|
Software Registration key derived from PC hardware components *** Updated ***
|
Email
|
| Submitted on: |
10/1/2003 1:27:32 AM |
| By: |
Steve W
|
| Level: |
Intermediate |
| User Rating: |
By 44 Users |
| Compatibility: |
VB 6.0 |
| Views: |
58258 |
|
(About the author) |
|
|
|
This is a simplified example that shows how to register an app to individual PCs using a key that is derived from unique properties such as the CPU ID, OS serial, MAC address etc.
It's real easy to do & secure enough to keep most users honest. Feel free to modify & use it as you see fit & please vote if you find it useful. Any feedback or comments are welcome and why not take up my cracking challenge - no one has succeeded yet!
It uses WMI so if you're running W95, W98 or NT4 & you get an automation error download the WMI engine from: http://download.microsoft.com/download/platformsdk/wmicore/1.5/W9XNT4/EN-US/wmicore.EXE.
Update info: The app is even more secure as it now includes complete obfuscation of the key variable and a simple and easily expandable anti-hacking routine (currently includes RegMon, FileMon, SoftICE - routine is adapted from Kevin Lingofelter's code at http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=10000&lngWId=1).
|
 |
| |
|
 Download code
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
- Re-scan downloaded files using your personal virus checker before using it.
- NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
- Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
|
Terms of Agreement:
By using this code, you agree to the following terms...
- You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
- You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
- You may link to this code from another website, but ONLY if it is not wrapped in a frame.
- You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
|
Other 2 submission(s) by this author
|
|
Report Bad Submission
|
Your Vote
|
| |
Other User Comments
|
 10/1/2003 1:45:54 AM: luke99au
very nice 5 globes from me
(If this comment was disrespectful, please report it.)
|
10/1/2003 1:57:52 AM: Erik Stites
I've been looking for something that would be near uncrackable, I think you may have done it. 5 orbs of doom from me.
(If this comment was disrespectful, please report it.)
|
10/1/2003 10:40:49 AM:
5 globes from me
(If this comment was disrespectful, please report it.)
|
10/1/2003 10:48:32 AM: ReadError
Pretty good, but the problem is that if you want to use this method, you'll have to distribute the wmicore with your app... anyway 5 globes
(If this comment was disrespectful, please report it.)
|
10/1/2003 11:57:05 AM: Rob Waibel
EXCELLENT!
(If this comment was disrespectful, please report it.)
|
10/1/2003 12:50:33 PM: Nick Tabick
Wow! This is great. One problem: isn't using this going to give any hackers an easy way in? All they have to do is use this on their own PC. That's a problem, eh?
(If this comment was disrespectful, please report it.)
|
10/1/2003 1:12:47 PM: John Keymer
look good :)
(If this comment was disrespectful, please report it.)
|
10/1/2003 4:41:17 PM: Steve W
Thanks all for the comments & votes, please keep it up...
ReadError, you're 100% right, either state the app only works on Me, W2k or XP or distribute the WMI core install & call it with an error handler. If anybody has an alternative to WMI for getting the hardware info please let me know...
Nick, Unless someone hacks the code, to run in 'full' mode they must use a registration key that corresponds to the hardware item and/or OS serial numbers specific to their PC. Nothing is unbreakable but it would be fairly hard for most people to create one themselves even if the know how the number is generated.
(If this comment was disrespectful, please report it.)
|
10/2/2003 1:20:05 AM: Ruturaj
I don't think it's secure in this form itself. Because , making a KeyGen will be an easy task for the cracker as what he needs to collect is the information from User's PC.
With strong encryption this may be made harder. There is a Protection System which is called Geeworks TrialMaster , they deal with some Win Process ID as well and create a Lock DLL at runtime tied with your application. I've not studdied their method , but they have written something like this in their Help file. Please visit their website for details. This is also a new idea.
Code-Lock , on other hand encrypts the complete EXE & compresses it which then makes it more difficult to crack or reverse engineer it. Using UPX is the best option to compress your compiled EXE.
Just few ways to make your program more secured ... What you guys think about it ?? Share your thoughts as well.
(If this comment was disrespectful, please report it.)
|
10/2/2003 6:41:02 AM: Danny Cain
You say that its weak because all they need is this program, all you have to do is modify the registration key generator for yourself
(If this comment was disrespectful, please report it.)
|
10/3/2003 1:46:15 PM: Nick Tabick
I hate to say it, but Dan has a point. To put it simply, here's a simple situation for you:
Step 1: Hacker gets demo version of software from website for free.
Step 2: Hacker runs software, notes that app uses the system you have developed.
Step 3: Hacker searches for something like this.
Step 4: Hacker downloads a keygen made by someone else who compiled this project.
Step 5: Hacker runs keygen, pastes code into app's key box. Hacker clicks OK.
Step 6: Program registered.
I don't mean to start anything here, but I really think you should be a little more discreet about this. As of right now, though, I have zilch for ideas.
I'll let you get back to work. Keep up the great, great coding.
As for everyone: Let's stop pestering the guy. He's done his part with posting this code. It's our job to congratulate him.
(If this comment was disrespectful, please report it.)
|
10/3/2003 4:22:52 PM: Steve W
Thanks for comments all.
FYI the system gains it's security from BOTH the unique machine specific number generated AND a series of 8 & 11 digit random numbers (from 6.5 million possible in this example).
These numbers are obtained from a string, not generated using a rnd function & the string would obviously be different for each app the system is used in.
Even if someone did figure out how it works, I believe it would be difficult to produce a valid key without knowing the random number string (which would be encrypted in a real app).
If anyone would like to take up the challenge let me know & I'll send you a compiled app to see if you can crack it!
(If this comment was disrespectful, please report it.)
|
10/4/2003 4:02:37 AM:
Yes this method will work unlike as suggested above, one hassle though (from experience) is that you get sick of manually registering app's. Also, what if I purchase your program then buy a new machine, I have to track you down to get a new registration key, so whilst its a secure method, I dont recommend using it especially on commercial software.
(If this comment was disrespectful, please report it.)
|
10/5/2003 11:50:18 AM: Jameson Schriber
Hi Steve,
Great code! I gave you 4 star's, but I'll bump that up to 5 if you'll let me in on your cracking a compiled app challenge (whether or not I crack it, you'll get the 5 - it's nice to see an author stand by his work... but believe me I will crack it). Let's see what you got :)
(If this comment was disrespectful, please report it.)
|
10/5/2003 12:07:53 PM: kooki
Hacker showdown!!!
(If this comment was disrespectful, please report it.)
|
10/7/2003 12:59:57 AM: japuram
Yeap, post your results etc here c'mon lets put this for the challenge.
(If this comment was disrespectful, please report it.)
|
10/7/2003 2:32:02 PM: Paul Caton
I just made a submission that might lessen your reliance on WMI for getting CPU information. Let me know if it helps. http://www.exhedra.com/vb/scripts/ShowCode.asp?txtCodeId=49073&lngWId=1
(If this comment was disrespectful, please report it.)
|
10/11/2003 1:28:59 AM:
It refused to register it own generated keys.!!!
What should I do.
I am runnin XP Professional
Asif
(If this comment was disrespectful, please report it.)
|
10/11/2003 1:53:25 PM: Steve W
Asif & any others having problems...
Hi Asif
Firstly - did the app generate a 12 or 13 digit machine ID? If not you need to download and install the WMI core available from the Microsoft website.
Assuming you do have a machine ID, make sure you follow the proper procedure - copy & paste the machine ID into the top Frame 2 textbox, this will automatically generate a registration key which will appear in the bottom Frame 2 textbox. Then copy & paste the registration key into the top Frame 3 textbox & click the register button - the app should then register.
If you have had problems I suggest you start from scratch - the app creates a settings.ini file in the app directory - delete this file & then run the app again. It will generate a new machine ID & should go fine from there.
(If this comment was disrespectful, please report it.)
|
10/11/2003 11:11:59 PM:
first of all thanks for mail.
Yes it works now after deleting the previous entry in .ini file
thanks again
Asif
samcosoft@yahoo.com
(If this comment was disrespectful, please report it.)
|
10/15/2003 1:18:14 PM: Schwartz
To make it a little more hard to crack you need to put a Detection for the Smart Check and SoftIce software from NUMEGA. 'cause they can broke it easily.
(If this comment was disrespectful, please report it.)
|
10/21/2003 11:25:38 PM:
Your source code is very good.
5 globe from me
(If this comment was disrespectful, please report it.)
|
10/31/2003 12:20:48 PM:
Nice work. Its biggest drawback is its reliance on WMI. Would be nice if someone combined this app with Paul Caton's brilliant CPU work. This way it could be distributed across all windows versions without worry.
(If this comment was disrespectful, please report it.)
|
11/16/2003 7:34:36 AM: Lam Ri Hui
congratulation Steve, you are the contest winner of the month October!
(If this comment was disrespectful, please report it.)
|
11/18/2003 5:14:51 AM: MOB
Thanks For the Code ill use it if you dont mind
(If this comment was disrespectful, please report it.)
|
11/18/2003 5:39:46 AM:
That's a great job. five dots from me.
The below process is done on a single Machine under XP professional
1. Generated a Machine ID and Registration key and registered the software.
2. unregistered the software.
3. renamed settings.ini in application folder
4. generated second Machine ID and registration key, but in register app textbox i pasted firstly generated registeration key. Copying it from renamed-settings.ini in the format used by the software (Machine ID=2 and register key =1). the software registered sucessfully.
In short i wanted to know whether register keys generated on a machine can be reused with different machine id's on the same machine.
if possible please reply through email, khaja_hameeduddin@rediffmail.com or hameedshoaib@yahoo.com
thanks
Hameed
(If this comment was disrespectful, please report it.)
|
11/21/2003 8:31:17 PM:
Method I'm using is to have a php script compare the records from my online shop with the registration key the user output. This way if the client has more than one machine the machine ID is recorded (meaning if the user want to use it on more than one machine they just login to my site and add the computer ID, thus illiminating the need for further checks, and enabling me to keep an eye on things.)
Please note though that the user would have to be on the internet for this check. I usually make a timer to check for internet connection and then post when there is one. But to get the app they need to go online and let the program generate a keyfile.
(If this comment was disrespectful, please report it.)
|
11/21/2003 11:18:04 PM: Ken
This code will fail if it returns a negitive...
(If this comment was disrespectful, please report it.)
|
11/23/2003 5:44:30 AM: Ron Parker
i think this is the sort of encryption thats used in Windows XP serial keys n stuff , isnt it ?? but this is genius stuff.. esp. in VB !
yeah, u could add double encryption to this , like, u cud make ur own encryption thing to encrypt the encrypted result from the hardware stuff !!!!
did that make any sense ?
(If this comment was disrespectful, please report it.)
|
11/28/2003 11:02:00 AM:
(If this comment was disrespectful, please report it.)
|
11/29/2003 9:55:00 AM:
hi ,
i got an error :S
a runtime error
vb pointed out that this part is wrong :S
Set SWbemSet(i) = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf(Split(varObjectToId(i ), ",")(0))
runtime error : -2147217394 (8004100e)
automation error
(If this comment was disrespectful, please report it.)
|
12/10/2003 4:34:51 PM:
Negative MachineID results in bad math. I don't know what caused my MachineId to be negative but the math seems to fail when this happens.
(If this comment was disrespectful, please report it.)
|
12/11/2003 6:58:27 AM:
Hello Paul,
I am trying to develop an application in vb, like as its exe gets copied to another location, it should stroe information in itself... is it possible to do something like this...
regards
scienty
mail : scienty77@yahoo.co.uk
(If this comment was disrespectful, please report it.)
|
12/14/2003 7:44:32 PM:
Have you considered getting the id of the hd (not the partion id, but the hardware one created by the manufacturer)?
http://www.codeguru.com/system/DiskId32.shtml
(If this comment was disrespectful, please report it.)
|
12/18/2003 4:31:37 PM: Soorya
hi,
i am using win2000 and still i don't have wmi comp. it seems... it is not running.... why?
(If this comment was disrespectful, please report it.)
|
12/25/2003 1:54:34 PM: Michael Barnathan
I have no real use for anything like this at the moment, but it is still an impressive example of how to generate a strong key for registration, etc. 5 globes from me.
(If this appears more than once, I apologize - PSC is giving me some login trouble)
(If this comment was disrespectful, please report it.)
|
12/27/2003 3:05:36 AM: HyperHacker
Looks good, but of course there's the obvious problems of having to reregister every time you make a hardware change, and having to grab a new serial for every computer you put it on. Not too big a problem though, since one could just make a simple machine ID generator app and have the customer run it on each computer and send back the numbers for serials, and upgrades aren't that common (especially in commercial settings where you have 400 of the exact same computer).
(If this comment was disrespectful, please report it.)
|
12/30/2003 3:15:21 AM:
Thanks for your previous mail.
I have run the compiled version (exe) on me and it the following error message. INVALID USE OF NULL. the settings.ini file is also not created on the machine, then the program terminates.
khaja_hameeduddin@rediffmail.com
hameedshoaib@yahoo.com
(If this comment was disrespectful, please report it.)
|
1/3/2004 7:37:39 AM: B.Cem HANER
Good job. Thak you *****
(If this comment was disrespectful, please report it.)
|
4/24/2004 11:02:37 AM:
5 stars, very good. However, what the problem is sometimes in some pc may cause negative serial number and could not generate the correct code.
Moreover, the serial ID could be different from time to time. I don't know why but need not to generate the code different for every time.
(If this comment was disrespectful, please report it.)
|
5/5/2004 11:37:06 PM:
hi steve,
i have tried your code in winXP, it works great! 5 dots from me..
but when i tried in win98 it result error like:
runtime error :
-2147217392 (80041010)
automation error
yes ofcourse i have installed the wmicore.exe on my win98.. but i still get that error.. why? please help...
(If this comment was disrespectful, please report it.)
|
5/22/2004 7:11:50 AM:
this source code is not running in win 98, its giving an error while runniing, please tell us how we can do this type of validation in win 98
(If this comment was disrespectful, please report it.)
|
5/22/2004 7:15:06 AM:
this source code is not running in win
98, its giving an error while runniing,
please tell us how we can do this type
of validation in win 98
(If this comment was disrespectful, please report it.)
|
7/8/2004 10:59:20 AM:
THIS WAS GR8
(If this comment was disrespectful, please report it.)
|
10/26/2004 10:42:26 PM: Brian Payne
BEAUTIFUL, But ....
I mean, 5 globes for excellent coding and implementation of other pscode projects...
HOWEVER - Would it not be best to write a simple C++ DLL that read the memory addresses of the Motherboard's BIOS, to get CPUID, MAC, etc ?
*** The problem is relying on WMI. If the target system does not have WMI installed, the EXE will not even execute...
Or am I wrong ?
(If this comment was disrespectful, please report it.)
|
2/23/2005 3:52:13 PM:
I need a web enabled registration method. I distribute my executable from a web page. It would be great if the customer could enter their customer name and machine key into a registration web page. Do you support this.
Thanks,
David Martin
(If this comment was disrespectful, please report it.)
|
3/14/2005 5:11:56 AM:
Very Goood :-)
(If this comment was disrespectful, please report it.)
|
10/11/2005 7:38:11 PM: Yoga_Raj
Adding unbreakable encryption as to Blowfish or Twofish hence this progranm will be very good for a VB version
(If this comment was disrespectful, please report it.)
|
4/21/2006 3:29:05 AM: Nishad
Its Wonderfull. Thanks Mr. Steve. Its working very nice, Expecting more gr8 works from you! wish u all success...
(If this comment was disrespectful, please report it.)
|
12/21/2007 7:16:35 PM: Jonas P. Roter
Can you identify if the obtained MAC address comes from a VIRTUAL machine (where a fake MAC address can be manually fixed) ?
(If this comment was disrespectful, please report it.)
|
7/13/2008 7:16:46 PM: YOUSEFDIET
if thier is 10 stars i will give it
verrrrry gooooood thanks
(If this comment was disrespectful, please report it.)
|
5/20/2009 12:44:34 AM: Edward
This demo will not validate the Reg Key it produced. Using XPPro SP2. What am I missing?
(If this comment was disrespectful, please report it.)
|
5/20/2009 1:04:01 AM: Edward
Disregard last post. A fresh unzip fixed it. Its terrific.
(If this comment was disrespectful, please report it.)
|
10/6/2009 8:56:46 AM: Yuvraj Kumar
Stewe, its giving an error "Invalid Use of Null, Runtime Error '94'
(If this comment was disrespectful, please report it.)
|
11/9/2009 12:12:56 AM: marexblue
@Edward
try to delete the file settings.ini to obtain an new machine id...
(If this comment was disrespectful, please report it.)
|
3/7/2010 7:54:14 AM: AsiaPardaz
Very Good !
(If this comment was disrespectful, please report it.)
|
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
To post feedback, first please login.
|
