serial number

hello,
I would like to send my app to a friend, but I want to make sure that he
doesnt distribute it or send it over to anyone...
so I made this thing that checks the c: drive label that is unique for
every computer - (GetVolumeSerialNumber("C:\")
and then when he tells me this i'll activate it, and put it in my web!
what I want to do is something that checks his number in a page
from my website when the program load, and if the serial is there
good he can use the app if the serial is not there to say you are
not authorized to use this software. how can I do this ?
i mean the guy is a geek i dont want him to reverse engineer it.
apleloisAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
ElrondCTConnect With a Mentor Commented:
Let's say the serial number is "1234567890". If your paranoia level is low, just

Dim strSerial as String = "1234567890"
if GetVolumeSerialNumber("C:") <> strSerial
   MessageBox.Show("Unauthorized system for this program.")
   Me.Close
End If

If your paranoia level is high, then create a few separate strings:

Dim strSerial1 as String = "123"
Dim strSerial3 as String = "7890"
Dim strSerial2 as String = "456"

(Intentionally out of order just in case the compiler might otherwise put them next to each other and make them thereby visible)

if GetVolumeSerialNumber("C:") <> strSerial1 & strSerial2 & strSerial3
   MessageBox.Show("Unauthorized system for this program.")
   Me.Close
End If

0
 
ElrondCTCommented:
Depending on how much of a geek he is, you may have difficulty preventing a reverse engineering process. While you can encrypt the serial number on your website, so that he can't just redirect the "phone home" process and send the actual serial number, a true geek would be able to intercept the message coming via the Internet and find what code you're sending. But if you're that paranoid, you could demand his volume serial number before you send him the application, then put the serial number into the application before you compile it and ship it out. If you're afraid he'd use a hex editor to change the characters, then break up the number into several different strings that you combine in code (so there wouldn't be anything obvious to find when doing a search of the exe).

Depending on how much a friend he is, he may not like the idea that if he gets a new hard drive, he can't use your application any more (without contacting you)--or if your web site (or his Internet access) is down, he's shut out. For a person-to-person transaction, this may be reasonable; I would strongly advise against it for a commercial application, as I think most potential customers would rebel. Not even Symantec is that onerous with their product legality verification.
0
 
apleloisAuthor Commented:
well im all ears here.. what do you think is best for protection?
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
ElrondCTCommented:
Security is always a balancing act between tightness of security and ease of use. How paranoid are you, and how concerned are you about making your friend annoyed? Is this an application that he's likely to want to use for a long time (and that's OK with you), or is the need short-term? If you validate via the web, What's the likelihood that the web being temporarily unavailable is going to cause a serious problem for him (because he can't use your program)? Realize that if he's a geek, he's going to know almost instantly that you're doing web verification, because he'll almost certainly have a firewall that will tell him the program is phoning home; he may be as suspicious of you (what other information is being exchanged?) as you are of him.

Putting the serial number into the code of the program avoids web access issues, and may be if anything easier than setting up web-based verification. It still causes the potential problem for the user that if he moves to another disk (whether a new computer, or just an updated drive), he's down. He'd then need to contact you for a new copy of the program. If you're not available, will he feel cheated? (Is he paying you for the app?)

Of course, to allow multiple but limited installations requires some reliable, available counter, whether it's a person or a permanently available website. There's always a certain amount of trust involved there on the part of the buyer--or the seller has to trust that the buyer won't abuse a lack of limitation.
0
 
apleloisAuthor Commented:
hes not paying for it, hes going to use it for about a week.
so I think that what you are saying about
>>Putting the serial number into the code of the program avoids web access issues,
>>and may be if anything easier than setting up web-based verification.
that way is better!
0
 
apleloisAuthor Commented:
how can I do that ElrondCT ?
0
All Courses

From novice to tech pro — start learning today.