1 Preface
At present, most of the commercial software and shareware are licensed by the registration code to ensure that the software itself is not stolen, in order to ensure its own interests. Although some versions of many commonly used software systems have been cracked by others, the way in which the registration code is licensed is an effective means of protecting the software system itself, for software specific industries.
In general, there are several ways to license the registration code:
U Install serial number method: This is the most common way, Mircosoft offers products such as the Windows family of products, Office products, and so on. A complex algorithm is used to generate the installation serial number, and during the installation process, the installer verifies that the system is legitimate by verifying that the installation sequence number entered by the user is authorized.
u user name + serial number method: That is, the software system supplier to provide users with a valid user name and serial number, the user in the installation process or startup process to enter a valid user name and serial number, the system through the algorithm verification through the completion of software authorization.
U Online Registration method: After the user installs the system, registers the authorization through the network. The supplier of the software system has already registered the user's information, and the user's registration system verifies the user's information when the users register online. When the user identity is valid, the registration system generates a credential information, and the software system completes the authorization according to the credential information.
C #, ASP, C + + programming tips for implementing the principle of software registration code based on RSA algorithm: Strong>insert ()
Inserts the specified character into the string by specifying the index bit. Such as: Str1. Insert (1, "word"), in str1 the second word prompt insert "word", if str1= "China", after inserting "Chinese character country"; |
U Activation Code mode: After the user installs the system, the software system will generate a registration voucher (also called the registration code) according to the key information of the user machine (for example: MAC address, CPU serial number, hard disk serial number, etc.), the user will send this registration voucher to the software vendor, and the supplier generates an activation code through the registration voucher. The user enters the activation code, the software system completes the authorization.
Either way, it is theoretically possible to break the license. Any protection mechanism will vanish as long as the Cracker discovers the software authorization mechanism and principle. Therefore, only through the selection of complex algorithms and mechanisms to increase the crack of the cracker, so that in a certain time to ensure that the software is not stolen.
RSA algorithm (asymmetric encryption algorithm) is widely used in encryption and digital signature algorithm, can be applied to user name + serial number, online registration, activation code and other software protection methods
2 RSA Algorithm Introduction
The RSA algorithm is the first algorithm that can be used for both encryption and digital signature, and it is easy to understand and manipulate. RSA is also the most widely researched public key algorithm, from the proposed to now nearly 20 years, experienced a variety of attacks, gradually accepted by people, generally considered to be one of the best public key scheme at present.
The security of RSA relies on the factorization of large number of factors, but it does not theoretically prove that the difficulty of deciphering RSA is equivalent to the difficulty of large number decomposition, that is, the major drawback of RSA is that it can't theoretically grasp its secrecy performance, and the majority of cryptography scholars tend to factor decomposition is not NPC problem.
The disadvantages of RSA include:
(a) The creation of a key is very troublesome, by the number of technology constraints, it is difficult to achieve a secret.
(b) The length of the packet is too large, in order to ensure security, n at least more than bits, so that the cost of the operation is very high, especially slow, more than symmetric cipher algorithm several orders of magnitude, and with the development of large number decomposition technology, this length is still increasing, not conducive to standardization of data format.
However, the disadvantage of RSA is not a problem for the software registration code, because the software registrar can choose a known prime number to generate the public and private keys. As for the problem of high computational cost, it is not a problem, because the amount of information on the registration voucher is very small.
The mathematical basis of RSA theory is the Euler theorem in number theory, the basic principles are as follows:
(a) Take two similar large primes p, q;
(ii) Calculation of n=p*q,z= (p-1) * (q-1);
(iii) Any integer e with a z-reciprocity;
(iv) Calculate the integer d that satisfies e*d=1 mod z;
(v) The plaintext M is divided into characters converts sequential blocks s encryption, each block s is less than N.
(vi) encryption: C=M^E mod n; decryption: m=c^d mod n
(vii) (N,E) and (n,d) are respectively referred to as "public key" and "secret key". According to Euler's theorem: m=c^d mod n= (m^e mod n) ^d mod n=m;
To illustrate:
(i) Take two prime p=11 and q=13
(ii) Calculation n=p*q=11*13=143,z= (p-1) * (q-1) = (11-1) * (13-1) = 120;
(c) The selection of an integer e, such as e=7, with z=120, can now be calculated to meet the 7*d=1 mod 120 integer d=103, namely: 7*103=1 mod 120, 7*103/120 more than 1,
(iv) Collation as follows: P=11, q=13, n=143, e=7, d=103
(v) Draw public key (n,e) = (143,7) and private key (n,d) = (143,103)
Take data encryption as an example:
(a) A to B send confidential data information m=85, and known as B's public key (n,e) = (143,7), so can be calculated: C=m^e mod n=85^7 mod 143=123, A will c sent to B;
(b) B uses the private key (n,d) = (143,103) to calculate C: m=c^d mod n=123^103 mod 143=85, now B has received a message to the confidential data sent to it, and A to B send information, A is only B's public key;
Thus, data encrypted by (N,E) can only be decrypted with (N,d), and vice versa, proving that the RSA encryption algorithm is reversible, but the reversible of RSA is based on a specific numerical pair (known as the public key and private key).
In addition, the security of the RSA algorithm relies on large number decomposition, and both public and private keys are functions of two large primes (greater than 100 decimal digits). Theoretically speaking, from a key and ciphertext inferred that the difficulty of clear text is equivalent to decomposition of two large prime numbers of the product, so as long as the choice of large enough prime, to ensure the security of public or private keys, the use of conventional cracking difficulty is very large, basically can be identified as impossible to crack, which can be determined that RSA is safe.
3 The basic principle of using RSA algorithm to realize registration code
This document only describes the user name + serial number, online registration, activation code Three ways, other methods are not considered.
The following are the basic principles for the implementation of three ways:
3.1 User name + serial number
1. Generate a pair of public key E and private key D (for use by the Software registration template and keygen);
2. The software vendor writes a keygen that generates a password C (i.e., a registration code) by registering the user name with the private key D plus the password, and the software vendor provides the user name and registration code to the user.
3. After the user installs the software, enters the user name and the registration code, the Software registration template uses the public key E to decode the registration code to generate F (namely: User name);
4. The software registration template compares the decoded user name F with the username entered, and if the user is equal then legitimate, complete the authorization, otherwise the authorization fails.
3.2 Online Registration
1. Generate a pair of public key E and private key D (for use by the registration system and registration template);
2. The software vendor encrypts the user's credential information by encrypting the private key D and generates F, which is stored in a specific place, for example: stored in the registration database;
3. After the user installs the software, enters the user characteristic information, the Software registration template uses the public key E to encrypt the user characteristic information, forms the registration voucher C, sends through the network to the supplier's registration system.
4. The registration system uses the private key D to encrypt the user registration certificate C, generate F. Determine the validity of the user's identity through F;
5. The registration system encrypts the results of registration verification through the private key D and sends it to the software system via the network;
6. The Software registration template uses the public key E to decrypt the verification result, and decides whether to complete the authorization according to the result;
3.3 Activation Code
1. Generate a pair of public key E and private key D (for use by the Software registration template and keygen);
2. After the user installs the software, the Software registration template extracts the specific information of the user machine (for example: MAC address, CPU serial number, hard disk serial number, etc.) and generates an application code C through other coding algorithms (such as BASE64);
3. The user sends the application code C to the software vendor. The software vendor generates an activation code f by using the registration machine to encrypt the request code C with the private key D. The software vendor sends the activation code F to the user.
4. The user enters the activation code F, the software registration template uses the public key E to decode the activation code F to generate G (i.e.: User machine feature information), and then the software registration template to extract the user's machine specific information after encoding. The results of the encoding are compared with G, and if the user is equal, the authorization is done, otherwise the authorization fails.
4 Implementation Scenario 4.1 Overall Design 4.1.1 Overview
This document implements Authenticode validation to provide validation services to applications in the form of DLLs (Dynamic Connection libraries). How authorization validation is handled is done by the application itself.
4.1.2 Context Definition
Context structure diagram
Description
Ø Verify the Dynamic library provides key verification, generation, compilation, decoding functions.
Ø the application needs to develop a validation module that validates by invoking the functions in the dynamic library.
Ø Verify that the dynamic library itself does not provide the presentation of information and related interfaces, so the validation module of the application needs to provide some action and prompt interface (for example: Registration code input box, prompt message box, etc.)
Module structure diagram
Description
Ø authentication interface is a set of WINAPI forms of API that provides validation-related services that are called by the application's validation module. (c, C + +, JAVA, DELPHI, VS.) NET language can be called);
Ø Verify the Function module realizes the specific function, by the authentication interface API calls, provides the service outward, itself does not expose outward;
The ØRSA algorithm module provides the implementation of the RSA algorithm, which is used for validating function module invocation;
The ØMD5 algorithm module provides the MD5 algorithm, which is used for validating function module invocation;
The ØBASE64 algorithm module provides the BASE64 algorithm, which is used for validating function module invocation;
Ø Registry Operation module provides the implementation of registry-related operations for validation function module invocation;
Ø file Operation module provides implementation of file-related operations for validation function module invocation
4.1.4 Interface Definition 4.1.4.1 islicensed function
"Feature description": determines whether the specified application has been authorized
"Prototype definition":BOOL WINAPI islicensed (LPCTSTR lpappname=null);
"Parameter description": LPAppName: application name, if NULL (null), validates the current program
"Return value":TRUE: has been authorized;FALSE: Not authorized
"Remarks": None
4.1.4.2 Getactivationcode function
"Feature description": get Activation code based on feature information
"Prototype definition": BOOL WINAPI getactivationcode (LPCTSTR lpcharacter,
LPCTSTR Lpregistercode
UINT32 cbsize);
"Parameter description":lpcharacter: Feature information
Lpregistercode: Encrypted Activation Code
Cbsize:lpregistercode Area Length
"Return value":TRUE: success ; FALSE: failed
"Remarks": this feature is for software keygen calls
4.1.4.3 Getcomputercode function
Feature Description: gets the signature of the installation calculation
"Prototype definition":BOOL WINAPI getcomputercode (LPCTSTR lpregistercode);
"Parameter description": lpregistercode: encrypted machine signature
"Return value":TRUE: success ; FALSE: failed
"Remark": The Activation code can be obtained by calling the getactivationcode function via the machine signature
4.1.4.4 generatorkeyfile function
"Feature description": Generate Key File
"Prototype definition":BOOL WINAPI generatorkeyfile (LPCTSTR lpcharacter,
LPCTSTR lpkeyfile);
Parameter description:lpcharacter: The feature information,ornullif NULL, to take the computed feature information.
Lpkeyfile : Save the name of the key file
"Return value":TRUE: Success;FALSE: Success
"Remarks": this feature is for software keygen calls
4.1.4.5 activationbycomputer function
"Function description": activates the system according to the machine signature
"Prototype definition":BOOL WINAPI activationbycomputer (LPCTSTR lpacitvecode
, LPCTSTR lpappname=null);
"Parameter description":lpacitvecode: Activation Code
LPAppName: application name, if NULL (null), activates the current program
"Return value":TRUE: Activation succeeded;FALSE: Activation failed
"Remark": because the machine signature can be obtained automatically by the verification module, it does not require the user to enter the registration code
4.1.4.6 activationbycharacter function
"Feature description": activates the system based on the characteristics of the input
"Prototype definition":BOOL WINAPI activationbycharacter (LPCTSTR lpcharacter,
LPCTSTR Lpacitvecode,
LPCTSTR lpappname=null);
"Parameter description":lpcharacter: Feature information
Lpacitvecode : Activation Code
LPAppName: application name, if NULL (null), activates the current program
"Return value":TRUE: Activation succeeded;FALSE: Activation succeeded
"Remarks": none
4.1.4.7 activationbyfile function
"Feature description": activates the system according to the key file
"Prototype definition":BOOL WINAPI activationbyfile (LPCTSTR lpkeyfile
LPCTSTR lpappname=null);
"Parameter description":lpkeyfile: Key file name
LPAppName: application name, if NULL (null), activates the current program
"Return value":TRUE: Activation succeeded;FALSE: Activation failed
Note: The key file must include not only the calculation signature, but also the system's activation code. Because the key file can be used by multiple systems, security is not very high
4.1.4.8 Getencryptkey function
"Feature description": gets the KEY used by encryption
"Prototype definition":BOOL WINAPI getencryptkey (LPCTSTR Lppublickey,
UINT32 CbSize1,
LPCTSTR Lpprivatekey
UINT32 cbSize2);
"Parameter description":lppublickey: Public Key
cbSize1: public key length
Lpprivatekey : Private Key
CbSize2: private Key Length
"Return value":TRUE: Success;FALSE: Success
Remarks: The function needs to be disabled when it is published in the application
4.1.4.9 Setencryptkey function
"Feature description": set the KEY used for encryption
"Prototype definition":BOOL WINAPI setencryptkey (LPCTSTR Lppublickey,
UINT32 CbSize1,
LPCTSTR Lpprivatekey
UINT32 cbSize2);
"Parameter description":lppublickey: Public Key
cbSize1: public key length
Lpprivatekey : Private Key
CbSize2: private Key Length
"Return value":TRUE: Success;FALSE: Success
Remarks: The function needs to be disabled when it is published in the application
4.2 Detailed design 4.2.1 class structure diagram 4.2.1.1 general structure
"Turn" the realization of the principle of software registration code based on RSA algorithm