I can tell you what we do. We use the exceptional Magenta Systems component from
http://www.magsys.co.uk/delphi/magwmi.asp For the unique machine key we use the Windows Key, Hard Drive Serial No and BIOS Manu name. Some people like to use the computer name and/or the MAC addresses for a machine. We don't use the BIOS version since it changes on some machines from firmware patches. The second part of our check is a random check buried in a thread mid code that CRCs the EXE. This helps prevent code patching. A third check is performed randomly in another part of the code that essentially tests the license validation function for a sure fire failure. If it returns successful, we know someone has tampered with the executable assembler while it is running. ----- Original Message ----- From: "Robert Meek" <[email protected]> To: "Delphi-Talk" <[email protected]> Sent: Wednesday, May 20, 2009 12:16 PM Subject: Using license files for my own app Morning all, Sorry I wasn't able to participate over this last week, but my oldest daughter Rachael, graduated this Saturday from the University of Pennsylvania with a Masters degree in economics and international finance and a place on the Dean's list! I can't even begin to say how proud I am of her and this accomplishment, which because of her growing up in this cultural wasteland of Schuylkill Cty., where teen pregnancy and drug abuse top the list of "things to do", was twice as hard as it should have been! So I was quite busy driving the 100 + miles back and forth between here, her job at Vanguard in Philly where she's been managing self-insurance accounts from around the world, to the University, and back again, trying to help get everything ready for the ceremonies and other events. It made me realize just how much I missed my own college days, and how great it would still be if I even lived close to a college town! At least there would be interesting people around to talk to! So I've decided to make use of an encrypted license file for an app I'm finishing up for an old client, and currently the way I've set it up is to encrypt each string of the file separately first...with each string containing data provided by the registering owner combined first with data I provide about the app itself. Then the entire file is encrypted and provided to the Registered own for automatic inclusion in the install directory. For both the individual strings and the File itself, I use a set of "keys" hidden within the app's code itself, as part of other strings. The app's security procedures finds and separates them for use in reading, decrypting, and comparing the License File data to that which the app also re-validates within the security processes. My questions are these: Years ago we had a lot of discussion here on how to handle such things as application and shareware registration techniques so that registration and app integrity could be maintained and verified as necessary, and one of the more frustrating things everyone seemed to agree on was the simple fact that there were no "good" ways to introduce an individual property like a string that could be used during security checks. Something that was guaranteed to always be available to ones validation code and that was also unique to each system the app might be installed on. And I believe the one and only way to make absolutely sure of this at the time was by using expensive solutions such as HASPs...an impractical concept for most of us. Lately I began checking out ways of dealing with this problem differently and began looking for data strings unique to every installed copy of a particular OS. Even taking my search as far as to the BIOS data! For some reason I started taking a look at Product ID's and Hardware profile info I'd checked out long ago, along with methods of retrieving such read-only info at runtime. Consequently, preliminary testing has provided me with some interesting information and a possible solution to this problem. First, the Operating system's own Product ID does not appear to be the generic string repeated on millions of copies of Vista, and distributed around the world as I had thought it would be! And it also appears that the Hardware Profile GUID, also a string, may also be just as unique. If they truly are, these could easily be combined as needed with each other and/or the Registered owner/Username info to create an ID string that would make such security problems simply disappear! Using the JvComputerInfoEx freeware component available in most versions of the Jvcl, it's easy enough to assign these read-only string values to variables that could be employed as the base for all kinds of security methods. In talking to Microsoft about these particular strings, I was assured that they are "constructed" dynamically upon installation, from with the OS's own security methods, before being submitted to and saved by the company. And if this is true, I can easily solve all my needs via encrypted and recombinant versions of the same. BUT, before I will consider using these strings, I can't help but require more validation than a Microsoft phone tech in India can provide! <g> So what does anyone else think? Those running more than one copy of an OS...that is, more than one registered copy...can easily find out if they are indeed different, and possibly even how and why they are! Also I'll take the risk right here by providing these two strings as I find them in JvComputerInfoEx1.OS. + as the following property values: OSVersion wvWinVista, ProductName Windows Vista (TM) Ultimate, ProductType ptProfessional, ServicePackVersion 1, VersionBuild 6001, VersionCSDString Service Pack 1, VersionMajor 6, VersionMinor 0. As well as under: JvComputerInfo1.Misc.HardwareProfile.GUID. My ProductID = 89580-006-5738705-71882 My GUID = {0f694440-6a70-11db-8eb3-806e6f6e6963} If possible, and if the other property values above are exactly the same, please compare the ProductID and GUID strings listed here against your own. I don't need to know what your strings actually are...just if they match or not. Thanx in advance! from "Robert Meek" dba "Tangentals Design" Creative Concepts Programming for Windows Vista E-mail: [email protected] "...There no longer exists any communities...only special Interests." as remarked by one Photojournalist and Writer in relation to the infamous 'Mapplethorp trial' of Cinncinate. I'm happy to know why this is true and the protection it provides everyone from 1st amendment rights violations...escpecially those in L.A. and Seattle! As for New York, it's difficult to get worked up over a conglomerate of special interests such as it represents, when opposition to every one and every thing not their own has become its most apparent trait and appalling attribute! __________________________________________________ Delphi-Talk mailing list -> [email protected] http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-talk __________________________________________________ Delphi-Talk mailing list -> [email protected] http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-talk
