Simple Network verification with http.get () to prevent customers from giving end-of-computer programming tutorial self-study

Starting from: Using Http.get () Simple network verification to prevent customers do not give the end of the computer computer programming introduction Tutorial self-study

http://jianma123.com/viewthread.aardio?threadid=428

To the software and network verification is often needed to use the practical features, below a simple demonstration of how to use Http.get () Simple network verification, to prevent customers from the end of the payment.

Applicable scenarios

1. Group company to a large number of employees with internal software to prevent the rumor

2. Customer-specific software in the trial version with network authentication, to prevent the end of the payment

Work process

First let the user apply for an account, the administrator in the background audit add account, each login before verifying the machine code, return the passcode for local authentication.

Application Opening Account button: the "User name/password/Machine code" is submitted to the HTTP server by Http.get () to the application form, and the administrator audits it to copy it to the pass table.

Login button: Submit "username/password/machine code/timestamp" using Http.get (), and generate the correct passcode locally based on these parameter algorithms.

After the HTTP server receives the correct passcode response output based on these parameters, the client obtains it and uses it to compare with the locally generated passcode if it is correct to log on successfully.

Advantages

Can verify the machine code;

Can verify the account number;

Can be because of the participation of the time stamp and every time the login button is to return a different passcode, the cracker if you do not know the verification principle of grasping the packet can not be used to break the local host jump, can only use OD to modify the software logic judgment, increased the difficulty of cracking.

Disadvantages

Use OD modification software logic judgment can be easily cracked (the general user or the customer does not have this ability, if someone to crack also need to pay a certain cost)

Anti-cracking

1. You can start the clock when the passcode is not correct, electronic forensics, and then a random number of seconds after the self-fallback

2. Add a variety of dark piles to prevent direct modification of judgment logic to break through the line of defense

3. Increase the loss of the cracker, the dark pile can format the hard disk to destroy the other side of the business data file What makes the other people dare not use pirated

Core source

Winform.button.oncommand =functionId,event) {Apply for account Openingvar name = Winform.editName.text;var pwd = Winform.editPwd.text;var mcode = Winform.editMcode.text;var html,errinfo,errcode = Http.get ("Http://jianma123.com:55555/?ac=reg&name=" +inet.url.encode (name) +"&pwd=" +pwd+"&mcode=" +mcode)Console.vardump (html,errinfo,errcode)}winform.button2.oncommand =functionId,event) {Landingvar name = Winform.editName.text;var pwd = Winform.editPwd.text; var mcode = Winform.editMcode.text; var tick = Time (). Getmillitime (); correct passcode = Generate passcode (mcode,tick)  "correct passcode:", the correct passcode) var Htmlstr,errinfo,errcode = Http.get ( "http://jianma123.com:55555/?ac=login&name=" +name+  "&pwd=" +pwd+ "&mcode=" +mcode+  "&tick=" +tick) console.vardump (htmlstr,errinfo,errcode) if (htmlStr== Correct passcode) {Winform.msgbox ( "Allow pass")}else {winform.msgbox ( "do not allow access, please contact the Administrator"}}           

Simple Network verification with http.get () to prevent customers from giving end-of-computer programming tutorial self-study