Encryption obfuscation Authorization
1. Overview of software Licensing methods
At present, most of the commercial software and shareware are licensed by the registration code to ensure that the software itself is not stolen, in order to ensure its own interests. Although some versions of many commonly used software systems have been cracked by others, the way in which the registration code is licensed is an effective means of protecting the software system itself, for software specific industries.
In general, there are several ways to license the registration code:
L Installation Serial number method
This is the most common way that Microsoft offers products such as the Windows family, the Office family, and so on. A complex algorithm is used to generate the installation serial number, and during the installation process, the installer verifies that the system is legitimate by verifying that the installation sequence number entered by the user is authorized.
L User name + serial number method
That is, the software system supplier to provide users with a valid user name and serial number, the user in the installation process or startup process to enter a valid user name and serial number, the system through the algorithm verification through the completion of software authorization.
L Online Registration method
After the user installs the system, the registration authorization is made over the network. The supplier of the software system has already registered the user's information, and the user's registration system verifies the user's information when the users register online. When the user identity is valid, the registration system generates a credential information, and the software system completes the authorization according to the credential information.
L Activation Code mode
After the user installs the system, the software system will generate a registration voucher (also called a registration code) based on the key information of the user's machine (e.g. MAC address, CPU serial number, hard drive serial number, etc.), the user will send this registration voucher to the software vendor, and the supplier generates an activation code through the registration voucher. The user enters the activation code, the software system completes the authorization.
Either way, it is theoretically possible to break the license. Any protection mechanism will vanish as long as the Cracker discovers the software authorization mechanism and principle. Therefore, only through the selection of complex algorithms and mechanisms to increase the crack of the cracker, so that in a certain time to ensure that the software is not stolen. Usually in the field of industry application software, we use the Activation Code method for software authorization management.
2. Implementation principle of Activation Code mode registration
RSA algorithm (asymmetric encryption algorithm) is widely used in encryption and digital Signature algorithm, is currently the most influential public key encryption algorithm, it can resist all known password attacks so far, has been recommended by the ISO public key data Encryption standard. The RSA algorithm is based on a very simple number theory fact: it is easy to multiply two large primes, but it is extremely difficult to factorization the product at that time, so it is possible to expose the product as an encryption key for the user name + serial number, online registration, activation code and other software protection methods.
The RSA algorithm implements the activation Code registration method principle as follows:
1. Generate a pair of public key E and private key D (for use by the Software registration template and keygen);
2. After the user installs the software, the Software registration template extracts the user machine fingerprint information (such as: MAC address, CPU serial number, hard disk serial number, etc.), and generates an application code C through other coding algorithms (such as BASE64);
3. The user will send the application code C to the software developer. The software developer generates an activation code f by using the private key D encryption application code C after the registration machine. The software vendor sends the activation code F to the user.
4. The user enters the activation code F, the software registration template uses the public key E to decode the activation code F to generate G (i.e.: User machine feature information), and then the software registration template to extract the user's machine specific information after encoding. The results of the encoding are compared with G, and if the user is equal, the authorization is done, otherwise the authorization fails.
3. Activation Code Mode Registration Implementation Scenario 3.1 overall architecture
Encapsulation implements Authenticode validation, providing validation services to applications in the form of DLLs (Dynamic Connection libraries). How authorization validation is handled is done by the application itself.
Description
L Verify that the dynamic library encapsulates different algorithm policies and authorization policies, and provides key verification, generation, compilation, and decoding functions.
The application needs to develop a validation module that validates by invoking the functions in the dynamic library.
L Verify that the dynamic library itself does not provide the presentation of information and related interfaces, so the validation module of the application needs to provide some action and prompt interface (for example: Registration code input box, prompt message box, etc.)
3.2 Function Modules
Description
The validation interface is a set of WINAPI forms of API that provides validation-related services that are called by the application's validation module.
L Verify that the function module realizes the specific function, which is called by the authentication Interface API, and provides the service outside, which itself is not exposed to outward;
L RSA algorithm module provides RSA algorithm implementation, for the verification function module call;
L MD5 Algorithm module provides MD5 algorithm implementation, for the verification function module call;
L BASE64 Algorithm module provides BASE64 algorithm implementation, for the verification function module call;
The registry Operation module provides the implementation of registry-related operations for authentication function module invocation;
L File Operation module provides implementation of file-related operations for validation function module invocation
4. Software source program Protection
Authorization solves the copyright problem of the program, and in order to guarantee the smooth operation of the authorization algorithm, the program files must be protected and the difficulty of anti-compiling is increased.
General software Protection is the use of special algorithms, EXE, DLL files in the compression of resources, change its original signature, hide some strings and so on, so that some resources editing software can not open or modify the normal.
5. The principle of the implementation of the shell-adding technology
First, the original main program compiled into a DLL, and then write a shell program, compiled into an EXE, and the program's running portal (that is, the main function) moved to the shell, the shell began to execute the entire program. First, you can use a custom encryption tool to encrypt all DLL files (enter a specific key) before the software is released, to temporarily decrypt the DLL into memory when the shell loads it, and load the run. Because the result of decrypting a DLL exists only in memory, an attacker cannot obtain the decrypted DLL unless he can find the decryption key for the DLL. At the same time, in order to avoid the attacker to analyze the logic of the shell, looking for the decryption key, you can also compile the shell into an EXE file, and then use the third-party software to confuse, so that the attacker will not understand the DLL encryption algorithm and processing logic. Thus, it is more effective to protect the main program DLL.
6. Recommended 6.1-bit Enzo for software protection and licensing solution providers
Bit Anso provides software developers with a professional web-based software authorization management and protection system-the bit platform. The bit platform integrates the design, development and management of software protection and authorization, and provides enterprise-class encryption protection and authorization management solution for software developers and digital content providers.
The bit platform includes support for all phases of the software and digital content authorization cycle, and can be integrated with management systems within the enterprise to automate the sales process or order process, enabling cloud licensing and local authorization. The advantages are as follows:
L login anytime, anywhere. Set design, development, management, analysis in one.
L according to different market and user groups to authorize the design, the same set of code to meet the various licensing models.
L complete module download and API debugging on the bit platform. The relevant modules of each product are compiled online at the time of download and are unique.
L support multi-user collaboration based on Rights management to meet the needs of different roles in the organization.
Transferred from: http://www.cnblogs.com/chengmin/archive/2011/09/26/2192230.html
Good text to the top concern me to collect the article
Implementation principle of Activation Code mode registration