forum.vdsworld.com

[marty]

Hi,

For those who have created a shareware with VDS, what would suggest to be the best way for registration and protection.

- A Key, serial number... Blowfish.dll ..something else?

What are your suggestions

Thanks...
Marty

[PGWARE]

I suggest using a .KEY file and high level encryption. I say this because when I first had Alloy out I used a normal registratation routine which I thought was 100% secure, it basically took the user's name and then did mathematical routines on it to get a numerical value from the persons name. Trust me this took alot of math operations and so I thought it was secure. Guess what, not even a week later there was a keygenerator out for it..... So then I went to high level encryption, the crackers never figured out how to decrypt the keys, and to this date the only crack(keygen) for Alloy is for version 1.5.xx which no longer works on the latest version of Alloy (well over 2 years since that keygen).

[PGWARE]

I also suggest using a exe compressor, such as Petite. The reason I favor Petite is that it is one of the compressors which has limited decompressors available for it which don't work 100%. Also other exe compressors like UPX have their decompressors available on the internet as a requirement, while UPX is free it's easily removed from the final exe.

You can find Petite at: http://www.un4seen.com/petite/

The reason I use an exe compressor is not only because it makes the final exe's about half their original size it also mangles up your source code compiled in your exe pretty good. Remember there are ways to decompress this but it adds one more step to the crackers workload. Never use a compressor as your only means to stop your app from being pirated.

Finally the best step is once you see serial numbers/keys of your software out on the net, you should add code in your app which bans these keys/serials out from future versions. This protects your future versions from being pirated by previous leaked serials.

Also remember that those that want to steal will find a way to steal, there are millions of trustworthy people that use the internet and will purchase your software if they like it, don't over-fortify your applications and disable things that might convince legitament users to buy.

[marty]

Thanks for the info.

When you say a .key and "high level encryption" you mean like the blowfish.dll so the VDS prog will read in the key, if it's present, and decrypt the code right?

That seems like a very good solution. As for petite I'm already using it for compression and minimal security. And it's good.

[vdsalchemist]

Hi All,
Just to let all the DLL builders out there know. I am about to release a DLL that will make protecting our DLL's possible again. I have been working with Garrett on this little project and I have a way now to protect your DLL's with a DLL that I wrote with LCC-Win32 Please look for it by the end of this week. This DLL will alow us to verify that our files are the real files and that they are not being spoofed.

[PGWARE]

Yes Blowfish.dll is a good and easy to implement solution but if you dont want to use a dll I think someone posted code awhile ago on the old forums showing how to use the blowfish algorithm with VDS alone. As blowfish is just a set of mathmatical routines. I'm sure it's very possible to implement other encryption routines with VDS too.

The .KEY file is just a normal .txt file named .KEY, really you could name it anything you want. Because encryption makes a string very long it's easier to send your users a .KEy file rather then sending them an email with a serial code 200 characters long. In your code you can load the file into a listbox and read out the string and decrypt it.

[LiquidCode]

I posted a binary encryption script that iMPA posted on the old
board. It is a good replacement for blowfish.dll. It's in the
VDS 4 code area.

[marty]

I'm more than thankful for your help guys.

I will use the great code that LiquidCode did to create and read a .key file.

This info was again very informative...



Marty