X-88 Posted September 2, 2012 Posted September 2, 2012 does anyone have a tutorial for making protection a software verification using php, vbscript or java script?.e.g:matching serial online.The same thing is there in this forum? maybe should I know?
mudlord Posted September 2, 2012 Posted September 2, 2012 You mean sending HTTP requests from your app to your server, to a script to verify said codes?For starters then, in your programming language look at sending requests to pages and parsing responses.
X-88 Posted September 2, 2012 Author Posted September 2, 2012 (edited) something like that, Application will send SerialNumber to the engine java script / php and corrects a valid or invalid serial is submitted into the script, if the serial is valid then will send back a message to the application (serial is submitted that the application is appropriate /valid and make permanent configuration), otherwise it will block the application Edited September 2, 2012 by X-88
X-88 Posted September 2, 2012 Author Posted September 2, 2012 Need to know what language you are using. I hope if there is source code written using Delphi and PHP
mudlord Posted September 2, 2012 Posted September 2, 2012 (edited) http://stackoverflow...ing-wininet-apiSynapse seems to be most likely what you need in Delphi.For C/C++, things like CURL and crap exist. And for .NET, its features are quite adequate for XML parsing and HTTP requests. Edited September 2, 2012 by mudlord
X-88 Posted September 2, 2012 Author Posted September 2, 2012 http://stackoverflow...ing-wininet-api Synapse seems to be most likely what you need in Delphi. For C/C++, things like CURL and crap exist. And for .NET, its features are quite adequate for XML parsing and HTTP requests. thx u, I'm going to get there
X-88 Posted September 2, 2012 Author Posted September 2, 2012 (edited) probably are too simple, I tried looking on google but did not know the term think about what keywords are associated with this?? Edited September 2, 2012 by X-88
mrexodia Posted September 2, 2012 Posted September 2, 2012 I can help you write some simple php... planning to use a plain php + mysql ?
X-88 Posted September 2, 2012 Author Posted September 2, 2012 (edited) I can help you write some simple php... planning to use a plain php + mysql ? yupz, not too complicated but it can run properly, and that is certainly easy to learn or would that what you think? NB: sorry if too often I edit, probably exactly like checking the serial number is a software that made ​​a large software company. Edited September 2, 2012 by X-88
mrexodia Posted September 2, 2012 Posted September 2, 2012 quite easy to learn indeed, but you should do some trick with that serial (for example returning a decryption constant that decrypts the serial to a name in order to verify)pm me if you need help with the php, although there are many good examples on the netgreetz
alaphate Posted September 2, 2012 Posted September 2, 2012 (edited) Client side: using libcurl to POST or GET its md5 to server and retrieve header from server, you can download library from here:http://curl.haxx.se/download.htmlServer side: using php to verify the md5 and use header function to send header with verified info to client app. Edited September 2, 2012 by alaphate
DE! Posted September 4, 2012 Posted September 4, 2012 (edited) This is what i'm using in one of my apps : <?PHP$licid = $_GET['licid']; // you can also use a $_POST instead$db = mysql_connect('localhost','<mysqluser>','<mysqlpass>');mysql_select_db('<mydsl licdatabase>',$db);$query = "select * from licenses where licid = '" . $licid . "'";$result = mysql_query($query,$db);if (mysql_num_rows($result) == 0) { mysql_free_result($result); echo "LICUNKNOWN";} else { echo "LICOK"; }?> the php script will return "LICUNKOWN" or "LICOK" as response depending if the lic is ok or not.. also.. try to encrypt verification url in your code aswell... so it will a least be more difficult to find the validation stuff... instead of : url = 'http://myserver.com/validate.php?md5=' make something like (DES triple) url = '83f82345f173298f6614f2af67103d2c948188e2cf059e04615841a3cc52cbfb67df554fed5ae9bd' and decrypt it back to plaintext url just before you need it... Just a suggestion Edited September 4, 2012 by DE! 1
mrexodia Posted September 4, 2012 Posted September 4, 2012 (edited) @DE!: Your script looks good, but anyone with a little php skill and knowledge of the hosts file will be able to circumvent your protection easilyThis script will mark all serials as ok (on server base):<?phpecho 'LICOK';?>Better idea is to store actually needed data in the serial, for which a decryption key/part of a key will be sent by the server....GreetingsAnother gud idea is to check the user agent, in this way you can disable the whole script for regular browser usersEdit: another snippet for the user agentif($_SERVER['HTTP_USER_AGENT']!="PasteSync") //Normal browser{ $real_error=mysql_error(); $error_msg = "<font color='red'><b>MySQL Error:</b> $real_error</font>"; echo "<title>PasteSync</title><link rel=\"shortcut icon\" href=\"./pastesync.ico\"/>"; echo $error_msg;}else //My android app I created this for{ echo "Server error...";} Edited September 4, 2012 by Mr. eXoDia 1
quosego Posted September 5, 2012 Posted September 5, 2012 Might I say that you guys should pay more attention to security.. SQL injections everywhere.. 2
mrexodia Posted September 5, 2012 Posted September 5, 2012 (edited) Interesting... is there maybe a quick way to protect ourselves? Im not really familiar with stuff like that actuallyEdit: mysql_real_escape_string() seems to do the job mostly... Edited September 5, 2012 by Mr. eXoDia
DE! Posted September 5, 2012 Posted September 5, 2012 Might I say that you guys should pay more attention to security.. SQL injections everywhere..The script was just a quick example... You should indeed escape the 'licid' to avoid sql injection.. your 'licid' can also be RC5 encrypted and could be some concatenation of a hwid and a registrationame or simular ... so it would be more difficult to guess values... @Mr. eXoDiaTrue, a simple script that returns 'LICOK' would also pass the validation.. But as said.. this was only a sample script... you could play with encryption based on session id's, use different kinds of validation at diffirent times .. do a validation after 5 mins, not only on startup and so on....DE
X-88 Posted September 9, 2012 Author Posted September 9, 2012 (edited) ok, suppose I agree with your opinion, but if the user name and the password is different, will it works properly?.hmm..., sorry, I'm not using my computer so I have not had time to try it. Edited September 9, 2012 by X-88
X-88 Posted September 15, 2012 Author Posted September 15, 2012 (edited) ok everyone, thank you for taking the time.This is what I mean, but checking the password in php not so perfect as I expected<PHP Code><?///////////////////////// Created By : X-88 //// Sep, 11, 2012. /////////////////////////echo "<title>.: X-88-X :.</title>";//----------: [begin] :---------------------------------------------------------------------------------------------->$ma = array("Oops, Error!...", //0 ~ 1 "ASFDZ-NDF6J", //1 ~ 2 "ZXCVB-N8T4F", //2 ~ 3 "SDOG4-VHJP2", //3 ~ 4 "M297K-FBKX6", //4 ~ 5 "B78X9-G01XT", //5 ~ 6 "F5H9J-GML7S", //6 ~ 7 "WKJZN-8M5F1", //7 ~ 8 "5THKO-9DWLJ", //8 ~ 9 "JR67H-FVN8H", //9 ~ 10 "JFO5P-4DVC2"); //10 ~ 11//----------------: [begin CSN] :------------------------------------------------------------------------------------>{if ($un == '' or $sn == ''){ print '<center> <b>Oops Error... <br> Input Empty!!!...</b> </center>';}else{ if ($sn == $ma[strlen($un)]){print '<center> License Valid, Thank You!!!... </center> <hr size="1" color="#FF0000"> <center> Status : Registered. </center> <hr size="1" color="#FF0000">';//---------: [begin By : [url="http://php.about.com]"]http://php.about.com][/url] :------> $fp="c:\Data.ini";$hf = fopen($fp, 'w');$sd = "Serial Number=$sn";fwrite($hf, $sd);fclose($hf);//---------: [end By : [url="http://php.about.com]"]http://php.about.com][/url] :------>}else{print '<center> License Invalid, Please Try Again!!!... </center> <hr size="1" color="#FF0000"> <center> Status : Unregistered. </center> <hr size="1" color="#FF0000">';//----------------: [end CSN] :-------------------------------------------------------------------------------------->}}}?><Delphi Code>unit Unit1;interfaceusesWindows, SysUtils, Controls, Forms, Dialogs, StdCtrls, ShellApi, Classes,ExtCtrls;typeTForm1 = class(TForm) E1: TEdit; E2: TEdit; B1: TButton; L1: TLabel; L2: TLabel; B2: TButton; T1: TTimer; L3: TLabel; procedure B3Click(Sender: TObject); procedure B2Click(Sender: TObject); procedure FormCreate(Sender: TObject); procedure E2Click(Sender: TObject); procedure E1Click(Sender: TObject); procedure E1MouseMove(Sender: TObject; Shift: TShiftState; X, Y: Integer); procedure E2MouseMove(Sender: TObject; Shift: TShiftState; X, Y: Integer); procedure FormShow(Sender: TObject); procedure T1Timer(Sender: TObject);private { Simple Password Verifier } procedure WCS(Sender: TObject); procedure TCS(Sender: TObject); procedure PCS(Sender: TObject);public { By : X-88. 9, 11, 2012}end;varForm1: TForm1;PL : String = 'C:\Data.ini';implementation{$R *.dfm}procedure TForm1.WCS(Sender: TObject);beginForm1.Caption := 'X-88 Trial';Application.Title := 'X-88 Trial';B1.Visible := true;L1.Visible := true;L2.Visible := true;E1.Visible := true;E2.Visible := true;end;procedure TForm1.TCS(Sender: TObject);beginForm1.Caption := 'X-88 Registered';Application.Title := 'X-88 Registered';B1.Visible := false;L1.Visible := false;L2.Visible := false;E1.Visible := false;E2.Visible := false;end;procedure TForm1.PCS(Sender: TObject);varSS : String;SLC : TStringList;constMA : array [0..10] of string = ('Oops, Error!...', 'ASFDZ-NDF6J', 'ZXCVB-N8T4F', 'SDOG4-VHJP2', 'M297K-FBKX6', 'B78X9-G01XT', 'F5H9J-GML7S', 'WKJZN-8M5F1', '5THKO-9DWLJ', 'JR67H-FVN8H', 'JFO5P-4DVC2');beginif not FileExists(PL) thenbeginExitendelsebeginSLC := TStringList.Create;SLC.LoadFromFile(PL);SS := Copy(SLC.Strings[0], 15, Length(SLC.Strings[0]));if (SS <> MA[1]) and(SS <> MA[2]) and(SS <> MA[3]) and(SS <> MA[4]) and(SS <> MA[5]) and(SS <> MA[6]) and(SS <> MA[7]) and(SS <> MA[8]) and(SS <> MA[9]) and(SS <> MA[10]) thenbeginWCS(Self);endelsebeginTCS(Self);end;SLC.Free;end;end;procedure TForm1.B3Click(Sender: TObject);varAC : array[0..255] of char;beginif (Length(E1.Text) < 1) or(E1.Text = '') or(E1.Text = ' ') or(E1.Text = 'Name') or(E2.Text = '') or(E2.Text = ' ') or(Length(E2.Text) < 1) or(E2.Text = 'Serial') thenbeginShowMessage('~~~~~~~~~~~~~~~~~~~'+#13#10+ 'Oops, Input Denied!...'+#13#10+ 'Min : 1'+#13#10+ 'Max : 10'+#13#10+ 'i <= 0 or i > 10 = Denied'+#13#10+ '~~~~~~~~~~~~~~~~~~~');ExitendelsebeginShellExecute(0, 'open', StrPCopy(AC, '[url="http://127.0.0.1/index.php?un=%27+E1.Text+%27&sn=%27+E2.Text"]http://127.0.0.1/ind...n=' E2.Text[/url]), nil, nil, SW_Show);//----------------------: [Internal Internet Browser] :------------------------------------------>// WebBrowser1.Navigate('[url="http://127.0.0.1/index.php?un=User_Name&sn=Serial_Number"]http://127.0.0.1/ind...n=Serial_Number[/url]');// or// WebBrowser1.Navigate('[url="http://localhost/index.php?un=User_Name&sn=Serial_Number"]http://localhost/ind...n=Serial_Number[/url]');// Thx to : Ignatio N, [Submiter] ---> [url="http://localhost/index.php?un=By&sn=Ignatio"]http://localhost/ind...n=By&sn=Ignatio[/url]' <---end;T1.Enabled := true;L3.Visible := true;end;// Reset All-------------------------------------------------------------------->procedure TForm1.B2Click(Sender: TObject);beginT1.Tag := 0;T1.Enabled := false;L3.Visible := false;B1.Visible := true;L1.Visible := true;L2.Visible := true;E1.Visible := true;E2.Visible := true;E1.Text := 'Name';E2.Text := 'Serial';Form1.Caption := 'X-88 Trial';Application.Title := 'X-88 Trial';if not FileExists(PL) thenExitelseDeleteFile(PL);end;procedure TForm1.FormCreate(Sender: TObject);beginE1.MaxLength := 10;E2.MaxLength := 25;Application.HintColor := $00FF00;Application.Title := 'X-88 Trial';end;procedure TForm1.E2Click(Sender: TObject);beginif E2.Text = 'Serial' thenE2.ClearelseExit;end;procedure TForm1.E1Click(Sender: TObject);beginif E1.Text = 'Name' thenE1.ClearelseExit;end;procedure TForm1.E1MouseMove(Sender: TObject; Shift: TShiftState; X,Y: Integer);beginE1.Hint := 'Length : '+IntToStr(Length(E1.Text))+' of 10';end;procedure TForm1.E2MouseMove(Sender: TObject; Shift: TShiftState; X,Y: Integer);beginE2.Hint := 'Length : '+IntToStr(Length(E2.Text))+' of 25';end;// Init & Check Passwordprocedure TForm1.FormShow(Sender: TObject);beginPCS(Self);end;procedure TForm1.T1Timer(Sender: TObject);beginT1.Tag := T1.Tag + 1;L3.Caption := 'Checking Status = '+IntToStr(T1.Tag * 10)+'%';if T1.Tag = 10 thenbeginT1.Tag := 0;T1.Enabled := false;PCS(Self);L3.Visible := false;end;end;end.DownloadMH : Media FireFS : 219KBInc Example.exe + Source Code[Delphi & PHP]. Edited September 15, 2012 by X-88
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now