[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

How to protect an application with a serial generator using the client / server way

Hello everybody,

I want to distribute an application created by me on the web. It is a rared file. There are no executables that can be launched inside it. I do not want that everyone can open this file. Instead,I would personally assign a serial key for each copy that is downloaded and I also want the keys turned off once they are used. Can you give some ideas about how to create the whole thing ? Thanks.
0
marietto2008
Asked:
marietto2008
  • 4
  • 3
1 Solution
 
CSecurityCommented:
If it's not an executable, how you want to execute codes and decide to let user use it or not?

Only option you have is encrypting the file and giving password to only registered/paid users. No more option is available. But user can distrubte extracted file, as it is not executable file.

If it's audio/video etc. you can try keeping them on your web server and having an encrypted media player, althought they are also recordable by users.

You can have maximum protection by embedding your file into an executable and Only allowing access to your content/file using by executable file.

That's all
0
 
marietto2008Author Commented:
it's a Linux distribution created by me. For example the Redhat Linux Server can be activated only with a code and the old codes are blacklisted. How can I do it ? How can I setup a server to authenticate codes ? Codes could be the cryptographic keys ?
0
 
CSecurityCommented:
So it's executable, you shouldn't call it it's not an executable.

Simply create a RSA key pair for example or implement Diffie Helman challenge-response schema. Then generate encryption key for each session.

When user enters a serial, you connect to your server, do the challange-response and generate an encrypted session key, encrypted user's serial with session key, send it to server, server verifies serial, sends encrypted response to client, client shows response and decides about user.

It would be most secure authentication schema. You should also encrypt/obfuscate your authenticate code in order to make reversing impossible or at least so hard.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
marietto2008Author Commented:
I'm a totally newbie about that. Do you have a tutorial that explain to me step by step what to do ? Thanks.
0
 
CSecurityCommented:
Diffe-Helman key exchange:
http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

You need to google it, but I should tell you, it's not something easy. It's better for you to hire a freelancer from RentACoder.com to do it for you.
0
 
CSecurityCommented:
There is too much thing to do,

Encryption algorithm
Encryption schema
Protecting application from being reversed (anti-dump, anti-debug, etc.)
Code to deploy all features

And it seems you need these features all in Linux and I think it should be written in C/C++.

So it's challenging, as I said, it's better to hire someone
0
 
marietto2008Author Commented:
ok
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now