Drew Posted January 27, 2009 Share Posted January 27, 2009 (edited) Alright so this is what I'm trying to do. I have created a program for a community that I moderate and need to ensure that ONLY those I entrust with it may use it. Here's my idea: Each program distributed will be custom to the one that it was given to. And for each program given out , there will be a .txt or .ini file on my server with a security key and possibly a way I can deny its use. What my problem is... I need help working the bugs out of this idea, closing any potential loopholes, and overall a second brain on the matter. At startup - the program should use INetGet and download the file , read it and ensure that the user is permitted to run the program. If not , close and delete itself ( if possible ). But I need a way that users can't just send it to eachother , or share keys. Anyone have any ideas? EDIT: Note: I'm hoping to make this in a way where I can revoke access to the program if the reason exists. Edited January 27, 2009 by Drew Link to comment Share on other sites More sharing options...
furrycow Posted January 27, 2009 Share Posted January 27, 2009 Alright so this is what I'm trying to do. I have created a program for a community that I moderate and need to ensure that ONLY those I entrust with it may use it.Here's my idea:Each program distributed will be custom to the one that it was given to. And for each program given out , there will be a .txt or .ini file on my server with a security key and possibly a way I can deny its use.What my problem is...I need help working the bugs out of this idea, closing any potential loopholes, and overall a second brain on the matter.At startup - the program should use INetGet and download the file , read it and ensure that the user is permitted to run the program. If not , close and delete itself ( if possible ).But I need a way that users can't just send it to eachother , or share keys. Anyone have any ideas?EDIT:Note: I'm hoping to make this in a way where I can revoke access to the program if the reason exists.I mean i am 100% sure there are better ways out there to do this, but you could get their MAC address, because each network card in any computer has a different MAC address, so if you were to match the address at startup of the program with the one on your server then the program would be allowed to run. Instant Lockerz Invite - www.instantlockerzinvite.co.uk Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted January 27, 2009 Moderators Share Posted January 27, 2009 Drew, Have you seen this from Valuater? Might be the solution - or give you a few ideas. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
cherdeg Posted January 28, 2009 Share Posted January 28, 2009 Anyone have any ideas? Note: I'm hoping to make this in a way where I can revoke access to the program if the reason exists. You could do it like this: 1) Let the user DL a generic "Compatibility-Cecker" that "prepares" his system 2) This tool collects the volume serial number of the users c:-drive (WMI) and writes it to a db on your webserver 3) You use the number and compile it hardly into the actual program 4) The actual program checks the volume serial number on each start and runs...or not. You could automate the whole thing by e.g. running a "Daemon" / "Server" on your Host checking for new entries in the file containing the volume serial numbers every ten secs or so, modifying your sourcecode with the new number, starting a compile by command line and moving the resulting executable to a certain DL-location. The "Deamon" tells the "Compatibility-Cecker" (which would be more of a "Internet-Installer" in this case) about this location and the Client downloads the file and installs it to the location given by the user. You could make a nice progress bar to appease and distract the user for the time. A self-deletion could be done with this function: ; Function _SuiCide to delete the script from the local machine ; ============================================================================================== Func _SuiCide() $SC_File = @TempDir & "\suicide.bat" FileDelete($SC_File) $SC_batch = 'loop:' & $s_LineBreak & 'del "' & @ScriptFullPath & '"' & $s_LineBreak & _ 'ping -n 1 -w 250 zxywqxz_q' & $s_LineBreak & 'if exist "' & @ScriptFullPath & _ '" goto loop' & $s_LineBreak & 'del suicide.bat' & $s_LineBreak FileWrite($SC_File, $SC_batch) _SetSystemCursor($h_WaitCur, $OCR_NORMAL) $h_WaitCur = 0 Run($SC_File, @TempDir, @SW_HIDE) Exit EndFunc ;==>_SuiCide Regards, Chris Link to comment Share on other sites More sharing options...
Drew Posted January 31, 2009 Author Share Posted January 31, 2009 How would I get the computers MAC address , or another form of unique identification? Link to comment Share on other sites More sharing options...
Inverted Posted January 31, 2009 Share Posted January 31, 2009 Noone is going to give you their MAC address, forget about that. I have a better idea. Put a little watermark in every file you give out. I mean use a hex-editor to put a few bytes in a non-essential area of the each executable. And keep a record of who got which file. Then if it's leaked, you'll have proof of who is the lamer. You can use PE Compact to compress the compiled autoit script (don't use UPX compressor at this case), it includes a watermark utility to automate the process. Also, PECompact has a free trial version. Also, put a RAR password on the file for deception (more than 9 characters) Link to comment Share on other sites More sharing options...
Prab Posted January 31, 2009 Share Posted January 31, 2009 (edited) Not sure about MAC address, but DriveGetSerial( "c:\" ) works pretty well.My logic would be:Local program gets serial numberLocal program ecrypts serial numberLocal program sends encrypted serial number to serverServer decrypts serial numberServer responds "Valid" or "Invalid" and a time stamp (Both encrypted)Program decrypts message and time stamp. (Time stamp prevents replay attack)Program reacts accordinglyYou may want to look at this thread for client/server communication. http://www.autoitscript.com/forum/index.php?showtopic=74325Edit: Fixed a small bug in my logic Edited January 31, 2009 by Prab FolderLog GuiSpeech Assist Link to comment Share on other sites More sharing options...
jvanegmond Posted January 31, 2009 Share Posted January 31, 2009 The only solution that doesn't rely on computer hardware is making the users and authenticate with a login and/or password. You could then check how many IP addresses use the login and password, so you could stop any accounts that are being used by several people. github.com/jvanegmond Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now