I'm creating a License Generator & PC IDs based verification - program to create license based pc hardware.
It sends pc id ( such as mac address, uuid, bios serial number etc) to a server that create the license, and sends it back to the client.
When client wants to activate the program, he sends his license to the server and gets an answer – basically true or false.
All data encrypted by AES key and signed by server….
Here is the problem – Can I make sure a reverser didn't change the code checks server's response? There is always this "if condition" ( or cmp in assembly) that can be changed
I took care of obfuscation, packing, anti-debugging etc, as much as I can, but a good reverser can change and pass it
Thank you
Avinoam
Simply enough: that's impossible. As you said, there will always be some "if condition".
I'll just list some methods I remember that applications use to make it harder for crackers:
checksums on the code. If a cracker will change some of the code, she'll also need to find the appropriate checksum (which can be further obfuscated)
running multiple checks throughout the code, and possible in many threads/tasks at specific/random times (e.g verify the CDKEY every 1 minute via a different code path)
have some of the code encrypted using the CDKEY (so if you don't have one, you don't really have the application's code at all)
have the appropriate code stored on your sever. When the user tries to access a "new" feature (e.g next stage in a game), the application will handshake with the server, and if the server is convinced that it's not a cracker, the server will send the relevant code to the application, which will then run it.
have a remote SIM-like device that is physically obfuscated (just like a SIM card) that will provide a physical API to the computer, and the server will query that device to check for its genuinity. Just read about SIM cards.
Related
I'm building an application that needs to modify DHCPv6 packets dynamically before they hit the wire. I'm doing some heavily proprietary work with DHCPv6 vendor options, and I need the ability to examine and modify those options in-memory before they are transmitted.
I've built a proof-of-concept layered service provider on top of Winsock by modifying the Microsoft sample code. It intercepts outgoing HTTP packets, changes the referrer-agent to something funny, and sends the packet on its way. Verified in Wireshark, works great.
It was also straightforward to change my installer code so that my LSP gets chained in on top of UDP/IPv6 rather than TCP/IPv4, and now, with a debugger attached, I can see myself getting callbacks with stacks leading into the DHCP server. However, I can no longer see the buffers in memory.
WSPSend and WSPConnect don't get called, since we're on a connectionless protocol--that makes sense. I do get a consistent callback in WSPSendTo but the lpBuffers member, which in my HTTP prototype contained the buffer representing the outgoing packet, is NULL.
Am I going about this completely the wrong way, or is there another Winsock operation I need to override? I'd be happy to go in another direction if an LSP is the wrong way to go, but outside libraries are a very tough sell for this application--otherwise, I'd be looking at Winpcap.
EDIT: Wow, this was a long time ago. For those coming behind me, this ultimately worked fine. I'm embarrassed to say that the issue was that I was compiling with optimizations that prevented me from seeing the correct data in the debugger. When I stopped being lazy and dumped the bytes to a file, I saw that all was well.
LSP does can only intercept Winsock traffic, DHCP is at a lower layer, you need a different technology to do this, for example: NDIS, TDI (Will not work on Win8) or WFP (Will not work on XP)
I have to be able to detect an IP address change for my Mac client. I need to perform an action every time I get a new one, when I go from wifi to wired ...
Anyone has done something similar? I currently poll every minute and I need to change that to be more event driven.
There are multiple ways to do this, from IOKit notifications on up, but the simplest is probably the SystemConfiguration framework.
The first step is to fire up scutil and play with it to figure out which key(s) you want notification on:
$ scutil
> list
...
> n.add State:/Network/Global/IPv4
> n.watch
... unplug your network cable (or disconnect from WiFi)
notification callback (store address = 0x10e80e3c0).
changed key [0] = State:/Network/Global/IPv4
Look at that, got it on first try. :) But if you want to watch a particular NIC, or use IPv6 instead of v4, etc., obviously you'll want a different key from the list. Note that you can use regex patterns (POSIX style, as defined by man 3 regex), so if you want to watch, say, any NIC for IPv4, you can use State:/Network/Interface/.*/IPv4, or if you want to say global IPv4 or IPv6, State:/Network/Global/IPv., etc.
Now you just call SCDynamicStoreSetNotificationKeys with the keys you want.
Note that SCDynamicStoreSetNotificationKeys can take regex patterns (POSIX style, as defined by man 3 regex)
Since it's a bit painful in C, I'll write it in Python:
#!/usr/bin/python
from Foundation import *
from SystemConfiguration import *
def callback(store, keys, info):
for key in keys:
print key, SCDynamicStoreCopyValue(store, key)
store = SCDynamicStoreCreate(None,
"global-network-watcher",
callback,
None)
SCDynamicStoreSetNotificationKeys(store,
None,
['State:/Network/Global/IPv4'])
CFRunLoopAddSource(CFRunLoopGetCurrent(),
SCDynamicStoreCreateRunLoopSource(None, store, 0),
kCFRunLoopCommonModes)
CFRunLoopRun()
The main reason this is more painful in C is that you need dozens of lines of boilerplate for things like creating an CFArray with a CFString in it, printing CFString values, managing the lifetimes of the objects, etc. From Jeremy Friesner's comment, there's C++ sample code available if you'd rather read 113 lines of C++ than 17 lines of Python. But really, there's only one line here that should be unfamiliar to someone who's never used Python:
def callback(store, keys, info):
for key in keys:
print key, SCDynamicStoreCopyValue(store, key)
… is the equivalent of the C definition:
void callback(SCDynamicStoreRef store, CFArrayRef keys, void *info) {
/* iterate over keys, printing something for each one */
}
Oddly, I can't find the actual reference or guide documentation on SystemConfiguration anymore; the only thing that comes up for SCDynamicStoreSetNotificationKeys or related functions is in the Navigating Firewalls section of CFNetwork Programming Guide. But the original technote TN1145: Living in a Dynamic TCP/IP Environment still exists, and it's got enough background and sample code to figure out how write this yourself (and how to detect the new IP address(es) when you get notified).
Obviously this requires you to know what exactly you're trying to watch for. If you don't know that, nobody can tell you how to watch for it. Your original question was how to "detect an IP address change".
What the code above will do is detect when your default address changes. That's the address that gets used when you connect a socket to an internet address without binding it, or bind a socket to '0.0.0.0' to act as an internet server. If you haven't written the server code you care about, nearly all network clients do the former, and most servers do the latter unless you configure them otherwise, so that's probably all you care about.
Now let's go through the examples in your comments one by one:
if i am trying to determine a network change, wifi to LAN
There is no such thing as changing from WiFi to LAN. When you connect to a LAN, the WiFi is still working. Of course you can manually disable it before or after connecting to the LAN, but you don't have to, and it's a separate step, with a separate notification.
Normally, adding a LAN will change your default address to the LAN's address, so /Network/Global will notify you. If the OS can tell the LAN is not actually connected to the internet, or you've changed some hidden settings to make it prefer WiFi to LAN, etc., it won't change the default address, and /Network/Global will not notify you, but you probably don't care.
If you do care about whether a particular interface gets, loses, or changes an address, you can watch that interface. On most Macs, the built-in Ethernet is en0, and the built-in WiFi is en1, but of course you may have a third-party USB WiFi connector, or you may be using a tethered cell phone, or you may be interested not so much in the actual IP address of the LAN as in the VPN address of the VPN the LAN is connected to, etc. If you're writing something special purpose, you probably know which interface you care about, so you can watch, e.g., State:/Network/Interface/en0/IPv4. If you want to be notified on any interface changing no matter what, just watch State:/Network/Interface/.*/IPv4.
or to hotspot or another wifi
Changing from one WiFi network to another (hotspot or otherwise) will change en1—or, if you're using a third-party WiFi adapter, some other interface. If your default address at the time comes from WiFi, it will also change Global, which means the code above will work as-is. If your default address is still your LAN, Global won't change, but you probably don't care. If you do care, watch Interface/en1 or Interface/.*, etc., as above.
what all network settings should I be watching for IPV4 and 6
Just replace IPv4 with IPv6, or use IPv.. But do you really care about IPv6?
what else
What else do you care about? If there's something you actually want notification of, you presumably know what that something is.
Beyond that, if the system tells you that the foo address on the bar interface has changed to "ZZ9 Plural Z Alpha", and you've never heard of the foo protocol, what could you usefully do with that information? But if you really want it anyway, again, you can just use a regex pattern to watch for anything under each interface.
For a requirement to generate per-PC license keys, I need some code which will return a stable and (near) unique key on any PC. It doesn't have to be guaranteed unique, but close. It does need to be reasonably stable though, so that a given PC always generates the same result unless the hardware is substantially changed.
This is for a Windows application, using wxWidgets but a Win32 or other option is fine.
I was thinking about MAC address but what about laptops which can routinely disable the network card in power-saving mode? I came across GetCurrentHwProfile but it doesn't quite look like what I want?
One idea I had a while back for this is to use CryptProtectData as a way to identify a machine. Behind-the-scenes in that API, Microsoft has done what you're looking for. I never tested it though and I'm curious if it's actually viable.
Basically you would encode a constant magic value with CryptProtectData with CRYPTPROTECT_LOCAL_MACHINE, and the result is your machine ID.
I would just go with the MAC address method; when the wireless / LAN cards are turned off they still show up in Network Connections. You should therefore still be able to get the MAC.
Consider this: Any time you'd be able to contact your webserver or whatever you're cataloging these IDs with, the user is going to have to have some form of network card available.
Oh, and you might be able to use CPU serial number of the customer's computer supports it.
I think there no really easy and unique method so far discovered here.
GetVolumeInformation retrieves not even close to unique ID.....
To use any hardware serial is problematic because manufactures are not committed to supported it always and especially to keep it globally unique
GetCurrentHwProfile retrieves GUID but it's value affected by minor! hardware changes...
Using Product Key ... will bring U to deal with the stolen software - there lot of pirate installations over the globe.
Creation of own GUID and preserving it under registry (in any place) will not prevent duplication by cloning of image ....
etc...
From my perspective of view the best way is combine:
Volume ID + MAC's list + Machine SID + Machine Name. And obviously manage license policy on the server side ;0)
Regards
Mickel.
If you want something a bit harder to spoof than whatever the machine itself can tell you, you'll probably need to provide a USB dongle dedicated for this purpose (not just a flash drive).
For a pretty brain dead test I am using the ProductID code of the OS and the computer name - both extracted from the registry. Not really secure, but its all pretend security anyway.
edit
To answer John's question about what keys I am reading:
SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductID
SYSTEM\CurrentControlset\Control\ComputerName\ComputerName\ComputerName
How about using the serial number of the harddisk where windows is installed?
The function GetVolumeInformation() will give you such serial number.
To access the ID assigned by the harddisk vendor instead of the ID assigned by Windows, you can use the Win32_PhysicalMedia Class.
To determine the drive where windows is installed, you could expand the variable %windir" by using the function ExpandEnvironmentStrings()
Another option, if your architecture allows, is to use UuidCreate() to generate a random GUID at installation time and save it permanently in the registry. This GUID can then be used as the ID as long as the registry remains. A new registry database is generally considered as a new installation.
A third option is to have a well-known server assigning the IDs. Upon starting up, the software could look up for the ID in the registry and if not found, would contact the server and supply it with its MAC address, hostname, harddisk serial number, Machine SID and any number of indentifyable information (keys).
The server then determines if the client is already registered or not based on the information given. The server could have a relaxed policy and for example only require most of the keys for a match, so that the mechanism would work even in the event of a complete wipe out of the registry and if part (but not all) of the hardware was replaced.
How about using the serial number of a CPU. I remember Microsoft used to provide an api for this that would run the necessary assembler code and give you back all sorts of info about the CPU including serial number. Not sure if it'd work with AMD chips or not, I think it was intel specific.
Surely CPU Id is secure and static enough!!
I would like to restrict people using my application to one Computer, so I was thinking about IP's.. but people in some countries get new IP's after they reboot their Internet.. so I need something better to identify the users, like some value that doesn't change until the user performs a format.
Thanks
The MAC address of e.g. an ethernet interface typically doesn't change even across formats (only if the user changes ethernet interface card). Don't worry, nothing to do with Apple Macs, MAC stands for Media Access Control;-).
You will probably need some registration process, so you could tell the user that you will connect to get some update, and in that process send the serial number of the application and the mac address. If the serial number has already been registered then return an error to the user.
Ideally you should perhaps download some needed dll that is tied to a specific serial number and perhaps mac address, so that if the user copies the dll to a different program it will require more work to get it to work.
It depends on how much you want to inconvenience the user as to the best approach, I believe.
Where I specified dll could be any assembly, jar file, etc, that the language in question uses for running the application.
I have an installation program (just a regular C++ MFC program, not Windows Installer based) that needs to set some registry values based on the type of Internet connection: broadband, dialup, and/or wireless. Right now this information is being determined by asking a series of yes or no questions. The problem is that the person doing the installations is not the same person that owns and uses the computer, so they're not always sure what the answers to these questions should be. Is there a way to programatically determine any of this information? The code is written in C++ (and optionally MFC) for Windows XP and up. .NET-based solutions are not an option because I don't want to have to determine if the framework is installed before our installation program can run.
To clarify, the issue is mainly that wireless and dialup connections are not "always-on", which creates a need for our product to behave a different way because our server is not always available. So a strictly speed-measuring solution wouldn't help, though there is a setting that's speed dependent so that the product doesn't try to send MB of information through a dialup connection as soon as it connects.
[I have no idea how to get exactly the information you asked for, but...] Maybe you could rephrase (for yourself) what you try to accomplish? Like, instead of asking "does the user have broadband or dialup", ask "how much bandwidth does the user's internet connection have" - and then you can try to answer the rephrased question without any user input (like by measuring bandwidth).
Btw. if you ask the user just for "broadband or dialup", you might encounter some problems:
what if the user has some connection type you didn't anticipate?
what if the user doesn't know (because there's just an ethernet cable going to a PPPoE DSL modem/router)?
what if the user is connected through a series of connections (VPN via dialup, to some other network which has broadband?)
Asking for "capabilities" instead of "type" might be more useful in those cases.
Use InternetGetConnectedState API to retrieve internet connection state.
I tested it and it works fine.
I found this document which can help:
http://www.pcausa.com/resources/InetActive.txt
Regarding the question "is the internet connection permanent or not?":
best way would be probably to make the app robust enough to always cope with a non-permanent connection :-) which would work the same with dialup and broadband...
alternatively, maybe you can find out how long the user's internet connection has been established already, and compare with system uptime? If the connection has been online for almost as long as the computer was running, it's probably a permanent connection.
Anyway, these heuristics will probably fail for obscure connection types.
Also, regarding the point about not sending lots of data: if people have a "broadband + low traffic limit" tariff, you shouldn't send lots of data either even if bandwidth allows :-)
Best bet would be to grab the default active network connection, ensure it is an internet connection (ping google.com or similar) and then ask it what type of device it is. You should be able to determine from that what connection the user has.
I'm fairly confident this is possible, but not sure how to go about it though.
I think you should just do a quick connection-speed test. Just download some specific sized files, time how long it takes, and you'll know the speed. I agree with the other guy, don't ask them what type of connection they have, what's more important is the speed. Perhaps next year they come out with 100mbit dialup...do you want everyone using this amazing new device to get the crappy lowbandwidth version of your app?
I would agree with oliver, as you imply: you have the functionality already to cope with connection loss, why not enable it by default.
Broadband connections can get messed up to: routersoftware that freezes (happens a lot to me), or poweradapter that fries, ...