SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict nimasdj's Avatar
    Join Date
    Dec 2007
    Posts
    314
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    testing license key

    I created a license key file for my product, i wrote a math formula to encode/decode it now i want to make sure if it is scure. Is here someone to try to decofe it tgat i make sure thhat my users cannot break the license?

  2. #2
    SitePoint Addict nimasdj's Avatar
    Join Date
    Dec 2007
    Posts
    314
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Below is a license key I made. It contains an array of license info such as domain, ip etc. can someone try to decode it that I see if it is secure or not?
    Hints: the domain for this key is: yyy.com

    VG5kT2FVdEVOamxFVVhwNVJDTkladVpTNzkvc281M01iYUQ2UnpHZ0ZPR09vNDJoWmExRFJ2TDB0R3NiWFgzTGFHR2I3ZWRIMTZFckJycHlKdmN4WHdyNGpIY2JOdkFJTDREQ3FDMm41K1p0RjBGQjlGT3duYVk0OFV0V2NJYTh0YzNkR1ZZUUNFQVl0V0N0cU4zVW1RRWM0eXZmMFFuSWl0Q3pHRnYwQ2NMdWlTYVRQQUx3MjdJNHRmM1hoNVI1alpXZUh6Y2xIYWU5SjBDQTY3NURwcVRNeHQzUDJ0R2pmWm90a3pob3F5K3JGeDRkSFNIOE1EZUpoVFRITDNOTXA1ekg2WGJQZlVLVW8wdFJmNUhFUmFReGpUM1RLTlRDUHJ4MlE1TDE2SGcwTWNXWkI3S3RwQ0djaXgrd0YramtRMUJIQ01Wb0h3RjdJQ3BFT2owOFpJRk9Hd1pFUGZjS2thQitJdE9iT1hYZy9YZ3Ewb1p4VFovOHVIWlF0cmIwOElaS2FENGQzYjYrdDg1czFGcHZQZDNTWDRoOXphRHZJYTNKNnRzRlZablFWYXErQndDOXNmSlRFbktWY0hTUmtoNjFZVmFLNGtUaisrMDRpN1JhTzl3Q1NxVUtXbU9EdXUyMi9RPT0=

  3. #3
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    5,234
    Mentioned
    154 Post(s)
    Tagged
    0 Thread(s)
    Okay, so I'm curious, so the first thing I did was run base64_decode (twice), which leaves me with a much more complex message that looks to use mcrypt or something similar.

    Am I on the right track thus far? If you are using mcrypt, it is just likely a matter of brute forcing until I get the right combination of CIPHER type and mode used (assuming yyy.com is the key).

    Edit:

    As an aside, I am assuming your product is installed on remote hosts, so there would be some source code available to see how the key is being utilized. It would be nice to see some of that so I can properly identify how easy it is to infer some of the remaining components

  4. #4
    SitePoint Addict nimasdj's Avatar
    Join Date
    Dec 2007
    Posts
    314
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another hint: No, mcrypt is NOT used. I am not interested to use mcrypt because may be my end-user don't have it installed. I am not sure if it is widely installed on each and every server. so probably a problem for end-user.
    No, yyy.com is not the key to encode this license. This is the domain that the product would be locked on with this license.

  5. #5
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,198
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    I am sorry to break your bubble, but a custom made algorithm for a license key is not really as secure, as you might believe.

    Depending on how you implement it, there will be several ways to avoid it, or even break it.

    In most cases you would be better off using either Zend Guard or IonCube if it is PHP, if it is another language a similar encryption system if any exists.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •