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his
unique
disk serial number, he would email it to me, and I could then save it
to a
server, and have the application check the disk serial number on
startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a
Delphi
component, or by any other easy method
Regards,
Steve Bowker
--
Wincanton plc is a leading European provider of supply chain
solutions. We design, implement and operate creative solutions for
customers in 15 countries. business has a turnover of over
EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations.
Warehousing, transport and specialist services are provided for
customers in a range of sectors including automotive, retail, FMCG,
petrochemicals and manufacturing. Further information on our unique
achievements and competencies can be found by visiting
www.wincanton.co.uk
This e-mail and any files transmitted with it are confidential
and intended solely for the use of the individual(s) to whom it is
addressed. If you have received this e-mail in error please contact IT
Service Desk on +44 (0) 870 870 9393 or e-mail
mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Wincanton
plcor any of its subsidiary companies. Unauthorised publication, use,
dissemination, forwarding, printing or copying of this e-mail and its
associated attachment(s) is strictly prohibited.Wincanton plc, Methuen
Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
Regards
Sean Cross
IT Systems Development Manager
Catalyst Risk Management
P Box 230
Napier 4140
DDI: 06-8340362
mobile: 021 270 3466
Visit us at www.crm.co.nz
in Auckland, Napier, Wellington & Christchurch
Disclaimer:
"The information contained in this document is confidential to the addressee(s) and may be legally privileged. Any view or opinions expressed are those of the author and may not be those of Catalyst Risk Management. No guarantee or representation is made that this communication is free of errors, viruses or interference. If you have received this e-mail message in error please delete it and notify me. Thank you."
Message
From: delphi-bounces (AT) elists (DOT) org [mailto:delphi-bounces (AT) elists (DOT) org]
Behalf Steve.Bowker (AT) wincanton (DOT) co.uk
Sent: Thursday, 22 February 2007 2:30 a.m.
To: delphi (AT) elists (DOT) org
Subject: licensing / security question
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent
the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his
unique
disk serial number, he would email it to me, and I could then save it
to a
server, and have the application check the disk serial number on
startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a
Delphi
component, or by any other easy method
Regards,
Steve Bowker
--
Wincanton plc is a leading European provider of supply chain
solutions. We design, implement and operate creative solutions for
customers in 15 countries. business has a turnover of over
EUR2.7bn /GBP1.81bn and employs 27,000 staff across 360 locations.
Warehousing, transport and specialist services are provided for
customers in a range of sectors including automotive, retail, FMCG,
petrochemicals and manufacturing. Further information on our unique
achievements and competencies can be found by visiting
www.wincanton.co.uk
This e-mail and any files transmitted with it are confidential
and intended solely for the use of the individual(s) to whom it is
addressed. If you have received this e-mail in error please contact IT
Service Desk on +44 (0) 870 870 9393 or e-mail
mail.monitor (AT) wincanton (DOT) co.uk Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Wincanton
plcor any of its subsidiary companies. Unauthorised publication, use,
dissemination, forwarding, printing or copying of this e-mail and its
associated attachment(s) is strictly prohibited.Wincanton plc, Methuen
Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
- 5No.
- Answer
at [2008-5-6 4:36:01]
orca skynet wrote:
why not grant a permisson for 'x' days after the serial was verified by the
server,
Even I can detect where the key was stored in 2-3 minutes, or even less.
All I have to do is to keep the original key then restore it every day.
Imagine that a hacker will find much better and quicker 'solutions'.
Storing a key is unsafe. This is why I choose sending an unlock key
based on hardware.
They hacked my application one year ago in the part where it acted as a
trial and stored data in registry.
Now I removed that part and it is still holding un-cracked since then.
Anyway, I am proud that somebody cracked my application. It means it is
important. :)
Do you know how the hackers decided to crack an application? They answer
to requests or are they paid or what?
Gabriel
orca skynet wrote:
why not grant a permisson for 'x' days after the serial was verified by the
server,
so in worst case scenario user kan keep on working for a number of days
before
it has te verified again, offcourse this means storing a permission key,
wich brings
in the subject of encryption again
--
Message
From: "CubicDesign" <cubicdesign (AT) gmail (DOT) com>
To: "Borland's Delphi Discussion List" <delphi (AT) elists (DOT) org>
Sent: Thursday, February 22, 2007 11:53 AM
Subject: Re: licensing / security question
--
>You don't want to put the serial on a server, online.
>>
>If your server is down or the user don't have access to the Internet
>(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
>the road), it won't be able to use the program.
>>
>Next problem is: what will happen if the user changed the hardware? You
>will have to generate a new serial, over and over. Finally the user may
>figure it out and will lie to you that it changed the hardware only to
>get a new serial for a new machine.
>>
>I use this system in this moment. It is very safe, but very difficult to
>manage.
>>
>By the way: there are tools that can change the serial number of a
>partition.
>>
>Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
>
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to
a
server, and have the application check the disk serial number on
startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
Wincanton
plc is a leading European provider of supply chain solutions. We design,
implement and operate creative solutions for customers in 15 countries.
business has a turnover of over EUR2.7bn /GBP1.81bn and employs
27,000 staff across 360 locations. Warehousing, transport and specialist
services are provided for customers in a range of sectors including
automotive, retail, FMCG, petrochemicals and manufacturing. Further
information on our unique achievements and competencies can be found by
visiting
www.wincanton.co.uk
This
e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual(s) to whom it is addressed. If you
have received this e-mail in error please contact IT Service Desk on +44
(0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Wincanton plcor any of its subsidiary companies.
Unauthorised publication, use, dissemination, forwarding, printing or
copying of this e-mail and its associated attachment(s) is strictly
prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
>
>Delphi mailing list -Delphi (AT) elists (DOT) org
>
>
>
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
why not grant a permisson for 'x' days after the serial was verified by the
server,
Even I can detect where the key was stored in 2-3 minutes, or even less.
All I have to do is to keep the original key then restore it every day.
Imagine that a hacker will find much better and quicker 'solutions'.
Storing a key is unsafe. This is why I choose sending an unlock key
based on hardware.
They hacked my application one year ago in the part where it acted as a
trial and stored data in registry.
Now I removed that part and it is still holding un-cracked since then.
Anyway, I am proud that somebody cracked my application. It means it is
important. :)
Do you know how the hackers decided to crack an application? They answer
to requests or are they paid or what?
Gabriel
orca skynet wrote:
why not grant a permisson for 'x' days after the serial was verified by the
server,
so in worst case scenario user kan keep on working for a number of days
before
it has te verified again, offcourse this means storing a permission key,
wich brings
in the subject of encryption again
--
Message
From: "CubicDesign" <cubicdesign (AT) gmail (DOT) com>
To: "Borland's Delphi Discussion List" <delphi (AT) elists (DOT) org>
Sent: Thursday, February 22, 2007 11:53 AM
Subject: Re: licensing / security question
--
>You don't want to put the serial on a server, online.
>>
>If your server is down or the user don't have access to the Internet
>(Windows is broken, ISP is temporary down, firewall conflicts, laptop on
>the road), it won't be able to use the program.
>>
>Next problem is: what will happen if the user changed the hardware? You
>will have to generate a new serial, over and over. Finally the user may
>figure it out and will lie to you that it changed the hardware only to
>get a new serial for a new machine.
>>
>I use this system in this moment. It is very safe, but very difficult to
>manage.
>>
>By the way: there are tools that can change the serial number of a
>partition.
>>
>Steve.Bowker (AT) wincanton (DOT) co.uk wrote:
>
Hi,
I have a standard delphi .exe that I want to distribute to authorised
Users, but do not want the application to be copied/sent to their
friends/colleagues.
I need a way of linking the executable to a specific computer, and only
allowing it to run on that machine. I have already looked at using the
disk serial number to make the computer unique, so that if John sent the
executable to Fred, it wouldn't work on his compuer because the disk
serial number is different. But, the administration of this is a bit
unwieldy, because Fred would have to run a program to tell him his unique
disk serial number, he would email it to me, and I could then save it to
a
server, and have the application check the disk serial number on
startup -
or something similar.
Basically, I'd like some advice on how to best control software &
distribution easily, quickly, and cheaply - preferably by using a Delphi
component, or by any other easy method
Regards,
Steve Bowker
Wincanton
plc is a leading European provider of supply chain solutions. We design,
implement and operate creative solutions for customers in 15 countries.
business has a turnover of over EUR2.7bn /GBP1.81bn and employs
27,000 staff across 360 locations. Warehousing, transport and specialist
services are provided for customers in a range of sectors including
automotive, retail, FMCG, petrochemicals and manufacturing. Further
information on our unique achievements and competencies can be found by
visiting
www.wincanton.co.uk
This
e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual(s) to whom it is addressed. If you
have received this e-mail in error please contact IT Service Desk on +44
(0) 870 870 9393 or e-mail mail.monitor (AT) wincanton (DOT) co.uk Any views or
opinions expressed are solely those of the author and do not necessarily
represent those of Wincanton plcor any of its subsidiary companies.
Unauthorised publication, use, dissemination, forwarding, printing or
copying of this e-mail and its associated attachment(s) is strictly
prohibited.Wincanton plc, Methuen Park, Chippenham, Wiltshire SN14 0WT.
Delphi mailing list -Delphi (AT) elists (DOT) org
>
>Delphi mailing list -Delphi (AT) elists (DOT) org
>
>
>
Delphi mailing list -Delphi (AT) elists (DOT) org
Delphi mailing list -Delphi (AT) elists (DOT) org
- 6No.
- Answer
at [2008-5-6 4:37:04]
rather complex but quite effective technique is to have a
separate registration programme create two unique GUID's with the API
CoCreateGUID called the first time the registration program runs on a
particular machine which pops up a dialog in which the user must
enter personal details, credit card numbers, etc. The separate
registration program must not run in non-administrative mode. Check
this using the Jedi code IsAdministrator routine.
Insert one of the GUID's in the HKEY_CLASSES_RT as a key, and a
hash of the GUID inserted as data under the key. Insert both hashed
data and the key into fields of the user's record, encrypt the record
with AES, convert the result to MIME so that it can be attached to
an e-mail, and require that the user sends this back to you when the
registration process finishes, or spawn the default mail program from
the registration program and send the MIME in the mail body.
receipt, convert the MIME back to ASCII, decrypt this record, and
with an installation program which can run a DLL, check for the
presence of the key and the correct hash of the data when installing.
Use both, appropriately encrypted and converted to hex as the
unlocking key for the program, and write a suitable unlocking GUID
elsewhere with the DLL. The first key can now be erased so that
distributing a backup of the system state plus the unlocking key
will not work on another system.
can think up numerous variations on this scheme. Note that as
described above, this will not defeat an installation monitor which
also monitors registry changes and file changes before and after
installation unless one creates a large number of spurious GUID's as
keys in the Registry each with hashed GUID's as data to make it hard
for the user of the installation monitor to know which one actually
contains the real key and data. It's also possible to link some of
the GUID keys and data to point to false goals.
It's a good idea to search for cracks from time to time by doing a
Google search as standard (non-administrative) user on your program's
name. Don't open any crack site to look for more information, since
some may somehow install a trojan on your system even if you are not
an administrator.
Without going into more detail, all the above must obey the security
rules if the installation is to succeed under Vista.
Irwin Scollar
Delphi mailing list -Delphi (AT) elists (DOT) org
separate registration programme create two unique GUID's with the API
CoCreateGUID called the first time the registration program runs on a
particular machine which pops up a dialog in which the user must
enter personal details, credit card numbers, etc. The separate
registration program must not run in non-administrative mode. Check
this using the Jedi code IsAdministrator routine.
Insert one of the GUID's in the HKEY_CLASSES_RT as a key, and a
hash of the GUID inserted as data under the key. Insert both hashed
data and the key into fields of the user's record, encrypt the record
with AES, convert the result to MIME so that it can be attached to
an e-mail, and require that the user sends this back to you when the
registration process finishes, or spawn the default mail program from
the registration program and send the MIME in the mail body.
receipt, convert the MIME back to ASCII, decrypt this record, and
with an installation program which can run a DLL, check for the
presence of the key and the correct hash of the data when installing.
Use both, appropriately encrypted and converted to hex as the
unlocking key for the program, and write a suitable unlocking GUID
elsewhere with the DLL. The first key can now be erased so that
distributing a backup of the system state plus the unlocking key
will not work on another system.
can think up numerous variations on this scheme. Note that as
described above, this will not defeat an installation monitor which
also monitors registry changes and file changes before and after
installation unless one creates a large number of spurious GUID's as
keys in the Registry each with hashed GUID's as data to make it hard
for the user of the installation monitor to know which one actually
contains the real key and data. It's also possible to link some of
the GUID keys and data to point to false goals.
It's a good idea to search for cracks from time to time by doing a
Google search as standard (non-administrative) user on your program's
name. Don't open any crack site to look for more information, since
some may somehow install a trojan on your system even if you are not
an administrator.
Without going into more detail, all the above must obey the security
rules if the installation is to succeed under Vista.
Irwin Scollar
Delphi mailing list -Delphi (AT) elists (DOT) org
- 7No.
- Answer
at [2008-5-6 4:37:56]
Hi,
I'm not sure in which group this query is appropriate, but this seems to
be the closest one,
I need to make a "Text Chatting" Program using IntraWeb and Delphi 7
Can any one give a sample or know, at least a direction? Where I can
start looking? I've
done some googling and did not find any thing.
Thanks
Bahry
Delphi mailing list -Delphi (AT) elists (DOT) org
I'm not sure in which group this query is appropriate, but this seems to
be the closest one,
I need to make a "Text Chatting" Program using IntraWeb and Delphi 7
Can any one give a sample or know, at least a direction? Where I can
start looking? I've
done some googling and did not find any thing.
Thanks
Bahry
Delphi mailing list -Delphi (AT) elists (DOT) org
- 8No.
- Answer
© dev.emsdn.com Inc. 2008 All rights reserved;