Jump to content
Tuts 4 You

maybe you can help me


X-88

Recommended Posts

Posted

does anyone have a tutorial for making protection a software verification using php, vbscript or java script?.

e.g:

matching serial online.

The same thing is there in this forum? maybe should I know?

Posted

You mean sending HTTP requests from your app to your server, to a script to verify said codes?

For starters then, in your programming language look at sending requests to pages and parsing responses.

Posted (edited)

something like that, Application will send SerialNumber to the engine java script / php and corrects a valid or invalid serial is submitted into the script, if the serial is valid then will send back a message to the application (serial is submitted that the application is appropriate /valid and make permanent configuration), otherwise it will block the application

Edited by X-88
Posted

Need to know what language you are using.

Posted

Need to know what language you are using.

I hope if there is source code written using Delphi and PHP :)

Posted (edited)

http://stackoverflow...ing-wininet-api

Synapse seems to be most likely what you need in Delphi.

For C/C++, things like CURL and crap exist. And for .NET, its features are quite adequate for XML parsing and HTTP requests.

Edited by mudlord
Posted (edited)

probably are too simple, I tried looking on google but did not know the term :D

think about what keywords are associated with this??

Edited by X-88
Posted

I can help you write some simple php... planning to use a plain php + mysql ?

Posted (edited)

I can help you write some simple php... planning to use a plain php + mysql ?

yupz, not too complicated but it can run properly, and that is certainly easy to learn :)

or would that what you think?

NB: sorry if too often I edit, probably exactly like checking the serial number is a software that made ​​a large software company.

Edited by X-88
Posted

quite easy to learn indeed, but you should do some trick with that serial (for example returning a decryption constant that decrypts the serial to a name in order to verify)

pm me if you need help with the php, although there are many good examples on the net

greetz

Posted (edited)

Client side: using libcurl to POST or GET its md5 to server and retrieve header from server, you can download library from here:

http://curl.haxx.se/download.html

Server side: using php to verify the md5 and use header function to send header with verified info to client app.

Edited by alaphate
Posted (edited)

This is what i'm using in one of my apps :


<?PHP
$licid = $_GET['licid']; // you can also use a $_POST instead$db = mysql_connect('localhost','<mysqluser>','<mysqlpass>');
mysql_select_db('<mydsl licdatabase>',$db);
$query = "select * from licenses where licid = '" . $licid . "'";$result = mysql_query($query,$db);
if (mysql_num_rows($result) == 0) {
mysql_free_result($result);
echo "LICUNKNOWN";
} else {
echo "LICOK";
}
?>

the php script will return "LICUNKOWN" or "LICOK" as response depending if the lic is ok or not..

also.. try to encrypt verification url in your code aswell... so it will a least be more difficult to find the validation stuff...

instead of :


url = 'http://myserver.com/validate.php?md5='

make something like (DES triple)


url = '83f82345f173298f6614f2af67103d2c948188e2cf059e04615841a3cc52cbfb67df554fed5ae9bd'

and decrypt it back to plaintext url just before you need it...

Just a suggestion :)

Edited by DE!
  • Like 1
Posted (edited)

@DE!: Your script looks good, but anyone with a little php skill and knowledge of the hosts file will be able to circumvent your protection easily

This script will mark all serials as ok (on server base):

<?php
echo 'LICOK';
?>

Better idea is to store actually needed data in the serial, for which a decryption key/part of a key will be sent by the server....

Greetings

Another gud idea is to check the user agent, in this way you can disable the whole script for regular browser users

Edit: another snippet for the user agent


if($_SERVER['HTTP_USER_AGENT']!="PasteSync") //Normal browser
{
$real_error=mysql_error();
$error_msg = "<font color='red'><b>MySQL Error:</b> $real_error</font>";
echo "<title>PasteSync</title><link rel=\"shortcut icon\" href=\"./pastesync.ico\"/>";
echo $error_msg;
}
else //My android app I created this for
{
echo "Server error...";
}
Edited by Mr. eXoDia
  • Like 1
Posted

Might I say that you guys should pay more attention to security.. SQL injections everywhere..

  • Like 2
Posted (edited)

Interesting... is there maybe a quick way to protect ourselves? Im not really familiar with stuff like that actually

Edit: mysql_real_escape_string() seems to do the job mostly...

Edited by Mr. eXoDia
Posted

Might I say that you guys should pay more attention to security.. SQL injections everywhere..

The script was just a quick example... You should indeed escape the 'licid' to avoid sql injection.. your 'licid' can also be RC5 encrypted and could be some concatenation of a hwid and a registrationame or simular ... so it would be more difficult to guess values...

@Mr. eXoDia

True, a simple script that returns 'LICOK' would also pass the validation.. But as said.. this was only a sample script... you could play with encryption based on session id's, use different kinds of validation at diffirent times .. do a validation after 5 mins, not only on startup and so on....

DE

Posted (edited)

ok, suppose I agree with your opinion, but if the user name and the password is different, will it works properly?.

hmm..., sorry, I'm not using my computer so I have not had time to try it.

Edited by X-88
Posted (edited)

ok everyone, thank you for taking the time.

This is what I mean, but checking the password in php not so perfect as I expected

<PHP Code>


<?
///////////////////////
// Created By : X-88 //
// Sep, 11, 2012. //
///////////////////////
echo "<title>.: X-88-X :.</title>";
//----------: [begin] :---------------------------------------------------------------------------------------------->
$ma = array("Oops, Error!...", //0 ~ 1
"ASFDZ-NDF6J", //1 ~ 2
"ZXCVB-N8T4F", //2 ~ 3
"SDOG4-VHJP2", //3 ~ 4
"M297K-FBKX6", //4 ~ 5
"B78X9-G01XT", //5 ~ 6
"F5H9J-GML7S", //6 ~ 7
"WKJZN-8M5F1", //7 ~ 8
"5THKO-9DWLJ", //8 ~ 9
"JR67H-FVN8H", //9 ~ 10
"JFO5P-4DVC2"); //10 ~ 11
//----------------: [begin CSN] :------------------------------------------------------------------------------------>
{
if ($un == '' or $sn == '')
{
print '<center>
<b>Oops Error...
<br>
Input Empty!!!...</b>
</center>';
}
else
{
if ($sn == $ma[strlen($un)])
{
print '<center>
License Valid, Thank You!!!...
</center>
<hr size="1" color="#FF0000">
<center>
Status : Registered.
</center>
<hr size="1" color="#FF0000">';
//---------: [begin By : [url="http://php.about.com]"]http://php.about.com][/url] :------>
$fp="c:\Data.ini";
$hf = fopen($fp, 'w');
$sd = "Serial Number=$sn";
fwrite($hf, $sd);
fclose($hf);
//---------: [end By : [url="http://php.about.com]"]http://php.about.com][/url] :------>
}
else
{
print '<center>
License Invalid, Please Try Again!!!...
</center>
<hr size="1" color="#FF0000">
<center>
Status : Unregistered.
</center>
<hr size="1" color="#FF0000">';
//----------------: [end CSN] :-------------------------------------------------------------------------------------->
}
}
}
?>

<Delphi Code>


unit Unit1;interfaceuses
Windows, SysUtils, Controls, Forms, Dialogs, StdCtrls, ShellApi, Classes,
ExtCtrls;type
TForm1 = class(TForm)
E1: TEdit;
E2: TEdit;
B1: TButton;
L1: TLabel;
L2: TLabel;
B2: TButton;
T1: TTimer;
L3: TLabel;
procedure B3Click(Sender: TObject);
procedure B2Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure E2Click(Sender: TObject);
procedure E1Click(Sender: TObject);
procedure E1MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure E2MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
procedure FormShow(Sender: TObject);
procedure T1Timer(Sender: TObject);
private
{ Simple Password Verifier }
procedure WCS(Sender: TObject);
procedure TCS(Sender: TObject);
procedure PCS(Sender: TObject);
public
{ By : X-88. 9, 11, 2012}
end;var
Form1: TForm1;
PL : String = 'C:\Data.ini';implementation{$R *.dfm}procedure TForm1.WCS(Sender: TObject);
begin
Form1.Caption := 'X-88 Trial';
Application.Title := 'X-88 Trial';
B1.Visible := true;
L1.Visible := true;
L2.Visible := true;
E1.Visible := true;
E2.Visible := true;
end;procedure TForm1.TCS(Sender: TObject);
begin
Form1.Caption := 'X-88 Registered';
Application.Title := 'X-88 Registered';
B1.Visible := false;
L1.Visible := false;
L2.Visible := false;
E1.Visible := false;
E2.Visible := false;
end;procedure TForm1.PCS(Sender: TObject);
var
SS : String;
SLC : TStringList;
const
MA : array [0..10] of string = ('Oops, Error!...',
'ASFDZ-NDF6J',
'ZXCVB-N8T4F',
'SDOG4-VHJP2',
'M297K-FBKX6',
'B78X9-G01XT',
'F5H9J-GML7S',
'WKJZN-8M5F1',
'5THKO-9DWLJ',
'JR67H-FVN8H',
'JFO5P-4DVC2');
begin
if not FileExists(PL) then
begin
Exit
end
else
begin
SLC := TStringList.Create;
SLC.LoadFromFile(PL);
SS := Copy(SLC.Strings[0], 15, Length(SLC.Strings[0]));
if (SS <> MA[1]) and
(SS <> MA[2]) and
(SS <> MA[3]) and
(SS <> MA[4]) and
(SS <> MA[5]) and
(SS <> MA[6]) and
(SS <> MA[7]) and
(SS <> MA[8]) and
(SS <> MA[9]) and
(SS <> MA[10]) then
begin
WCS(Self);
end
else
begin
TCS(Self);
end;
SLC.Free;
end;end;procedure TForm1.B3Click(Sender: TObject);
var
AC : array[0..255] of char;
begin
if (Length(E1.Text) < 1) or
(E1.Text = '') or
(E1.Text = ' ') or
(E1.Text = 'Name') or
(E2.Text = '') or
(E2.Text = ' ') or
(Length(E2.Text) < 1) or
(E2.Text = 'Serial') then
begin
ShowMessage('~~~~~~~~~~~~~~~~~~~'+#13#10+
'Oops, Input Denied!...'+#13#10+
'Min : 1'+#13#10+
'Max : 10'+#13#10+
'i <= 0 or i > 10 = Denied'+#13#10+
'~~~~~~~~~~~~~~~~~~~');
Exit
end
else
begin
ShellExecute(0, 'open', StrPCopy(AC, '[url="http://127.0.0.1/index.php?un=%27+E1.Text+%27&sn=%27+E2.Text"]http://127.0.0.1/ind...n=' E2.Text[/url]), nil, nil, SW_Show);
//----------------------: [Internal Internet Browser] :------------------------------------------>
// WebBrowser1.Navigate('[url="http://127.0.0.1/index.php?un=User_Name&sn=Serial_Number"]http://127.0.0.1/ind...n=Serial_Number[/url]');
// or
// WebBrowser1.Navigate('[url="http://localhost/index.php?un=User_Name&sn=Serial_Number"]http://localhost/ind...n=Serial_Number[/url]');
// Thx to : Ignatio N, [Submiter] ---> [url="http://localhost/index.php?un=By&sn=Ignatio"]http://localhost/ind...n=By&sn=Ignatio[/url]' <---
end;
T1.Enabled := true;
L3.Visible := true;
end;
// Reset All-------------------------------------------------------------------->
procedure TForm1.B2Click(Sender: TObject);
begin
T1.Tag := 0;
T1.Enabled := false;
L3.Visible := false;
B1.Visible := true;
L1.Visible := true;
L2.Visible := true;
E1.Visible := true;
E2.Visible := true;
E1.Text := 'Name';
E2.Text := 'Serial';
Form1.Caption := 'X-88 Trial';
Application.Title := 'X-88 Trial';
if not FileExists(PL) then
Exit
else
DeleteFile(PL);
end;procedure TForm1.FormCreate(Sender: TObject);
begin
E1.MaxLength := 10;
E2.MaxLength := 25;
Application.HintColor := $00FF00;
Application.Title := 'X-88 Trial';
end;procedure TForm1.E2Click(Sender: TObject);
begin
if E2.Text = 'Serial' then
E2.Clear
else
Exit;
end;procedure TForm1.E1Click(Sender: TObject);
begin
if E1.Text = 'Name' then
E1.Clear
else
Exit;
end;procedure TForm1.E1MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
begin
E1.Hint := 'Length : '+IntToStr(Length(E1.Text))+' of 10';
end;procedure TForm1.E2MouseMove(Sender: TObject; Shift: TShiftState; X,
Y: Integer);
begin
E2.Hint := 'Length : '+IntToStr(Length(E2.Text))+' of 25';
end;
// Init & Check Password
procedure TForm1.FormShow(Sender: TObject);
begin
PCS(Self);
end;procedure TForm1.T1Timer(Sender: TObject);
begin
T1.Tag := T1.Tag + 1;
L3.Caption := 'Checking Status = '+IntToStr(T1.Tag * 10)+'%';
if T1.Tag = 10 then
begin
T1.Tag := 0;
T1.Enabled := false;
PCS(Self);
L3.Visible := false;
end;end;end.

Download

MH : Media Fire

FS : 219KB

Inc Example.exe + Source Code[Delphi & PHP].

Edited by X-88

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...