How to protect my portable software against copying

Posted on 2011-10-09
Last Modified: 2012-05-12

I have a software written by me and it uses a portable database.
The portable database is password protected.

My problem is that  the whole software can be copied to another computer and it will work. I don't want to use another database, because it's a small software, and neither a hardware key, however I want to prevent copying.

Because the database is protected I can store any data in it that can't be read, or modified.

What can you recommend? I thought of storing the hard drive serial number in the database (by the way I don't know how to get it) and at software start I would check the actual hard drive number and the database stored one.

Is it a better method? What about if the customer buys it for 4 computers? What can I do then?

Thank you

Question by:starhu
    LVL 1

    Expert Comment

    It's possible to generate unique key (e.g. based on hard drive serial number).

    The activation process will be:

    The user install the software and provide you his unique key
    You generate encrypted key (e.g. MD5 of unique key)
    Store the encrypted key in the database

    The validation is:

    The software get unique key and stored encrypted key
    check if MD5 of unique key = stored encrypted key

    How to get hard drive serial number

    can be used from other languages e.g. C#:

    How to calculate MD5:

    public string CalculateMD5Hash(string input)
        // step 1, calculate MD5 hash from input
        MD5 md5 = System.Security.Cryptography.MD5.Create();
        byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
        byte[] hash = md5.ComputeHash(inputBytes);
        // step 2, convert byte array to hex string
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < hash.Length; i++)
        return sb.ToString();

    Open in new window

    LVL 25

    Accepted Solution

    there are tools that allow the setting of the volume ID, so this is not the most secured information to use for such protection. It would be easy to set the volume ID on other computers to match the one where the software was registered.
    I would recommend the use of the motherboard information, through WMI :

    But yes, the principle is always the same. For multiple workstation licence you will need to add a licence Key in the mix.
    The licence Key is a single value, or row, in your database. this key should contain those informations :
    LICENCE_KEY , CLIENT_ID (for your own customer management application), MAX_WORKSTATION, VALID_UNTIL_DATE
    Those data will be put in the DB by you, manually, with a tool. Then all workstation will need to register

    * Step 1 : At startup, your application get the workstation specific key
    - get some hardware related data
    - generate a workstation key from that data (let's say 12 to 16 hexa digits) (*algo 1*)

    * Step 1.5 : check if there is an activation key in the DB corresponding to this workstation key (detailed later). If there is, then allow the application to start. Otherwise, launch the registration process.

    * Step 2 : the user send this key to you, AND the DB licence key, and you return an activation code
    - maybe your software sends you an email, or you have a webservice that will do it fully automated
    - from the key given to you, and the licence key, you generate an activation code.
    the activation code generation usually carry less information than the workstation key combined with licence key. so maybe 12 hexa digits is enough (* algo2*)
    - you send that code back to the user by email, or directly to the application if you used a webservice

    * Step 3 : Check the activation and store in DB
    - the software checks the activation code returned, buy calculating it with the same "algo 2".
    - if both match, then register the activation code with the workstation code in another DB table, and allow the software to run.

    Now, how to implement all those algo (1 & 2) ? well, that is the part you have to decide yourself, as your system will be as secured as these algo will be secret and complex. There are plenty cryptographic algos you can use, combine, do little tricks here and there of your own with constants that only you and your softwares know...

    Author Comment


    Thank you for the advice both.

    The motherboard examples don't work:

    Option 1) I haven't got WMIScripting in my system
    Option 2) It always gives me an empty string for the motherboard
    LVL 20

    Assisted Solution


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Suggested Solutions

    Title # Comments Views Activity
    How to split this in C++ 4 47
    find a node in VST 2 36
    firstChar challenge 13 55
    Program to display an alert on Windows Toolbar 2 28
    Iteration: Iteration is repetition of a process. A student who goes to school repeats the process of going to school everyday until graduation. We go to grocery store at least once or twice a month to buy products. We repeat this process every mont…
    Whether you’re a college noob or a soon-to-be pro, these tips are sure to help you in your journey to becoming a programming ninja and stand out from the crowd.
    In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now