Solved

application security and cd protection

Posted on 2001-06-21
27
281 Views
Last Modified: 2010-05-02
hello sir,

i know cd protection is a very big & internation problem but everything is possible.

v want a solution for cd protection as well as application security without using a dongal (hardware lock : eprom) or any physical device.

restrictions :
1. cd to cd writing
2. copying cd to hdd

user can install from cd in him/her single pc only.

is any facility in vb6 ?

thanx
bhavesh
0
Comment
Question by:Aurokripa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 20
  • 4
  • 2
  • +1
27 Comments
 
LVL 1

Expert Comment

by:morgan_peat
ID: 6214105
If there was a way of doing this, don't you think that Microsoft would have it on all their software?

The only way you can have this sort of protection (that I know) is to provide a license key to a specific user.  You just have to hope that they will not share the key (make it for a particular user name), and rely on the law to protect you.....
0
 
LVL 3

Expert Comment

by:jrspano
ID: 6214165
any kind of software protection can be broked, period.  There is a hacker out there somewhere that can break what ever you make.  CD sellers started burning serial number, or blank data tracks in cd's for a while.  It worked all of about a month before someone came out with a cd burning program that does an exact byte copy.  If you make the license key like morgan suggested you will stop most people.  The normal everyday person will be stopped.  That is your goal in software protection.  You will eliminate 80-90 percent of piracy with it, but you will never get perfect. even with dongals some one could easily extract the eprom out of it and make more of them, granted it is a lot harder than just software. but where there is a will there is a way, as the old saying goes...
0
 
LVL 6

Accepted Solution

by:
andyclap earned 200 total points
ID: 6214584
Agreed - you can't do a perfect job protecting software in current operating systems, at most you can deter the less determined hacker. Even dongles are hackable (your software has to read the dongle, therefore has code you can hack).

There's a couple of good products called softlocx and titanium from
http://www.bitarts.co.uk 
These lock a registration key against a particular machine (I guess using bios and disk ids), and are pretty reliable.

I'd imagine the future of this sort of thing is some form of online licensing.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 3

Expert Comment

by:jrspano
ID: 6214621
I'd imagine the future of this sort of thing is some form of online licensing.

yep MS makes you register online with your cpu's serialnumber to get their new stuff like office xp to work.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216839
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216843
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6216846
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6220956
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6243762
testing
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6243764
Aha, this question is finally open for comments.  Well, I've got my list of comments in a file at home.  Would you mind waiting until I get home, get the file with some links in it then post it?

That's it!

glass cookie : )
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6253189
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6262868
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6267796
0
 
LVL 6

Expert Comment

by:andyclap
ID: 6268745
Oh dear Glass_cookie - you're not having much luck posting are you!
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269034
testing...
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269036
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269038
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269040
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269041
this is irritating...
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269053
OK, I get it.  I can't PASTE anything on this link.  I'll type everything again...

Well, I've got 3 methods.

No1: It targts people who don't know about cancelling autorun using the shift key.  Create an autorun.inf file that would pop up an app which covers the entire screen and asks for user password and ID.  This is a low level of security.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269066
If the user password is incorrect, the CD is ejected.

The 2nd method:

Use an encrypted file as a 'authorisation' file.  Your app would decipher and read it.  If it's (the file contents) correct, access would be given.  Or else, the proggy would crash.  Make sure that the file is loaded somewhere where nobody would go to look for it and give that file a name that does not hint that it's the password file.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269079
The last method (kind of troublesome but highly effective):

Set each of your app's exe files' date and time of creation to a unique date and time.  Upon loading your app, your app would check itself for it's date and time.  if it's incorrect, the proggy crashes.

Here's a link to help you achieve that:

Download...
http://www.vb-helper.com/Howto/setftime.zip

Description: Description: Set a file's creation, last access, and last modified times (4K)

Please note that this code works best on files on the hard disk, NOT on a CD-RW drive.

I suppose if someone would duplicate your cd, the date/time of creation would be different.  It's best to use all 3 methods.

That's all.

glass cookie : )
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269083
Hi Experts,

I'm really sorry for flooding your mailboxes with all these empty links.  Just discovered something:

EE doesn't allow pasting and pasting of files with lots of text - had to break them up - at least for this case.

That's it!

glass cookie : )

PS. Thanks andyclap for notifying me in the form of posting a comment.
0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6269085
Hi Experts,

I'm really sorry for flooding your mailboxes with all these empty links.  Just discovered something:

EE doesn't allow pasting and pasting of files with lots of text - had to break them up - at least for this case.

That's it!

glass cookie : )

PS. Thanks andyclap for notifying me in the form of posting a comment.
0
 
LVL 6

Expert Comment

by:andyclap
ID: 6269120
Just looking at your methods - some comments

1) CD Autorum - Hold shift down. No problem. Alternatively leave the CD in the drive and turn off and on.
2) Copy the file to another machine - off you go. There's a few programs out there which can tell you exactly what files are touched by any program, so finding the file is no trouble
3) Use a low level CD copier - all the files will be exactly the same.


Actually method 2 is along the right lines, but you have to tie this file to the user's machine via a registration process and some form of hash on things like CPU serial number, Drive serial numbers, Network card numbers etc. This means that copying the file to another machine won't work. When the app starts, you can test this file's validity and prompt for (possibly online) registration to create the file for the particular machine.


0
 
LVL 8

Expert Comment

by:glass_cookie
ID: 6271887
Hi andyclap,

Just to do some checking (as I'm not very sure about it): does a low level CD copier duplicate the CD and all those files burnt on the CDR would have the same creation and modified date?

Thanks!

Oh yes... something just struck me:

Considering the second method (including/excluding what andyclap has mentioned), implement the creation+ modification date on the encrypted file.  Is it sort of foolproof?

That's it!

glass cookie : )
0
 
LVL 6

Expert Comment

by:andyclap
ID: 6272547
>does a low level CD copier duplicate the CD and all those files burnt on the CDR would have the same creation and modified date?
Yep - everything is exactly the same.

Also creation, modification and last access dates can all easily be set via the windows API (I do this myself in my current app when transferring files over the net).

0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question