Sign in to follow this  
Followers 0
sandman

How to see if a user of a program is authenticated to use it?

15 posts in this topic

Alright, my problem may be more difficult than the title makes it sound.

I am making a program that will be downloadable from the internet, but when it is installed the user must enter a password to start the authentication. After this program is installed, it cannot be copied-and-pasted or reproduced in any way, even if they download the file completely again after deleting the old one and entering the same password.

I have looked into use of _GetIP, and then sending that IP to the server to have it checked, but I feel that this wouldn't be the best option. Is there anything else I could try?


[center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Make a reg key?

Make ini file? (Maybe too easy for the user to mess with...)

And getting IP could be a bad idea. Some changes IP ervey time the log on...

Edited by Mr. Zero

Share this post


Link to post
Share on other sites

Look up UUID here in the forums and Google.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Alright, my problem may be more difficult than the title makes it sound.

I am making a program that will be downloadable from the internet, but when it is installed the user must enter a password to start the authentication. After this program is installed, it cannot be copied-and-pasted or reproduced in any way, even if they download the file completely again after deleting the old one and entering the same password.

I have looked into use of _GetIP, and then sending that IP to the server to have it checked, but I feel that this wouldn't be the best option. Is there anything else I could try?

Sounds like you need to create a hidden file as part of the instalation and on the first run of your software have it look to see if it is present.

Ant..

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

@Mr. Zero: Yes, that could work, but then someone who legally got the software could just copy and paste it onto someone else's computer. I want it to only be able to run on the computer it was installed on and not be reproduced or copied.

@Smoke_N: I don't really understand this.. I think I would be better off not meddling with things I don't know well unless it is absolutely necessary.

@Anixon: Hmm.. that could work.. good idea. How can I make sure it is hidden, though?

Edited by sandman

[center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]

Share this post


Link to post
Share on other sites

@Mr. Zero: Yes, that could work, but then someone who legally got the software could just copy and paste it onto someone else's computer. I want it to only be able to run on the computer it was installed on and not be reproduced or copied.

@Smoke_N: I don't really understand this.. I think I would be better off not meddling with things I don't know well unless it is absolutely necessary.

@Anixon: Hmm.. that could work.. good idea. How can I make sure it is hidden, though?

Well, you may not understand it, but If I were you, I'd take the time to try too... As long as it took, because either of the other measures are easily overcome by someone that wants to. And "hidden", well, let's just say there's no such thing with what AutoIt is capable of (from my knowledge anyway) really.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

@Mr. Zero: Yes, that could work, but then someone who legally got the software could just copy and paste it onto someone else's computer. I want it to only be able to run on the computer it was installed on and not be reproduced or copied.

@Smoke_N: I don't really understand this.. I think I would be better off not meddling with things I don't know well unless it is absolutely necessary.

@Anixon: Hmm.. that could work.. good idea. How can I make sure it is hidden, though?

try this: http://www.autoitscript.com/forum/index.php?showtopic=28722


Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

@Mr. Zero: Yes, that could work, but then someone who legally got the software could just copy and paste it onto someone else's computer. I want it to only be able to run on the computer it was installed on and not be reproduced or copied.

@Anixon: Hmm.. that could work.. good idea.

I have been playing with Installers and found that "Setup2Go" which can be downloaded from "tucows.com" is feature rich and might be worth looking at. It may not have the answer to your issue but it supports Licencing documents that requires the Agree/Disagree action of the user/installer.

Another way of getting round pirates is to include in the hidden file a date time limit beyond which your software will not run. You just need to make sure that you write the current run date time to the file so that they cannot roll back the system.

"Edit"

Something else you could look at is "DriveGetSerial" which would allow you to use the serial number of the C:\ drive as your key you could write this away to an INI file which forms part of your software. Then if it is copied to another PC the serial numbers will not match and you can make it so your software does not run. I use this technique with a USB Removable Drive where the Notebook will not run if the USB is not plugged in.

"End of Edit"

"Second Edit"

I have a home security system which allows you to remotely (where you can connect to the internet) take possession of the camera's and get vision in real time. To overcome users who do not have static IP addresses their software has a feature which allows you to activate a setting which updates your user account on their Server with your current IP address. You can at your option set the number of times in hours:minutes their server has to be updated. When you log onto their server for camera feeds it has your last known IP address which is used for routing.

You could write your software which only runs when their is internet connectivity and it can see your Server and there for the key/diskdrive serial number

This is a snippet of code that tests for internet connectivity

$IsCon = DllCall("WinInet.dll", "int", "InternetGetConnectedState", "int_ptr", 0, "int", 0)

If $IsCon[0] = 0 Then

;do something

You can get your IP address which is then encrypted and written out to an ini file:

$PublicIP = _GetIP()

$key1 = (_StringEncrypt(1, "1", "yourencryptionkey", 1))

IniWrite(@ScriptDir & "\inifiles\your.ini", "section9", "value4", $key1)

"End of Second Edit"

I think if you set your mind to the issue you can write a fairly tight solution without having to have an indepth knowledge of Windows.

Look forwarded to seeing your solution published

Cheers Ant...

Edited by anixon

Share this post


Link to post
Share on other sites

Alright, my problem may be more difficult than the title makes it sound.

I am making a program that will be downloadable from the internet, but when it is installed the user must enter a password to start the authentication. After this program is installed, it cannot be copied-and-pasted or reproduced in any way, even if they download the file completely again after deleting the old one and entering the same password.

I have looked into use of _GetIP, and then sending that IP to the server to have it checked, but I feel that this wouldn't be the best option. Is there anything else I could try?

Imposible - You can do a lot but I can always be copied :whistle:


Start here if you are new Valuater's AutoIT 1-2-3Looking for an UDF - Look hereDo you need to do it twice - Autoit

Share this post


Link to post
Share on other sites

anixon has the right idea. I was going to suggest using the ComputerSID or even the windows own liscence key as a way of locking the software to that computer only. But, his suggestion on the hard drive serial is also a great idea.


jason7237

Share this post


Link to post
Share on other sites

The only tangible advice here is the Computer SID but even that is easily spoofed... I have 2 PCs with the same serial (don't ask), and drive serials can be easily spoofed as well... A Unique ID is the way to go... if I'm not mistaken, even nwfu has made some Unique ID stuff in his signature.

Here's a question for all of ya'll that have made suggestions ... What happens if someone clones their environment... will they be able to pass your applications on without having to be re-licensed? (Answer: for 99% of what every suggested here, yes.)


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

lol, I did actually think about the cloning deal, guess I didn't consider how tight you wanted to be on locking the software to the particular system.

Personally, I wouldn't care to much about the issue. Someone cloning a few systems at home or small office might be able to get away with it, but inside a corporate enviroment, I wouldn't think that would happen to much. Of course, I would want my dues per system, but I also see that tying it down forever is nearly impossible. There's always someone that can pick a lock.

But, I know what you're saying.


jason7237

Share this post


Link to post
Share on other sites

I guess the answer at the end of the day is that it is always going to be difficult defeating an expert.

What I guess is perhaps being considered is slowing down or defeating the opportunist or the less sophisticated end user.

When assessing the applications commercial value (if any) the question is how much effort (cost) needs to be invested in protecting the developers intellectual property. Some would say to much is never enough.

At the end of the day from a commercial point of view I guess that it is simply going to be a risk management assessment and cost analysis with all that entails.

Cheers

Ant...

Share this post


Link to post
Share on other sites

I guess the answer at the end of the day is that it is always going to be difficult defeating an expert.

What I guess is perhaps being considered is slowing down or defeating the opportunist or the less sophisticated end user.

When assessing the applications commercial value (if any) the question is how much effort (cost) needs to be invested in protecting the developers intellectual property. Some would say to much is never enough.

At the end of the day from a commercial point of view I guess that it is simply going to be a risk management assessment and cost analysis with all that entails.

Cheers

Ant...

That's a well thought out and articulated synopsis. I wasn't talking about rocket science though.

It took me a week probably of testing a thousand different things for the most efficient means that autoit could provide for me. I came up with something fairly solid for myself (unfortunately if I shared it, it wouldn't be to solid anymore :whistle: ).

My point being, is that with a bit of effort, you'd probably only have to do it once, but then you would have a foundation and the ability to change it often to suit your needs, thus cutting down the time cost of future projects looking for new and inventive ways to do the same.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Okay, thank you everyone for all your help. I am thinking of using CoePSX's Register UDFs that mrRevoked supplied along with an SMTP mailer to create some kind of automatic validation script that will run along with my installer. The only flaw in this is that I must reply to all the emails.. sigh.

If this doesn't work, I will probably look into Smoke's UUID suggestion, which I may do anyway in later updates of my software as it seems that it will make it easier for everyone.

Thanks!!

-Sandman


[center]"Yes, [our app] runs on Windows as well as Linux, but if you had a Picasso painting, would you put it in the bathroom?" -BitchX.com (IRC client)"I would change the world, but they won't give me the source code." -Unknownsite . blog . portfolio . claimidcode.is.poetry();[/center]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0