1. Serial Key Validation Expired Jan 7 2048 2017
2. Serial Key Validation Expired Jan 7 2048 X 1152
3. Serial Key Validation Expired Jan 7 2048 Download
4. Serial Key Validation Expired Jan 7 2048 Free

Public Key Length. RSA 2048 bits (e 65537) Signature Algorithm. Validity Not Before. Serial Number. Public Key Length. RSA 2048 bits (e 65537) Signature Algorithm. Validity Not Before. Jan 28 12: UTC. Subject Key Identifier. I Added a serial key in it. At the time of installation it asks me for the key. Serial key validation in c#. Ask Question 1. I completed my project in C#.Net. I Added a serial key in it. – Priya Jan 31 '11 at 12:16. Please mark as answered,based on which you find is the correct answer.This may help others. – abmv Mar 7 '11 at 9:20.

There have been a few timely posts about IP security and the like, but none that I can find that specifically address an algorithm. In one of my current projects, we've decided to go the route of an offline registration key system.

I imagine most of our eventual user base will be honest, so I don't think we have too much to worry about. On the other hand, I'd rather not have the casual cracker gain access without a good deal of sweat and tears.

So, what are some options for how to generate (and verify) the key? Hardware keying is most likely out because the install model is to run from a samba share on an intranet server. Also, how long should the key be?

Secondly, how big is the danger of the verification algorithm simply being Reflected out, even if it is obfuscated? Would it be better to write the algorithm in unmanaged code instead?

lc.lc.

closed as too broad by BradleyDotNET, cpburnz, user1942027, Timo, PSLJun 11 '15 at 1:41

Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. Avoid asking multiple distinct questions at once. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.

5 Answers

In my opinion, the key problem you'll face is not with your registration algorithm and level (or lack) of obfuscation.

Rather, it's this: At some point in your code it comes down to simple binary decision - to run, or to exit. Hacking your system only requires finding and tweaking this decision point.

Everything else - obfuscation, strong signing, tamper detection - is oriented to make this more difficult, but it can't make it that much harder.

BevanBevan

Typically what you want to do is pick some data that you want to include in the key like who owns it and when it expires, possibly even some small pieces of code your application needs to work properly (thus making it hard to make it work without the key). Then use a digital signature scheme like RSA to digitally sign the key with your company's private key. Distribute the public key with the application executable. Then when you load the key, just verify the signature is valid and then use the data contained in the key. A 1024 or 2048 bit key should be plenty for this.

Of course no matter how sophisticated your code is someone will always be able to break it or get around it. So the question you have to ask yourself is how difficult do you want to make it (keeping in mind more difficult schemes are harder to code and maintain for you)? There is a point of diminishing returns, usually that is pretty low. As long as the program won't work without a key, and the key is complicated enough that you can't fake one (or change the expiration date etc) with a hex editor then you are probably fine.

SoapBoxSoapBox

As far as refactoring the key out, writting it in unmanaged might not help if they kill the call site from managed to unmanaged. One option you have with obfuscation if your using Dotfuscator professional is to enable their 'Tamper Detection' essentially they tag your assembly and if someone modifies you can have your code do various things. Of course the hacker can remove this but its a lot more sweat and tears.

JoshBerkeJoshBerke

I've only found one way to lock down code very well. Almost every form of serial validation can be cracked easily by your average second-year programmer.

The way I've done it is to use a License object in .NET. Within my home-grown license object, it reads a 'license' file to find out where 'home' is. That license is an encrypted string. The private key to the string is in the License object.

The License object then calls home with a secret password, also encrypted. The server decrypts the password and validates it.. also logging the IP and user name in case of fraud investigation. If the server can validate the password, it responds with a secret response, encrypted again so that it cannot be spoofed. If it cannot be validated, the connection is dropped. No response is sent, thus the License object at the other end fails.

When the integrated License object fails, it will automatically throw an exception, forcing the application to fail and exit at the point that the license is called.

It took me about two work-days to write the server and the License object, so it's a bit of a workout, but not rocket science.

If you want some sample source, or more info, let me know. I'll be glad to get you what I can.

JerryJerry

You might want to take a look at the answers to this question

Rowland ShawRowland Shaw

Serial Key Validation Expired Jan 7 2048 2017

Not the answer you're looking for? Browse other questions tagged .netalgorithmsecuritylicensingsoftware-distribution or ask your own question.

I want to create a license key, which cryptography algorithm would you recommend?

Basically the inputs would be:

company name
major version number
date created
expirey date
has feature1:
has feature2:
has feature3:

e.g. Acme Inc 5.0 20081102 20081102 0 1 0

Related: Which built-in .NET cryptography algorithm is the most secure?

6 Answers

I would recommend: Don't spend too much time on securing your keys. With byte compiled languages it is very easy to decompile and just make the application skip the validation step. No matter how secure your keys are, they don't matter when your validation function always return true. Serial keys are there to keep honest people honest.

If you are doing validation on the customer-side, you want to use asymmetric encryption. That way you do not have to distribute the private key to the customer. I would generate a RSA signature using SHA-256 and a 2048 bit key. If you do that, the cryptographic operations will not be the weak link. A cracker could of course change the code to skip the verification step, but no cryptographic algorithm will help that.

If you are doing validation server-side, I would choose a SHA-256 based HMAC.

Rasmus FaberRasmus Faber

For a license key you are not so much interest in encrypting it, but on signing it. By signing it you can validate that the expiry date and enabled feature list was not tampered with. There is no need to hide (encrypt) the license key, as there is no threat you want to mitigate by hiding the license from the end user.

Cryptographic signatures are done by hashing the license and then encrypting the hash with a private key. Since anyone can decrypt that hash using the corresponding public key, anyone can verify if the license was tampered with.

The basic CryptoAPI function to sign and verify are CryptSignHash and CryptVerifySignature, see Example C Program: Signing a Hash and Verifying the Hash Signature.

The .Net Framework equivalent are the RSAPKCS1SignatureFormatter and RSAPKCS1SignatureDeformatter classes.

Remus RusanuRemus Rusanu

The answers to your other question are appropriate here, too: Which built-in .NET cryptography algorithm is the most secure?

Serial Key Validation Expired Jan 7 2048 X 1152

warrenwarren

You need to do 4 things:
No 1: Checksum your application (MD5, with custom md5 context)
- MD5 context needs to be encryptedly initialized
- Compare agains private/public key encrypted checksum
No 2: Checksum your running application's text segment
No 3: Use 4096-Bit RSA Private-Public key encrypting for the license
No 4: Encrypt any crucial strings, like 'Wrong key' or 'Key ok'

Stefan SteigerStefan Steiger

If you would like to see an example of Triple DES encryption, you can take a look at my blog post on encrypting data in a database.

Serial Key Validation Expired Jan 7 2048 Download

The blog post contains a video and the source code.

The Rosetta Stone German Level 1, 2, 3 Set serial key key worked flawlessly. Many thanks, ---- Howard Lopez genuine Rosetta Stone German Level 1, 2, 3 Set product key. Cheap Rosetta Stone German Level 1, 2, 3, 4, 5 Set serial sold by Microsoft Keys Stores is 100% guaranteed and gives you the lowest way to access Rosetta Stone German. Rosetta Stone German Level 1, 2, 3, 4, 5 Set Product Key Payments: * You can Pay through Your PayPal Account * You can paywith your credit card without having a. Rosetta Stone TOTALe 5.0.37 Crack + Serial Key. Rosetta Stone Crack is specially design learning software program which enables the user to learn and study any language easily.You will be able to read, write, learn, pronounce, and listening with its extra sensible explanations.It provides you unique settings with multiple levels of learning any language.

Although it focuses on encrypting string columns in the database, you can definitely modify it to work with licensing fields.

Serial Key Validation Expired Jan 7 2048 Free

The source code is written in C# and uses Triple DES algorithms.