X-88 Posted September 2, 2012 Share Posted September 2, 2012 does anyone have a tutorial for making protection a software verification using php, vbscript or java script?.e.g:matching serial online.The same thing is there in this forum? maybe should I know? Link to comment
mudlord Posted September 2, 2012 Share Posted September 2, 2012 You mean sending HTTP requests from your app to your server, to a script to verify said codes?For starters then, in your programming language look at sending requests to pages and parsing responses. Link to comment
X-88 Posted September 2, 2012 Author Share Posted September 2, 2012 (edited) something like that, Application will send SerialNumber to the engine java script / php and corrects a valid or invalid serial is submitted into the script, if the serial is valid then will send back a message to the application (serial is submitted that the application is appropriate /valid and make permanent configuration), otherwise it will block the application Edited September 2, 2012 by X-88 Link to comment
mudlord Posted September 2, 2012 Share Posted September 2, 2012 Need to know what language you are using. Link to comment
X-88 Posted September 2, 2012 Author Share Posted September 2, 2012 Need to know what language you are using. I hope if there is source code written using Delphi and PHP Link to comment
mudlord Posted September 2, 2012 Share Posted September 2, 2012 (edited) http://stackoverflow...ing-wininet-apiSynapse seems to be most likely what you need in Delphi.For C/C++, things like CURL and crap exist. And for .NET, its features are quite adequate for XML parsing and HTTP requests. Edited September 2, 2012 by mudlord Link to comment
X-88 Posted September 2, 2012 Author Share Posted September 2, 2012 http://stackoverflow...ing-wininet-api Synapse seems to be most likely what you need in Delphi. For C/C++, things like CURL and crap exist. And for .NET, its features are quite adequate for XML parsing and HTTP requests. thx u, I'm going to get there Link to comment
X-88 Posted September 2, 2012 Author Share Posted September 2, 2012 (edited) probably are too simple, I tried looking on google but did not know the term think about what keywords are associated with this?? Edited September 2, 2012 by X-88 Link to comment
mrexodia Posted September 2, 2012 Share Posted September 2, 2012 I can help you write some simple php... planning to use a plain php + mysql ? Link to comment
X-88 Posted September 2, 2012 Author Share Posted September 2, 2012 (edited) I can help you write some simple php... planning to use a plain php + mysql ? yupz, not too complicated but it can run properly, and that is certainly easy to learn or would that what you think? NB: sorry if too often I edit, probably exactly like checking the serial number is a software that made ​​a large software company. Edited September 2, 2012 by X-88 Link to comment
mrexodia Posted September 2, 2012 Share Posted September 2, 2012 quite easy to learn indeed, but you should do some trick with that serial (for example returning a decryption constant that decrypts the serial to a name in order to verify)pm me if you need help with the php, although there are many good examples on the netgreetz Link to comment
alaphate Posted September 2, 2012 Share Posted September 2, 2012 (edited) Client side: using libcurl to POST or GET its md5 to server and retrieve header from server, you can download library from here:http://curl.haxx.se/download.htmlServer side: using php to verify the md5 and use header function to send header with verified info to client app. Edited September 2, 2012 by alaphate Link to comment
DE! Posted September 4, 2012 Share Posted September 4, 2012 (edited) This is what i'm using in one of my apps : <?PHP$licid = $_GET['licid']; // you can also use a $_POST instead$db = mysql_connect('localhost','<mysqluser>','<mysqlpass>');mysql_select_db('<mydsl licdatabase>',$db);$query = "select * from licenses where licid = '" . $licid . "'";$result = mysql_query($query,$db);if (mysql_num_rows($result) == 0) { mysql_free_result($result); echo "LICUNKNOWN";} else { echo "LICOK"; }?> the php script will return "LICUNKOWN" or "LICOK" as response depending if the lic is ok or not.. also.. try to encrypt verification url in your code aswell... so it will a least be more difficult to find the validation stuff... instead of : url = 'http://myserver.com/validate.php?md5=' make something like (DES triple) url = '83f82345f173298f6614f2af67103d2c948188e2cf059e04615841a3cc52cbfb67df554fed5ae9bd' and decrypt it back to plaintext url just before you need it... Just a suggestion Edited September 4, 2012 by DE! 1 Link to comment
mrexodia Posted September 4, 2012 Share Posted September 4, 2012 (edited) @DE!: Your script looks good, but anyone with a little php skill and knowledge of the hosts file will be able to circumvent your protection easilyThis script will mark all serials as ok (on server base):<?phpecho 'LICOK';?>Better idea is to store actually needed data in the serial, for which a decryption key/part of a key will be sent by the server....GreetingsAnother gud idea is to check the user agent, in this way you can disable the whole script for regular browser usersEdit: another snippet for the user agentif($_SERVER['HTTP_USER_AGENT']!="PasteSync") //Normal browser{ $real_error=mysql_error(); $error_msg = "<font color='red'><b>MySQL Error:</b> $real_error</font>"; echo "<title>PasteSync</title><link rel=\"shortcut icon\" href=\"./pastesync.ico\"/>"; echo $error_msg;}else //My android app I created this for{ echo "Server error...";} Edited September 4, 2012 by Mr. eXoDia 1 Link to comment
quosego Posted September 5, 2012 Share Posted September 5, 2012 Might I say that you guys should pay more attention to security.. SQL injections everywhere.. 2 Link to comment
mrexodia Posted September 5, 2012 Share Posted September 5, 2012 (edited) Interesting... is there maybe a quick way to protect ourselves? Im not really familiar with stuff like that actuallyEdit: mysql_real_escape_string() seems to do the job mostly... Edited September 5, 2012 by Mr. eXoDia Link to comment
DE! Posted September 5, 2012 Share Posted September 5, 2012 Might I say that you guys should pay more attention to security.. SQL injections everywhere..The script was just a quick example... You should indeed escape the 'licid' to avoid sql injection.. your 'licid' can also be RC5 encrypted and could be some concatenation of a hwid and a registrationame or simular ... so it would be more difficult to guess values... @Mr. eXoDiaTrue, a simple script that returns 'LICOK' would also pass the validation.. But as said.. this was only a sample script... you could play with encryption based on session id's, use different kinds of validation at diffirent times .. do a validation after 5 mins, not only on startup and so on....DE Link to comment
X-88 Posted September 9, 2012 Author Share Posted September 9, 2012 (edited) ok, suppose I agree with your opinion, but if the user name and the password is different, will it works properly?.hmm..., sorry, I'm not using my computer so I have not had time to try it. Edited September 9, 2012 by X-88 Link to comment
X-88 Posted September 15, 2012 Author Share Posted September 15, 2012 (edited) ok everyone, thank you for taking the time.This is what I mean, but checking the password in php not so perfect as I expected<PHP Code><?///////////////////////// Created By : X-88 //// Sep, 11, 2012. /////////////////////////echo "<title>.: X-88-X :.</title>";//----------: [begin] :---------------------------------------------------------------------------------------------->$ma = array("Oops, Error!...", //0 ~ 1 "ASFDZ-NDF6J", //1 ~ 2 "ZXCVB-N8T4F", //2 ~ 3 "SDOG4-VHJP2", //3 ~ 4 "M297K-FBKX6", //4 ~ 5 "B78X9-G01XT", //5 ~ 6 "F5H9J-GML7S", //6 ~ 7 "WKJZN-8M5F1", //7 ~ 8 "5THKO-9DWLJ", //8 ~ 9 "JR67H-FVN8H", //9 ~ 10 "JFO5P-4DVC2"); //10 ~ 11//----------------: [begin CSN] :------------------------------------------------------------------------------------>{if ($un == '' or $sn == ''){ print '<center> <b>Oops Error... <br> Input Empty!!!...</b> </center>';}else{ if ($sn == $ma[strlen($un)]){print '<center> License Valid, Thank You!!!... </center> <hr size="1" color="#FF0000"> <center> Status : Registered. </center> <hr size="1" color="#FF0000">';//---------: [begin By : [url="http://php.about.com]"]http://php.about.com][/url] :------> $fp="c:\Data.ini";$hf = fopen($fp, 'w');$sd = "Serial Number=$sn";fwrite($hf, $sd);fclose($hf);//---------: [end By : [url="http://php.about.com]"]http://php.about.com][/url] :------>}else{print '<center> License Invalid, Please Try Again!!!... </center> <hr size="1" color="#FF0000"> <center> Status : Unregistered. </center> <hr size="1" color="#FF0000">';//----------------: [end CSN] :-------------------------------------------------------------------------------------->}}}?><Delphi Code>unit Unit1;interfaceusesWindows, SysUtils, Controls, Forms, Dialogs, StdCtrls, ShellApi, Classes,ExtCtrls;typeTForm1 = class(TForm) E1: TEdit; E2: TEdit; B1: TButton; L1: TLabel; L2: TLabel; B2: TButton; T1: TTimer; L3: TLabel; procedure B3Click(Sender: TObject); procedure B2Click(Sender: TObject); procedure FormCreate(Sender: TObject); procedure E2Click(Sender: TObject); procedure E1Click(Sender: TObject); procedure E1MouseMove(Sender: TObject; Shift: TShiftState; X, Y: Integer); procedure E2MouseMove(Sender: TObject; Shift: TShiftState; X, Y: Integer); procedure FormShow(Sender: TObject); procedure T1Timer(Sender: TObject);private { Simple Password Verifier } procedure WCS(Sender: TObject); procedure TCS(Sender: TObject); procedure PCS(Sender: TObject);public { By : X-88. 9, 11, 2012}end;varForm1: TForm1;PL : String = 'C:\Data.ini';implementation{$R *.dfm}procedure TForm1.WCS(Sender: TObject);beginForm1.Caption := 'X-88 Trial';Application.Title := 'X-88 Trial';B1.Visible := true;L1.Visible := true;L2.Visible := true;E1.Visible := true;E2.Visible := true;end;procedure TForm1.TCS(Sender: TObject);beginForm1.Caption := 'X-88 Registered';Application.Title := 'X-88 Registered';B1.Visible := false;L1.Visible := false;L2.Visible := false;E1.Visible := false;E2.Visible := false;end;procedure TForm1.PCS(Sender: TObject);varSS : String;SLC : TStringList;constMA : array [0..10] of string = ('Oops, Error!...', 'ASFDZ-NDF6J', 'ZXCVB-N8T4F', 'SDOG4-VHJP2', 'M297K-FBKX6', 'B78X9-G01XT', 'F5H9J-GML7S', 'WKJZN-8M5F1', '5THKO-9DWLJ', 'JR67H-FVN8H', 'JFO5P-4DVC2');beginif not FileExists(PL) thenbeginExitendelsebeginSLC := TStringList.Create;SLC.LoadFromFile(PL);SS := Copy(SLC.Strings[0], 15, Length(SLC.Strings[0]));if (SS <> MA[1]) and(SS <> MA[2]) and(SS <> MA[3]) and(SS <> MA[4]) and(SS <> MA[5]) and(SS <> MA[6]) and(SS <> MA[7]) and(SS <> MA[8]) and(SS <> MA[9]) and(SS <> MA[10]) thenbeginWCS(Self);endelsebeginTCS(Self);end;SLC.Free;end;end;procedure TForm1.B3Click(Sender: TObject);varAC : array[0..255] of char;beginif (Length(E1.Text) < 1) or(E1.Text = '') or(E1.Text = ' ') or(E1.Text = 'Name') or(E2.Text = '') or(E2.Text = ' ') or(Length(E2.Text) < 1) or(E2.Text = 'Serial') thenbeginShowMessage('~~~~~~~~~~~~~~~~~~~'+#13#10+ 'Oops, Input Denied!...'+#13#10+ 'Min : 1'+#13#10+ 'Max : 10'+#13#10+ 'i <= 0 or i > 10 = Denied'+#13#10+ '~~~~~~~~~~~~~~~~~~~');ExitendelsebeginShellExecute(0, 'open', StrPCopy(AC, '[url="http://127.0.0.1/index.php?un=%27+E1.Text+%27&sn=%27+E2.Text"]http://127.0.0.1/ind...n=' E2.Text[/url]), nil, nil, SW_Show);//----------------------: [Internal Internet Browser] :------------------------------------------>// WebBrowser1.Navigate('[url="http://127.0.0.1/index.php?un=User_Name&sn=Serial_Number"]http://127.0.0.1/ind...n=Serial_Number[/url]');// or// WebBrowser1.Navigate('[url="http://localhost/index.php?un=User_Name&sn=Serial_Number"]http://localhost/ind...n=Serial_Number[/url]');// Thx to : Ignatio N, [Submiter] ---> [url="http://localhost/index.php?un=By&sn=Ignatio"]http://localhost/ind...n=By&sn=Ignatio[/url]' <---end;T1.Enabled := true;L3.Visible := true;end;// Reset All-------------------------------------------------------------------->procedure TForm1.B2Click(Sender: TObject);beginT1.Tag := 0;T1.Enabled := false;L3.Visible := false;B1.Visible := true;L1.Visible := true;L2.Visible := true;E1.Visible := true;E2.Visible := true;E1.Text := 'Name';E2.Text := 'Serial';Form1.Caption := 'X-88 Trial';Application.Title := 'X-88 Trial';if not FileExists(PL) thenExitelseDeleteFile(PL);end;procedure TForm1.FormCreate(Sender: TObject);beginE1.MaxLength := 10;E2.MaxLength := 25;Application.HintColor := $00FF00;Application.Title := 'X-88 Trial';end;procedure TForm1.E2Click(Sender: TObject);beginif E2.Text = 'Serial' thenE2.ClearelseExit;end;procedure TForm1.E1Click(Sender: TObject);beginif E1.Text = 'Name' thenE1.ClearelseExit;end;procedure TForm1.E1MouseMove(Sender: TObject; Shift: TShiftState; X,Y: Integer);beginE1.Hint := 'Length : '+IntToStr(Length(E1.Text))+' of 10';end;procedure TForm1.E2MouseMove(Sender: TObject; Shift: TShiftState; X,Y: Integer);beginE2.Hint := 'Length : '+IntToStr(Length(E2.Text))+' of 25';end;// Init & Check Passwordprocedure TForm1.FormShow(Sender: TObject);beginPCS(Self);end;procedure TForm1.T1Timer(Sender: TObject);beginT1.Tag := T1.Tag + 1;L3.Caption := 'Checking Status = '+IntToStr(T1.Tag * 10)+'%';if T1.Tag = 10 thenbeginT1.Tag := 0;T1.Enabled := false;PCS(Self);L3.Visible := false;end;end;end.DownloadMH : Media FireFS : 219KBInc Example.exe + Source Code[Delphi & PHP]. Edited September 15, 2012 by X-88 Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now