xwinterx Posted July 27, 2008 Share Posted July 27, 2008 I did some au3, PHP, MySQL examples a long long time ago how to get info from a database. Anyhow, here is the same thing but you can use it to validate software licenses within your script. This is a VERY simple example. First here is the code for the function: expandcollapse popupFunc validate($iLicense) Local $o_IE Dim $html_text ; Create IE obect $o_IE = ObjCreate("Shell.Explorer.2") ; Create Validation GUI GuiCreate("Licensing", 300, 45,-1, -1) ; Create IE object in the GUI GUICtrlCreateObj($o_IE, 0, 0, 1, 1) ; Load Validation URL into object $o_IE.navigate2($page & "?ilicense=" & $iLicense) ; Wait for IE Object to load page While $o_IE.Busy Sleep(10) WEnd ; Split HTML source return by "~" $html_text = StringSplit($o_IE.document.body.innerHTML, "~") ; Fire notification if stringsplit failed due to page not loading. If @error Then MsgBox(4096, "Error", "Cannot connect to page!") Exit EndIf ; Delete GUI since we are no longer using it. GUIDelete() ; Check for return by PHP page If $html_text[2] = "yes" Then return 1 Else return 0 EndIf EndFuncoÝ÷ ØÚ0¶®±¨jëh×6; Address of webpage, must be globaled in main script Global $page = "www.webiste.com/path/to/check.php" ; Check for valid code, if not then exit if validate("enter-code-here") = 0 then Exit Not sure how you want to store your code, whether you'd recompile the au3 with a different code for each customer or what, but how ever you do it, you'd pass it to the validate() function. Now on to the PHP page. Link to comment Share on other sites More sharing options...
xwinterx Posted July 27, 2008 Author Share Posted July 27, 2008 I assume you have some knowledge of MySQL or enough of it to get your database set up and configured. You can create your database and import this sql dump to make your tables: CREATE TABLE `customers` ( `id` int(11) NOT NULL auto_increment, `license` varchar(15) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=5; Next create a new file named check.php and put the following code in it: <? ob_start(); // DB Info define('DB_HOST', 'localhost'); define('DB_USER', 'username'); define('DB_PASSWORD', 'password'); define('DATABASE', 'database'); // Connect to DB $conn = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD) or die("~no~"); $db = mysql_select_db(DATABASE) or die("~no~"); ?> <html> <head> <title>Untitled</title> </head> <body> <? // Queries table for "ilicense" passed through url $query = mysql_query("SELECT * FROM customers WHERE license= '" . $_REQUEST['ilicense'] . "'") or die("~no~"); // Validates affiliate licensed release if (mysql_num_rows($query) == 0) { echo "~no~"; } else { echo "~yes~"; } // Closes Database Connection mysql_close($connection); ?> </body> </html> You will need to put in your own username, password, and database depending on what you have created during setup. Now just go through and add some codes to your database using your db administration portal. Link to comment Share on other sites More sharing options...
Xand3r Posted July 27, 2008 Share Posted July 27, 2008 and if someone manages to change the content of the $page variable with a page of their own where it says yes no matter what then .. the validation is worhless:D Only two things are infinite, the universe and human stupidity, and i'm not sure about the former -Alber EinsteinPractice makes perfect! but nobody's perfect so why practice at all?http://forum.ambrozie.ro Link to comment Share on other sites More sharing options...
James Posted July 27, 2008 Share Posted July 27, 2008 and if someone manages to change the content of the $page variable with a page of their own where it says yes no matter what then .. the validation is worhless:DWell you would only use it in a compiled EXE. Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
xwinterx Posted July 27, 2008 Author Share Posted July 27, 2008 Well you would only use it in a compiled EXE.yup! that is why I said you most likely recompile with a new code for each customer. Link to comment Share on other sites More sharing options...
James Posted July 27, 2008 Share Posted July 27, 2008 (edited) Anyway of adding an email to it? I would like to check for email and license code. I'm just thinking about ways of storing the information. Edit: Maybe a table like this? ID|EMail|License|Amount|Active Hmm.. I have no idea, how to make a program portable yet licensed. Edited July 27, 2008 by JamesBrooks Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
xwinterx Posted July 27, 2008 Author Share Posted July 27, 2008 (edited) Anyway of adding an email to it? I would like to check for email and license code. I'm just thinking about ways of storing the information. Edit: Maybe a table like this? ID|EMail|License|Amount|Active Hmm.. I have no idea, how to make a program portable yet licensed. yeah, it actually really easy. Just modify the au3 function to accept additional data (ie codes and stuff) then pass them additionally to your php page. you'd have to add them to your database and modify the php script, but it is really easy. this was just a simple example. if you like, PM me with what you are looking for and I can help you out. don't want to drag alot of code out but gimme a little and I will try to do something here too to get you pointed in the right direction. I chose the php method so you wouldnt have to install the ODBC connector software on every machine that would run the program. edit: As far as storing the info, there use to be a script here that would modify the hex headers of a compiled EXE to make it less likely for someone to decompile with the cracked decompiler that had been running around for an older version. I have toyed with an idea but really have no where to start. I believe it is possible that you can make a script that would let you enter all the data you want, encrypt it and store it in the hex code of the target compiled EXE. you could have your script access the hex code, decrypt it and pass it to your validation script. it would take some playing with, I'd imagine, but I am sure there are tons of gurus here that could come up with that. Or you could just insert the data into your script for each customer and re-compile. The later is easiest. heh. Edited July 27, 2008 by xwinterx Link to comment Share on other sites More sharing options...
spyrorocks Posted July 28, 2008 Share Posted July 28, 2008 In theory, one could set up a local proxy and have it return false info for that URL, or even add a hosts file exception. Its a good idea, just easily bypassible. [center] My Projects: Online AutoIt Compiler - AutoForum - AutoGuestbook - AutoIt Web-based Auto Installer - Pure AutoIt Zipping Functions - ConfuseGen - MindReader - P2PChat[/center] Link to comment Share on other sites More sharing options...
Gigglestick Posted July 28, 2008 Share Posted July 28, 2008 Maybe it would be better to do something like using MD5, or hitting the PHP with SSL, or letting the license be stored in an INI file or the registry and create a hash of it to send to the PHP script, expecting a predetermined code based on the license key itself or something. I'm curious how this is handled by larger companies that want to protect their software. How does Windows Activation work (though that might possibly be a worst-case scenario of how to do such a thing)? My UDFs: ExitCodes Link to comment Share on other sites More sharing options...
xwinterx Posted July 28, 2008 Author Share Posted July 28, 2008 I wouldn't say it is easily bypassible. Even if you set up your own local proxy and all that stuff, you'd have to know what info to pass back to the script. I use my own encryption and store the serial, email and other info into the registry then read upon that to check. You can even have your own activation/registration script. So when someone buys your stuff, they get the program and a serial. when they run the program, it asks them to register it since it doesnt find the info in the registry. so they enter all their info with the serial. You can have a function that sends the info to another php script which verifies that the serial number exists in your database (of course you enter serial numbers into the database as you issue them) then it fills in all their info. Link to comment Share on other sites More sharing options...
JRSmile Posted July 29, 2008 Share Posted July 29, 2008 just set up a local xampp installation and add the url of the check page to your hosts file routed to 127.0.0.1 ... create the specified folder structure and decompile the autoit source with some bad tools around, to see what the tool needs to know to be validated, this ca even be done by a wrapper.au3 which will then be released as keygen or crack for this... as usual... $a=StringSplit("547275737420796F757220546563686E6F6C75737421","") For $b=1 To UBound($a)+(-1*-1*-1)step(2^4/8);&$b+=1*2/40*µ&Asc(4) Assign("c",Eval("c")&Chr(Dec($a[$b]&$a[$b+1])));''Chr("a")&"HI" Next ;time_U&r34d,ths,U-may=get$the&c.l.u.e;b3st-regards,JRSmile; MsgBox(0x000000,"",Eval("c"));PiEs:d0nt+*b3.s4d.4ft3r.1st-try:-) Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted July 29, 2008 Share Posted July 29, 2008 I like this idea.. There must be a double check in it with multiple retry otherwise the program will not work when there is no connection established. Futher you need to mention the license check in an Eula to respect the privacy rights of the person who bought it. Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
jokke Posted July 29, 2008 Share Posted July 29, 2008 (edited) Look into MySQL ODBC connection, connect then to the database with a view only user and check licence. With security, where "proccesssor.id=xxx-xxx-xxx" can only check licence every few minutes to not get brute forced. If no processor.id is sent to server client is not allowed to preform the search. Edited July 29, 2008 by jokke UDF:Crypter a file encrypt / decrypt tool with no need to remember a password again. Based on Caesar cipher using entire ASCII Table.Script's: PixelSearch Helper, quick and simple way to create a PixelSeach.Chatserver - simplified, not so complicated multi-socket server.AutoIT - Firewall, simple example on howto create a firewall with AutoIt. Link to comment Share on other sites More sharing options...
CoePSX Posted July 29, 2008 Share Posted July 29, 2008 Adding some encryption would fix the proxy/hosts workaround. [quote name='Valik' post='301213' date='Jan 31 2007, 10:36 PM']You seem to have a habit of putting things in the wrong place. I feel sorry for any female you attempt to have sex with.[/quote][font="Lucida Sans Unicode"]╔══════════════════════════════╗║░░██░░░░░░░░██░░███░░░████░░░█║║░█░░█░░██░░█░░█░█░░█░█░░░░█░█░║║░█░░░░█░░█░████░███░░░██░░░█░░║║░█░░█░█░░█░█░░░░█░░░░░░░█░█░█░║║░░██░░░██░░░██░░█░░░░███░█░░░█║╚══════════════════════════════╝[/font] Link to comment Share on other sites More sharing options...
xwinterx Posted July 29, 2008 Author Share Posted July 29, 2008 Look into MySQL ODBC connection, connect then to the database with a view only user and check licence.but this would require the MySQL ODBC driver to be installed on the computers running the program. you can surely do it that way too, no harm in it, but this is a pretty simple idea is all.and yes, if you got a tool to decompile the code, you could just set up your own server and know what to return to it, or you could just take the code out and recompile. not saying this is unhackable, just giving an example. you can use any data to validate whether it is a combo of unique id's as a result of a processor id, window key, mac address combo or whatever. the possibilities are only limited by your imagination and coding abilities. Link to comment Share on other sites More sharing options...
ken82m Posted May 21, 2009 Share Posted May 21, 2009 I'm gonna try playing with this.I found a free php/mysql web hoster if anyone's interested http://www.zymic.com/free-web-hosting/5gig's of bandwith a month. "I believe that when we leave a place, part of it goes with us and part of us remains... Go anywhere, when it is quiet, and just listen.. After a while, you will hear the echoes of all our conversations, every thought and word we've exchanged.... Long after we are gone our voices will linger in these walls for as long as this place remains." Link to comment Share on other sites More sharing options...
Cynagen Posted May 22, 2009 Share Posted May 22, 2009 (edited) I've actually thought about this before myself, and I've even done it before with other PHP scripts that you could get from me, but had to 'purchase' (request for private usage, never got a commercial customer) a license to use. I was thinking of doing something like this in AutoIt, but 2 things are really preventing this from going forward. Firstly, that hacked decompiler (bane of existence), and secondly, plain text returns can be spoofed by the many ways already listed here. Frankly, you need some kind of encryption to secure the transaction back from the license server, which isn't nessicarily a bad thing, but it's a bad thing in terms of that decompiler, as then whoever would know exactly what kind of encryption you're using. Either communications (SSL), or some type of plain-text encryption (which is easily broken). Don't get me wrong, this is a step forward, but it's not onto solid ground, not yet at least. I already have an encryption method written up, completely custom, but it's completely exposed in the script, so a quick decompile, and whoop, there goes the secret. It really wouldn't matter what you used at this point, simply because of that decompiler. Now I'll definitely be working on ideas that ignore the decompiler problem. Edited May 22, 2009 by Cynagen Blah, blah, blah... lip service... lip service.Working on a number of projects right now, just waiting for my time to post them here on AutoIt forums. Link to comment Share on other sites More sharing options...
tottalk2003 Posted April 19, 2015 Share Posted April 19, 2015 just set up a local xampp installation and add the url of the check page to your hosts file routed to 127.0.0.1 ... create the specified folder structure and decompile the autoit source with some bad tools around, to see what the tool needs to know to be validated, this ca even be done by a wrapper.au3 which will then be released as keygen or crack for this... as usual... hi dear i have php application run on xampp with mysql database id like your idea but i cant procceed can you guide me step by step with screen shot if possibal to excute this idea on my application i know the first step 1- create database 2- import tables + new table for customers( CREATE TABLE `customers` ( `id` int(11) NOT NULL auto_increment, `license` varchar(15) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=5; 3- ??? 4- ??? 5-??? please complete your steps with details if possible and as per information i need to add client processor id to let applicaton work on one pc only Link to comment Share on other sites More sharing options...
tottalk2003 Posted April 19, 2015 Share Posted April 19, 2015 just set up a local xampp installation and add the url of the check page to your hosts file routed to 127.0.0.1 ... create the specified folder structure and decompile the autoit source with some bad tools around, to see what the tool needs to know to be validated, this ca even be done by a wrapper.au3 which will then be released as keygen or crack for this... as usual... hi dear i have php application run on xampp with mysql database id like your idea but i cant procceed can you guide me step by step with screen shot if possibal to excute this idea on my application i know the first step 1- create database 2- import tables + new table for customers( CREATE TABLE `customers` ( `id` int(11) NOT NULL auto_increment, `license` varchar(15) NOT NULL default '', PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=5; 3- ??? 4- ??? 5-??? please complete your steps with details if possible and as per information i need to add client processor id to let applicaton work on one pc only appriciate your help Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now