Thoughts on Software Registration

I have previously written a registration system for shared software and gained some experience from it:

In fact, software registration does not have such requirements from the perspective of user requirements. However, due to the features of software products (easy to copy ), it is determined that the vast majority of commercial software must protect its products. The purpose of this protection is to enable users who have purchased their products to use them normally, unpurchased users can only try it out or are completely unavailable.

How to design a good RegistrationAlgorithmAnd it is not easy to prevent hacker cracking. I suggest using complex algorithms such as MD5 and DES as much as possible and calling them more than once, add a custom encryption function with a classic reversible algorithm such as CRC and base64. As a result, I can ensure that the attacker cannot easily write the software registration machine.

The registration system should be a solid system. Of course, the most basic point is that clear Code cannot be displayed when judging whether the registration code is correct. Many software is cracked like this. If you notice that the registration algorithm should be a symmetric algorithm, this problem does not exist, because you do not need to know the real registration code to determine whether the user entered the registration code is correct. Of course, it is not easy to design such an algorithm, but I think that for users, the registration code is the registration code, a credential for legal use of software, but for software, the registration code is not only a registration code, but also contains more information, such as software logos and user logos.

Of course, after the registration algorithm is designed, you should pay attention to several issues when applying it to the interface. when calling the registration part of the interface for judgment, the registration-relatedCodeThe string in should be encrypted in some form, which will not prevent the software from being cracked, but at least increase the time for the hacker to crack.

After the complexity of the algorithm is ensured to ensure the security of the algorithm, we also need to make some traps to capture the attempt of the hacker. From the perspective of the attacker, if the software registration algorithm cannot be analyzed, another solution is the so-called brute-force attack.
Therefore, software designers should try their best to set multiple judgment and registration conditions, so that hackers need to crack multiple codes .. Of course, the registration algorithm has a key function, that is, to judge whether the registration code is correct or whether it has been registered. This requires some skills to prevent these key functions from being cracked, such: the registration system should have the anti-cracking function, that is, it can detect whether the registered function works normally. If not, it can enable the backup function or set the failure flag. You can also add additional registration check code and execute the Code only when certain conditions (such as the number of software executions and the time when the software is used) are met, this is because the attacker often starts cracking when the software is installed. If there is no exception after the cracking, the cracking is successful in general. But after the release, after a user uses the software for a period of time, the software cannot be used normally after the conditions are met and the added registration check code is executed.

The following describes how to save registration-related information. It is usually stored in the registry and INI files. There are also some techniques, such as constructing a false clsid; it can also be encrypted and stored in a binary file;

I have an idea that the modification time of a file is used to store some information, because the user usually does not pay attention to the time information of the file, but the time allowed by the file is limited, however, it is feasible to store the file's own check value.

In addition, we introduced passive anti-cracking and active anti-cracking. For example, we checked the parent process during runtime and checked whether the software was running, such as ollydbg, w32dasm, dede, etc. However, when adding the code, you must ensure thatProgramRunning properly on different operating systems

Of course, a good software author should not focus on how to prevent users from using the software illegally, but should also actively listen to users' opinions, actively modify software to better meet various user needs.

It took me a noon break to write such a paragraph, which is a summary of my previous work.