help! building a program and have a doubt(several actually) :-(

[13ktuz]

In this program im making i need that the installation creates ways of puttting together a PC 'unique' number.

I'd say the build number of Windows, MAC address, and OS install time.

Technically i need ways that AutoIt can create a unique number based on hardware info and installation time, so that it can be protected! I'm also going to use an authentication server to make the installation more secure and "pirate-free".

I need to create a software 'platform' that will allow me to take someone's .exe file install it onto a PC in a way that protects the .exe file from being copied and installed on a non-authorized PC essentially. So during the install process the installer generates a unique reference number for the PC. The GUI will prompt for a licence key or serial from the installer. Upon doing this the installer needs to use public key cryptography to send this unique number to an authentication server on the internet that will check to see if that key has been used before, and if not send back authorization to proceed with the installation, the install will then write a unique .dll file (that the .exe checks every time it is started).(This final part i need to research more deeply into it, im just trying to explain how i'll do it).

I need a .exe file(the initial setup) that un-compacts to several parts and does the following:

-provides a GUI;

-Asks for the install path;

-copies the .exe file to the install path;

My doubt is: I have no idea how I should start writing the code on AutoIt to create the unique number for each PC based on PC info. Any help?

I'd very much appreciate all help i can get

Dinis

Edited August 6, 2012 by 13ktuz

[Mechaflash]

what's the doubt? I don't see a question anywhere in there. Believe me... I CTRL+F and typed '?' and it came back with nothing

[tes5884]

In this program im making i need that the installation creates ways of puttting together a PC 'unique' number.

I'd say the build number of Windows, MAC address, and OS install time.

Technically i need ways that AutoIt can create a unique number based on hardware info and installation time, so that it can be protected! I'm also going to use an authentication server to make the installation more secure and "pirate-free".

I need to create a software 'platform' that will allow me to take someone's .exe file install it onto a PC in a way that protects the .exe file from being copied and installed on a non-authorized PC essentially. So during the install process the installer generates a unique reference number for the PC. The GUI will prompt for a licence key or serial from the installer. Upon doing this the installer needs to use public key cryptography to send this unique number to an authentication server on the internet that will check to see if that key has been used before, and if not send back authorization to proceed with the installation, the install will then write a unique .dll file (that the .exe checks every time it is started).(This final part i need to research more deeply into it, im just trying to explain how i'll do it).

I need a .exe file(the initial setup) that un-compacts to several parts and does the following:

-provides a GUI;

-Asks for the install path;

-copies the .exe file to the install path;

My doubt is: I have no idea how I should start writing the code on AutoIt to create the unique number for each PC based on PC info. Any help?

I'd very much appreciate all help i can get

Dinis

Just a friendly suggestion, try asking that again in shorter form. I'm not really getting the question. Seems others are having the same issue

[13ktuz]

i edited it, the question is now there..

but ill explain here in a easier way, I need an autoIt code that will create a unique "serial" during the installation of my program for each PC based on the PC info so that the program doesn't get pirated/used on other PC's. Is it clear enough or you guys need more detail?

Edited August 6, 2012 by 13ktuz

[JohnOne]

WinAPIEx UDF <- example scripts

_WinAPI_UniqueHardwareID

[Mechaflash]

Your original post is a description of a project you're working on. Your edit is a broad request...

Any help?

This little part however:

I have no idea how I should start writing the code on AutoIt to create the unique number for each PC based on PC info.

is a question that can be asked to obtain help on a precise part of your project... which is what you want to do.

And the answer is...

by the way you want to perform the authentication (authenticating to a server), your autoit program isn't what's going to build your authentication key. That will come from the server. The user will send a request/purchase the key, you generate the key on the server, store it in the server database, send the code to the user, they enter the code, the program sends that code to your server to authenticate, and then you activate the program.

there's a bunch of details in the middle (how will the algorithm work? how do I keep the users from distributing the one key?) that you'll have to ask or discover yourself. Do you tie it to system hardware information? (i.e. MAC address?) sure you can. But you'll have pissed of users if they buy a new computer and can't use your software now.

Edited August 6, 2012 by mechaflash213

[13ktuz]

the install will then write a unique .dll file (that the .exe checks every time it is started)

This! i also need help on how to do this!

[tes5884]

IniWrite

IniRead

check the help file for those

[13ktuz]

thanks

[nullschritt]

Guys, it looks like he wants to ADD HWID verification to his program.

To do this you would have to generate the HWID (_WinAPI_UniqueHardwareID)

Then in your server side verification script (in PHP or simmilar) you would have to store the HWID along with the product key when they purchase the key.

Then each time they launch the app check the key against your database, and the HWID, and if the HWID has changed, deactivate the key, or if it has changed say more than 3 times. This way you could auto-disable the key if it is being shared.

I made a similar system once, that used IP address and HWID to verify with the key, and if there were multiple changes, it would deactivate the key, so the application would no longer work, then give anyone who used that key an error, saying pirated was detected, please contact support.

However, you must know that there are certain reasons that make this kind of protection useless to anyone with the ability to use google, if they know you wrote the application in autoit. (there are also ways to help prevent this, but I am not sure to exactly what extent I am allowed to discuss this, as I am not sure if executable encrypters or alternative packers break autoit TOS.)

You need to

Store Product Key In Database - > Program sends product key, along with HWID to server - > server verifies HWID + IP + KEY - > programs runs or closes (here is a demo/instructions on how to use php and mysql to retrieve and store data in a database: http://www.w3schools.com/php/php_mysql_intro.asp ) [php is much like autoit in syntax]

To do this you will need to use PHP/MYSQL on your server, and use

_inetgetsource('www.server.org/auth.php?KEY=key_here&HWID=hwid_here')

to send the details to the server, and receive it's response.

If you don't know PHP, or still don't fully understand how to do this, just ask and I will be able to help more.

Also, you can use Alternative Data Streams to create partially tangible keys with iniwrite.

iniwrite(@scriptfullpath&":some_data_stream", "auth", "key", "blarhg-some-key")

"some_data_stream" can be anything you want, it basically stores the data inside the exe, in a filespace that is accessible even when the file is being run, that cannot be seen using normal windows explorer, also Alternative Data Streams are lost when the file is copied off the computer (over the internet, or usb/cd) so they would have to re-enter the key if they moved it to another pc, which is good for security too.

then to read from the ADS(Alternative Data Stream) you would do the same thing

iniread(@scriptfullpath&":some_data_stream", "auth", "key", "null")
fileread(@scriptfullpath&":some_data_stream")

Edited August 7, 2012 by nullschritt

[13ktuz]

Thank you so much nullscrit, that was exacly what i was looking for, but i didn't quite understand something, can i actually send a key through the internet?--> i need ways that I can send the key through the internet securely, like if AutoIt has https(which i do know it has" but I need to find out how to do it), Suggestions?

Edited August 7, 2012 by 13ktuz

[nullschritt]

You could just use a SSL certificate on your web server and do _inetgetsource('https://server.org/auth.php...')

Look up _inetgetsource() in the help file.

I'm not sure exactly what you are asking other than that.....

Edited August 7, 2012 by nullschritt

[JLogan3o13]

13ktuz, you have a number of people attempting to help, but so far all we've seen from you is a list of what you want it to do. Why don't you take some of the suggestions you've received and try writing some code yourself? Then, if you get stuck, you can post it here and we can try to help

[13ktuz]

I will do this, but thank you so much for al the help I've been giving, I've started writing the code for the GUI(for the installer) so far so good, this is somewhat close to "rocket science" for me , I learned fast, but I'm doing it slowly to avoid failures in the code, Ive spent almost 3 hours to figure out a mistake on my GUI, related to the installation path, but if I have further almost impossible doubts I will surely post the code here to see if any of you would be so kind to help me figure a way through the obstacle

[Xandy]

Read hardware information from the registry, things like bios date, cpu name string whatever is unique. Encode it however you wish and plug it into a URL and launch it with a browser to a PHP script on your website. Have the PHP script look for a hardware match, if no match is found add the record and store the date the record was added. If a record is found check the date and see if the user still has free use. When the user purchases the software give them a hash of their hardware information as the unique key that will only work on their machine.

That is how I solved this problem, my paid users don't even have to connect to the internet because I check for the key first. Free users are required to connect to the internet.

Edited August 8, 2012 by Xandy

[Xandy]

examples:

;read the processor name string from reg
$x= regread("HKLMHARDWAREDESCRIPTIONSystemCentralProcessor0", "processornamestring")
;encode $x b/c the user should not know how you protect your app, and add other information as well.
;I recommend converting the encode string to unicode then send it to your server.
shellexecute("http://www.yoursite.com/cgi-bin/createuser.php?x="&$x, "", "", "open");send the processor name string to your website

but I cannot provide you with the code my program uses to protect itself.

Good luck, I had to put allot of dev time into it (it was my first time), but you can do it.

Oh you probably should convert to unicode too before you send the info to your website. Characters cause problems in URLs which you can try to sort out one by one (ass pain) or just convert to unicode first and then you don't have to worry about other languages either.

Edited August 8, 2012 by Xandy