Solved

application security and cd protection

Posted on 2001-06-21
27
275 Views
Last Modified: 2010-05-02
hello sir,

i know cd protection is a very big & internation problem but everything is possible.

v want a solution for cd protection as well as application security without using a dongal (hardware lock : eprom) or any physical device.

restrictions :
1. cd to cd writing
2. copying cd to hdd

user can install from cd in him/her single pc only.

is any facility in vb6 ?

thanx
bhavesh
0
Comment
Question by:Aurokripa
  • 20
  • 4
  • 2
  • +1
27 Comments
 
LVL 1

Expert Comment

by:morgan_peat
ID: 6214105
If there was a way of doing this, don't you think that Microsoft would have it on all their software?

The only way you can have this sort of protection (that I know) is to provide a license key to a specific user.  You just have to hope that they will not share the key (make it for a particular user name), and rely on the law to protect you.....
0
 
LVL 3

Expert Comment

by:jrspano
ID: 6214165
any kind of software protection can be broked, period.  There is a hacker out there somewhere that can break what ever you make.  CD sellers started burning serial number, or blank data tracks in cd's for a while.  It worked all of about a month before someone came out with a cd burning program that does an exact byte copy.  If you make the license key like morgan suggested you will stop most people.  The normal everyday person will be stopped.  That is your goal in software protection.  You will eliminate 80-90 percent of piracy with it, but you will never get perfect. even with dongals some one could easily extract the eprom out of it and make more of them, granted it is a lot harder than just software. but where there is a will there is a way, as the old saying goes...
0
 
LVL 6

Accepted Solution

by:
andyclap earned 200 total points
ID: 6214584
Agreed - you can't do a perfect job protecting software in current operating systems, at most you can deter the less determined hacker. Even dongles are hackable (your software has to read the dongle, therefore has code you can hack).

There's a couple of good products called softlocx and titanium from
http://www.bitarts.co.uk
These lock a registration key against a particular machine (I guess using bios and disk ids), and are pretty reliable.

I'd imagine the future of this sort of thing is some form of online licensing.
0
 
LVL 3

Expert Comment

by:jrspano
ID: 6214621
I'd imagine the future of this sort of thing is some form of online licensing.

yep MS makes you register online with your cpu's serialnumber to get their new stuff like office xp to work.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216839
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216843
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216846
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6220956
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6243762
testing
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6243764
Aha, this question is finally open for comments.  Well, I've got my list of comments in a file at home.  Would you mind waiting until I get home, get the file with some links in it then post it?

That's it!

glass cookie : )
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6253189
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6262868
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6267796
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 6

Expert Comment

by:andyclap
ID: 6268745
Oh dear Glass_cookie - you're not having much luck posting are you!
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269034
testing...
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269036
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269038
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269040
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269041
this is irritating...
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269053
OK, I get it.  I can't PASTE anything on this link.  I'll type everything again...

Well, I've got 3 methods.

No1: It targts people who don't know about cancelling autorun using the shift key.  Create an autorun.inf file that would pop up an app which covers the entire screen and asks for user password and ID.  This is a low level of security.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269066
If the user password is incorrect, the CD is ejected.

The 2nd method:

Use an encrypted file as a 'authorisation' file.  Your app would decipher and read it.  If it's (the file contents) correct, access would be given.  Or else, the proggy would crash.  Make sure that the file is loaded somewhere where nobody would go to look for it and give that file a name that does not hint that it's the password file.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269079
The last method (kind of troublesome but highly effective):

Set each of your app's exe files' date and time of creation to a unique date and time.  Upon loading your app, your app would check itself for it's date and time.  if it's incorrect, the proggy crashes.

Here's a link to help you achieve that:

Download...
http://www.vb-helper.com/Howto/setftime.zip

Description: Description: Set a file's creation, last access, and last modified times (4K)

Please note that this code works best on files on the hard disk, NOT on a CD-RW drive.

I suppose if someone would duplicate your cd, the date/time of creation would be different.  It's best to use all 3 methods.

That's all.

glass cookie : )
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269083
Hi Experts,

I'm really sorry for flooding your mailboxes with all these empty links.  Just discovered something:

EE doesn't allow pasting and pasting of files with lots of text - had to break them up - at least for this case.

That's it!

glass cookie : )

PS. Thanks andyclap for notifying me in the form of posting a comment.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269085
Hi Experts,

I'm really sorry for flooding your mailboxes with all these empty links.  Just discovered something:

EE doesn't allow pasting and pasting of files with lots of text - had to break them up - at least for this case.

That's it!

glass cookie : )

PS. Thanks andyclap for notifying me in the form of posting a comment.
0
 
LVL 6

Expert Comment

by:andyclap
ID: 6269120
Just looking at your methods - some comments

1) CD Autorum - Hold shift down. No problem. Alternatively leave the CD in the drive and turn off and on.
2) Copy the file to another machine - off you go. There's a few programs out there which can tell you exactly what files are touched by any program, so finding the file is no trouble
3) Use a low level CD copier - all the files will be exactly the same.


Actually method 2 is along the right lines, but you have to tie this file to the user's machine via a registration process and some form of hash on things like CPU serial number, Drive serial numbers, Network card numbers etc. This means that copying the file to another machine won't work. When the app starts, you can test this file's validity and prompt for (possibly online) registration to create the file for the particular machine.


0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6271887
Hi andyclap,

Just to do some checking (as I'm not very sure about it): does a low level CD copier duplicate the CD and all those files burnt on the CDR would have the same creation and modified date?

Thanks!

Oh yes... something just struck me:

Considering the second method (including/excluding what andyclap has mentioned), implement the creation+ modification date on the encrypted file.  Is it sort of foolproof?

That's it!

glass cookie : )
0
 
LVL 6

Expert Comment

by:andyclap
ID: 6272547
>does a low level CD copier duplicate the CD and all those files burnt on the CDR would have the same creation and modified date?
Yep - everything is exactly the same.

Also creation, modification and last access dates can all easily be set via the windows API (I do this myself in my current app when transferring files over the net).

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
This article describes some techniques which will make your VBA or Visual Basic Classic code easier to understand and maintain, whether by you, your replacement, or another Experts-Exchange expert.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now