InFected Posted July 19, 2011 Posted July 19, 2011 Well, since I distribute some of my autoit applications on a small scale for real $, my programs could be used on any computer. Therefore one person could buy it and then send to their friends or try to sell it themselves.. I researched a key code option but not only could I not find one, but I didn't need something so complicated. I then asked here how to bind an application to a computer and recieved no help... So, I found a simple way to do this. If there is a better solution, please tell me. But this works for my needs quite well.. What this does is... On first run it sets a .INI file hidden in your @AppData directory with your Computer Name on it. It then verifies that the file exists and the Computer Names match before it will run. How I managed to make it only do this on first run is I created another autoit executable that writes the INI file, and once it is written that executable is deleted. If the person who binded the program to their computer sends it to someone else, and they run it, it will give a MsgBox that says you need to buy the program. If they send it and somehow find the .INI file, then it would still not work due to differentiating Computer Names. Since I have had trouble before when people post plain scripts without the info on how to use it I will tell you exactly what to do. On the script you want paste this code at the beggining $directory = @AppDataDir & "\tll315.mni" ; directory of the .ini file If FileExists("ignore.exe") Then ; the file that writes the .ini file, can change to whatever you like RunWait ( "ignore.exe" ) ; run the sleep(100) FileDelete ( "ignore.exe" ) ; Deletes the file EndIf If Not FileExists ( $directory ) Then MsgBox ( 0, "Title", "You have not bought this script.") Else Checkname() EndIf Func Checkname() $ininame = IniRead ( $directory, "section", "key", "default") $Compname = @ComputerName if $ininame = $Compname Then ; Nothing, continues on to your script Else MsgBox ( 0, "Faggot", "You are trying to redistribute my programs") ; Whatever you want, this only appears if there is an .ini file with wrong name. EndIf EndFunc ; Your script here And the ignore.exe should be this.. $PcName = @ComputerName ; gets computer name $directory = @AppDataDir & "\tll315.mni" ;the directory you want .ini file in FileSetAttrib($directory, "-hr") ; hides the .ini file IniWrite($directory, "Section", "Key", $PcName); writes ini file to directory exit 0 ; exits I hope you enjoy. This is really simple. If you have a better idea for this please post. Also, to make it look like there is some sort of license key on the program.. Add this to beggining of script. $keycode = 01921820129 ; any code you want $inputcode = InputBox ( "License Key", "What is the license key?") if $inputcode = $keycode then ;nothing, continue script else MsgBox ( 0, "Error", "Incorrect License Key") exit 0
twitchyliquid64 Posted July 19, 2011 Posted July 19, 2011 I would use the serial number of the main drive of the computer instead. It's a lot harder to change or spoof, though the API call can be spoofed. The only change you would need to make is $compname = drivegetserial( @homedrive) Or something like that. ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
taietel Posted July 19, 2011 Posted July 19, 2011 (edited) What if a client makes a copy of the program before he runs it?[edit] typo Edited July 19, 2011 by taietel Things you should know first...In the beginning there was only ONE! And zero... Progs: Create PDF(TXT2PDF,IMG2PDF) 3D Bar Graph DeskGadget Menu INI Photo Mosaic 3D Text
twitchyliquid64 Posted July 19, 2011 Posted July 19, 2011 I agree. Online services and validation are probably more secure. ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
haiishq Posted July 19, 2011 Posted July 19, 2011 What if a client makes a copy of the program before he runs it? [edit] typo i agree, i really think it does not secure the program at all, and if its not hardware serial based or only single registeration of generated serial for the program such as online detection then on the first run any one can check for the changes in files and registy and replicate the changes into another computer, very easy to fool this concept what i have done in past it, have a keygen and a program, program will generate computer id and they will have to get back with you for the serial and that serial will only be used on that computer based on the computer id
InFected Posted July 20, 2011 Author Posted July 20, 2011 Yes, I know this isn't very secure and isn't for commercial use but for a small scale it should do fine, especiall when people don't know how the program binds itself to computer or even if it does. You can also hide the program in a fake 'addon' folder for your script. It is easy to fool the average computer user. Also this could be used in conjunction with serial keys etc. This would be good for a small scale distribution, say to your friends or to a few people for a couple $. They run it once with no malicious content, use it.. Then one of their friends asks them for it, they give them the program, and when they try to run it it would not work. Just a very simple idea that works for me that I decided to post to help fellow users in need.
BillLuvsU Posted July 20, 2011 Posted July 20, 2011 You should really encrypt the ini file contents... it's just one extra line and it would makea large difference. If your customer just had a common process watcher going he would instantly know what was going on and would just have to copy\paste another computer name in there. [center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw
twitchyliquid64 Posted July 20, 2011 Posted July 20, 2011 You should really encrypt the ini file contents... it's just one extra line and it would makea large difference. If your customer just had a common process watcher going he would instantly know what was going on and would just have to copy\paste another computer name in there.Then what would you use as the key to the encryption? ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
Chimaera Posted July 20, 2011 Posted July 20, 2011 (edited) what about a download server for the program that downloads it + a hidden ini file that it downloads as well and copies into the system. Without the hidden .ini file then no go? So basically if it hasn't come from your server then no way is it going to have the .ini Just a thought Chim Edit Or do a little prefetch thing like Microsoft do and hide the ini transfer in it Admittedly it wont confuse a hardened cracker as he will be in a sandbox and be monitoring all the movements, but for day to day stuff should be ok Edited July 20, 2011 by Chimaera If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()
LurchMan Posted July 21, 2011 Posted July 21, 2011 (edited) As a way for the small scale this might work a little better (in my mind I think it is anyways): #include <string.au3> $DS = _StringEncrypt(1, DriveGetSerial (@HomeDrive), "pass", 1) $SN = _StringEncrypt (1, _StringReverse($DS), "pass", 1) ConsoleWrite($SN & @CRLF) ConsoleWrite($DS & @CRLF) ConsoleWrite(@CRLF) $SN_DEC = _StringReverse(_StringEncrypt (0, $SN, "pass", 1)) ConsoleWrite($SN_DEC & @CRLF) ConsoleWrite($DS & @CRLF) If $SN_DEC = $DS Then $bTest = True ConsoleWrite(@CRLF) ConsoleWrite("SN Test Results: " & $bTest & @CRLF) You could use this and just write the $SN variable somewhere in the registry to check against. This way it kind of hides it and and is a little more complex. Edit: Spelling Edited July 21, 2011 by LurchMan Dating a girl is just like writing software. Everything's going to work just fine in the testing lab (dating), but as soon as you have contract with a customer (marriage), then your program (life) is going to be facing new situations you never expected. You'll be forced to patch the code (admit you're wrong) and then the code (wife) will just end up all bloated and unmaintainable in the end.
twitchyliquid64 Posted July 23, 2011 Posted July 23, 2011 Also, there is a unique identifier called the HWID in windows, and this is significantly harder to spoof. Could you use this? ongoing projects:-firestorm: Largescale P2P Social NetworkCompleted Autoit Programs/Scripts: Variable Pickler | Networked Streaming Audio (in pure autoIT) | firenet p2p web messenger | Proxy Checker | Dynamic Execute() Code Generator | P2P UDF | Graph Theory Proof of Concept - Breadth First search
Chimaera Posted July 23, 2011 Posted July 23, 2011 (edited) Xprotect from Valuater has this function within it i believe #include <string.au3> MsgBox(64, "", _HWID()) Func _HWID() $osdrive = StringLeft(@SystemDir, 3) $original = "0"&@CPUArch & @KBLayout & DriveGetSerial("C:\") & StringUpper(DriveGetType($osdrive)) & DriveSpaceTotal ($osdrive) $string2 = StringMid($original, Round(StringLen($original)/2), Round(StringLen($original)/2)) $string2_mod = _StringToHex(_StringReverse($string2)) $original = _StringEncrypt(1, $original, $string2_mod, 4) Return $original EndFunc Or I tried this and it creates a seriously long number Chimaera Edited July 23, 2011 by Chimaera If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()
Anteaus Posted July 24, 2011 Posted July 24, 2011 Also worth bearing in mind that this could make you very unpopular if a need arises to rename computers. It should also be borne in mind that renaming a computer is a permissible action; the site admin who does so is breaking no rules. Protecting your work is one thing, losing a valued customer over what is seen as booby-trapping is another, though. My advice would be to release under the GPL, or whatever free licence you prefer. Most sites want support on software, and will pay you for providing support anyway. If you make it clear that use on more than x computers at once is a usage violation which nullifies the support contract, then they will likely abide by that.
nullschritt Posted December 14, 2012 Posted December 14, 2012 (edited) It would be wise to use the md5 hash function to hash the HWID after generated, to shorten it for comparison/storage. I am the original writer of this function, (i forgot my password to my old account lol), and as such I can say, this is not a perfect system, for example, if the user has more than one hard drive it can change the HWID, if they install their os on a different drive. This can be fixed by enumerating all drives for their info, if I decide to update it, I'll post the optimized function in example scripts. Nice to see people use this though (: Edited December 14, 2012 by nullschritt
nullschritt Posted December 14, 2012 Posted December 14, 2012 (edited) Also worth bearing in mind that this could make you very unpopular if a need arises to rename computers. It should also be borne in mind that renaming a computer is a permissible action; the site admin who does so is breaking no rules.Protecting your work is one thing, losing a valued customer over what is seen as booby-trapping is another, though.My advice would be to release under the GPL, or whatever free licence you prefer. Most sites want support on software, and will pay you for providing support anyway. If you make it clear that use on more than x computers at once is a usage violation which nullifies the support contract, then they will likely abide by that.This uses only hardware info, no OS config, so that it will generate the same HWID even if the pc is wiped/reset.Edit:(realized you were talking about OP, sorry lol) anyways:Fixed and posted result here: Edited December 14, 2012 by nullschritt
PhoenixXL Posted December 14, 2012 Posted December 14, 2012 (edited) Could TryMake an Installer of the program which would be distributed to the public,The Installer would check the Manufacturer Id of the Computer and send it to the webserverandthen download the Executable which runs only on that specific Computer[The access to the web server would of course be password-protected] Edited December 14, 2012 by PhoenixXL My code: PredictText: Predict Text of an Edit Control Like Scite. Remote Gmail: Execute your Scripts through Gmail. StringRegExp:Share and learn RegExp.Run As System: A command line wrapper around PSEXEC.exe to execute your apps scripts as System (LSA). Database: An easier approach for _SQ_LITE beginners. MathsEx: A UDF for Fractions and LCM, GCF/HCF. FloatingText: An UDF for make your text floating. Clipboard Extendor: A clipboard monitoring tool. Custom ScrollBar: Scroll Bar made with GDI+, user can use bitmaps instead. RestrictEdit_SRE: Restrict text in an Edit Control through a Regular Expression.
nullschritt Posted December 14, 2012 Posted December 14, 2012 Could Try Make an Installer of the program which would be distributed to the public, The Installer would check the Manufacturer Id of the Computer and send it to the webserver and then download the Executable which runs only on that specific Computer [The access to the web server would of course be password-protected] I use it with a php authentication that disables the product activation status if pirating/sharing is detected. (example more then 4 hwid changes, or more than 10 ip changes, or any lesser combination of both.)
TheSaint Posted December 14, 2012 Posted December 14, 2012 Good of you all to resurrect this topic, but obviously you missed a more recent similar one Make sure brain is in gear before opening mouth! Remember, what is not said, can be just as important as what is said. Spoiler What is the Secret Key? Life is like a Donut If I put effort into communication, I expect you to read properly & fully, or just not comment. Ignoring those who try to divert conversation with irrelevancies. If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it. I'm only big and bad, to those who have an over-active imagination. I may have the Artistic Liesense to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)
nullschritt Posted December 14, 2012 Posted December 14, 2012 Good of you all to resurrect this topic, but obviously you missed a more recent similar one Perhaps, but that thread does not initially display a requirement for such a function, originally it appears to just support locally locking a program with a serial key, rather than verifying the hardware against the central server. It did not show up when I searched "HWID" lol.
TheSaint Posted December 14, 2012 Posted December 14, 2012 True, not initially ... though eventually the WinAPI call is mentioned, which certainly bears looking into and should give quite an acceptable solution. Make sure brain is in gear before opening mouth! Remember, what is not said, can be just as important as what is said. Spoiler What is the Secret Key? Life is like a Donut If I put effort into communication, I expect you to read properly & fully, or just not comment. Ignoring those who try to divert conversation with irrelevancies. If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it. I'm only big and bad, to those who have an over-active imagination. I may have the Artistic Liesense to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now