One time use license

[dreamzboy]

Hi everyone,

I'm trying to develop a script that allows the user to run it once and only once. So after the script is finished, the license key will be set to 0. So if they try to run it again, the key is not there. Is it possible to do that?

Thanks,

Dreamzboy

[SpookMeister]

The easy way?

First, at the very beginning of your script, or where ever you feel it is most appropriate, check to see if something (to be written later in the script) is in a hidden place in the registry, if it is then kill the script before you do anything else.

Just before you end your script (or right after you do the important part of you script) write that special something we talked about on the last line.

Unless you are up against someone who is monitoring what your script is doing to the registry, this will be an effective method against most people.

Edited July 19, 2007 by SpookMeister

[Paulie]

Yeah, the registry is the best way.

I like to name it something that someone wouldn't expect though

$Key = "HKLM\SOFTWARE\Microsoft\Windows\Help"
$Value = "OS_Build" ; unsuspicious
$Check = Regread($Key, $Value)
If Not $Check = "" Then 
     Msgbox(0, "Error", "Sorry, *Program Name* may only be run once.")
     Exit 0
Endif

;Rest of Program

Regwrite($Key, $Value, $REG_SZ, @OS_Build)

[dreamzboy]

The easy way?

First, at the very beginning of your script, or where ever you feel it is most appropriate, check to see if something (to be written later in the script) is in a hidden place in the registry, if it is then kill the script before you do anything else.

Just before you end your script (or right after you do the important part of you script) write that special something we talked about on the last line.

Unless you are up against someone who is monitoring what your script is doing to the registry, this will be an effective method against most people.

SpookMeister,

Sorry for being an idiot, but I'm totally confused. I don't understand the logic on my part to begin with. However, here's what I understand. If I give a user a key to install onto his system, that means my script will detect that the key is not found in his system, so I'll provide him the key somewhere in my script. After that, the key will be deleted. What if he decides to

install it on another computer, how would I go about writing the script to tell the program not to install?

[dreamzboy]

AaaHH...very clever, after I replied, I saw Paulie's reply and read the script, I understood now. So basically, Paulie insert a "flag" somewhere in the registry and made the script check for it. How will that work for another computer that doesn't have the flag? lol...thanks for putting up with me, I have no idea what's going on anymore...

[Xenobiologist]

Hi,

if I got the script and the key and I can copy the script and use it as often as I want!

So long,

Mega

[Paulie]

SpookMeister,

Sorry for being an idiot, but I'm totally confused. I don't understand the logic on my part to begin with. However, here's what I understand. If I give a user a key to install onto his system, that means my script will detect that the key is not found in his system, so I'll provide him the key somewhere in my script. After that, the key will be deleted. What if he decides to

install it on another computer, how would I go about writing the script to tell the program not to install?

if you want the protection to go between computers,

it would be best to monitor it regularly via the internet.

But in all honesty, with the registry scrip above, they would only be able to run the script 1 time per computer. Even if they have 2 computers, and the get to run it twice, it is still greatly restricted.

I think the registry thing is your best bet.

Edited July 19, 2007 by Paulie

[dreamzboy]

Hi,

if I got the script and the key and I can copy the script and use it as often as I want!

So long,

Mega

I'll be watching you...

Thanks a bunch Paulie and Spook. I guess there's no easy way to make it executable to only 1 computer.

Dreamzboy

Edited July 19, 2007 by dreamzboy

[James]

If you wanted, you could encrypt the keys with letters etc, because you cant really specifically search for the key. Also, instead of using:

1 = Allowed

0 = Restricted

Use some randomness:

a91s = Allowed

cv8d = Restricted

[Xenobiologist]

Hi,

one important question is: Do you always have access to the computer the script should run on?

If you have got, then have a look at my sig. _runonly

If not, you need to implement a check via internet.

So long,

Mega

[balo111]

[*]Tagging is one thing

ah yep I merely forgot, when you do tagging do it the creative way

have a look at regedit and browse here

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface

may cut little keys - now imagine there is just one little entry more in there - you think someone will notice it?

Make it ever hard by not point and shoot at one single hidden key - bring in some randomness.

(*) I 'll explain in the next post (before that one expires since I'm 'bout editing)

[*]One other approach could be to download leave out some important piece from the internet - like and encryption key or a part of the script and lock it / delete once it was accessed.

Look at http://www.autoitscript.com/fileman/ you may even use this a plattform.

Download and Delete a file or folder can be accomplish ver easy and if it's gone -

it's gone.

So make you script download your keyfile from there and then immediately delete it.

[*]Third idea would be to add and remove file or edit file directly inside your Autoit script file.

Sound a little bit like magic, doesn't it ?

Well I'm currenly working a script file that can - but at the moment it's not really ready for public.

I wanted to clean up, optimise and main thing document source a little better.

Update and save function are working, remove function mess up in some cases the whole script and

addResourceToScript needs is still to be done...

PM me if you can't wait. (Sorry when I post it here I can't edit it afterwards to do bugfixes - and ppl could think it's crap.)

[/list

Edited July 19, 2007 by balo111

[ChrisL]

There is a trial software license key script in my signature below maybe you can use it

Edited July 19, 2007 by ChrisL

[balo111]

This is definitly too exaggerated here as I see now after I finished this. But you are one of these ppl that's loves paranoid, exaggerated, and overbloated security go on reading.

Okay that's called random hash tagging.

amomg all this cute looking keys in

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface

randomly select on

(*) ok let's take this neat little key

{00000012-0000-0000-C000-000000000046} randomise it's name to...

{0002011F-0000-308B-C000-00122A00A006} (okay I'm lazy and won't over do that)

and copy it to this.

But how would we ever find our randomly choose and randomise tag key?

At them moment the answer to this question is never, because I forgot to apply some very important detail before copying. It's to make the key fitting to our secret hash criteria.

To simply things let's say that our secret hash criteria that the sum of all numbers must be 23

0002011F-0000-308B-C000-00122A000A06

0002[ ]000A06 <-I leave you this range for simplification (let's assume it's sum is 0)

00 02[ ]00 0A 06

sum them 00+02+00+0A+06 = Decimal 2+10+6 = 18

but it should be 23 so add 5 and now we got it choose some place for the correctionvalue I'll put it right at the begin

05 02[ ]00 0A 06

Now we can copy

0002[ ]000A06 to

05 02[ ]00 0A 06

and now It's tagged.

To find out if we already have a tagged key we must enumerate through all keys in

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface

sum up the numbers in names and check if on sum gives 23.

But if you found the Tagged value don't stop - break of the loop and stop scaning - set a flag to memories that nd keep on scanning.

The Background is that if someone has regmon running in background, we will notice ah here it stop so this must be the tagged key I need to delete.

Since it may take some seconds to check you should require to check for it only once - and that's at the first start.

After it finished searched and didn't fin the tagged key set some fix position a checkmarker for ex at HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shell\

where you store status data in a trampersecure way so the scan for tagkey is only call when the checkmarker is not found (what is the case whe you run the program the first time) and to ensure at a malcious user has not delete the checkmarker to reset it's trial or one time run testdrive.

So that's it.

But a critical reader might ask now what happens if though a very bad coincidence a 'false positive' occurs one the really first run a tagkey is detected (Numbersum=23)?

Well that's bad luck.

Even the's really really really bad luck and you could congradulate the person be a really really tallented bad luck tapper. Because the datastring is here "0002011F-0000-308B-C000-00122A000A06" is really long enough and of course you don't choose such small value like an 8 bit one so that chance to have some that lucky one person shrinks to 1:1 Milliard or even more.

Edited July 19, 2007 by balo111

[balo111]

Damn it the edit countdown cut me off. That was what I wanted to add:

....ce to have some that lucky one person shrinks to 1:1 Milliard or even more.

...You still critical? Well that's good very good. Since that security concept has couse also it's flow's.

At systems since Window2000 upwards there is a important fact/ think the 'user' should not know to keep the protection strong.

But I don't tell you - cause may you can tell me what it is / might be.

Edited July 19, 2007 by balo111

[dreamzboy]

Interesting explanations and concepts balo. Now does that apply to a different computer? In the end, you're only checking the keys on your computer, but when the software being brought over to my computer, the keys checking does not apply.

[SpookMeister]

Interesting explanations and concepts balo. Now does that apply to a different computer? In the end, you're only checking the keys on your computer, but when the software being brought over to my computer, the keys checking does not apply.

Sorry, been afk for a while.

For doing what you are talking about here dreamboy, you want to provide some sort of registration system where

1) Your program searches for something that fairly uniquely identifies their computer.

2) They send that information to you when they install/register the program

3) You create some sort of hash file / license key from the info that they send you and send it back to them so they can register the software

4) Every time it runs, your program decrypts that hash file / license key and ensures that this is the same system that you approved them for

Doing a search for "unique computer ID" will give you a lot of info to consider here.

Bottom line, there is no easy answer for this

Edited July 19, 2007 by SpookMeister

[balo111]

Yes the basic >thing< you need for this

0.a unique (binary?!) item that

1.can't be copied

2.can be modified only once (in detail that means: 'WriteAccess' + 'some execution logic')

That can be a realised through

a webserver with limited access (that will be 2.) and maybe the

CPUID(that is would be 0. and 1.) or some kind of other hardwaredevice like a dongle, Key Disk / CD

that is artificially modified to make duplication as hard as possible.

Or instead of the webserver a unique hardwaredevice with 'WriteAccess' + 'some execution logic'.

But beside all that commercial thinking consider this:

Bottom line, there is no easy answer for this

The simple answer to this is:

It's impossible.

From a certain point of view, what you're trying to do against the nature of binary data.

Compared to matter were every item is unique and of infinite complexity, structure of binary data on its lowest level is just 0 or 1.

So one of the list of the simplest things you can do with binary data is copying. (If you can read it and write it you can copy it.)

Binary data are virtual, just as thoughs. Seen from a strict material point of view (= see with in the context of space and time) they just even don't exists.

But you of course you've thoughts and it's partical to see them as at least as 'particulary' materialistic.

But what needs thoughts to survive? In my mind it very important to them to get spread, to get duplicate, copied again and again. Look at nature, the cells, the creatures. There the concept, the idea, the information must be reproduce it self to survive. Because matter don't resists time.

Now when I think about it, there actually is almost everything about reproduction. Just the 'best tuned' information survives.

But here you want binary information that should be still binary readable and writeabe which can't be duplicated but on the other hand behave as a unique material item.

So from the evolutionary point of view it's really foolish what you're trying to do here.

Nowbody likes Dongles, DRM, TPC, or other crap like this.

But as long there are ppl live in fear about others 'stealing' their thoughs and who dream about locks like this and the big money, they will still waste their money in one useless Digital Rights Management after the other.

And of cause as long as they live in this Illusion,

..and pay we will provide them one outstanding unbreakable copyprotection after the other.

Edited July 21, 2007 by balo111