Most of the Internet Share Software registration code (also known as serial number) is not very good design, more easily be cracked to make the registration machine. The following describes a method of making a registration code using a public key algorithm (also known as an asymmetric algorithm) RSA. In this way, it is difficult to write the registration machine when you do not know the key. In fact, some software already uses this kind of method.
We all know that RSA uses a pair of keys, i.e. public and private keys, it is difficult to eject the private key from the public key, and vice versa, this difficulty is based on the difficulty of large number decomposition. The idea of using RSA to generate the shared software registration code is as follows:
1, first randomly generate a pair of public key E and private key D;
2, the software author himself to write a registration machine, the registration machine completes the work is the user name M with the private key D encryption, ciphertext C is the registration code. Because ciphertext often contains not display characters, it is best to encode the ciphertext into a display character, such as the use of Base64, Uuencode code.
Ciphertext C = (M ^ D) mod N
where ^ represents the power, MoD represents the remainder, n is the modulus of RSA.
3. The shareware will decode the registration code of the user input first (such as Base64 decoding, etc.), get ciphertext, and then use public key e to decrypt the ciphertext, get clear M ', if the plaintext and username is the same (that is, satisfy m ' = m), then the registration code is correct, otherwise it is illegal registration code. The cracker can get the public key E by tracking your software, but cannot get the private key D.
PlainText m ' = (C ^ E) mod D
There are several points to note:
1, modulus n Too short time is not safe, easy to be decomposed. With the current computational capacity, it is recommended that n take the value above 512-bit. However, the length of the registration code is also longer, which may bring inconvenience to the users. In general, we should use large number operation database to realize RSA.
2, the random generation of key pairs, to use the best possible random number generation algorithm, otherwise, n or very likely to be decomposed.
3, can also be in the register with public key E to the user name encryption to get the registration code, in the software user input to the registration code with the private key D to decrypt the user name. At this point, public key E can not take the usual 3, 65537 fixed values, or once you are guessing E, you can also write the registration machine, because at this time the cracker can be from your software to get the private key D.
4, this method is only to prevent people to write the registration machine, it can not prevent the modification of the program in the way of the jump instructions to crack your software. To prevent others from modifying your program files, you can encrypt your program code or data with a part of the registration code.
5, this method can be slightly changed to prevent genuine users to distribute the registration code, that is, the use of one-yard method, the user name to replace the user's machine hardware and software information, this hard software information should be able to only represent the user's machine, otherwise it is easy to forge.
6. After using the above method, only those who know at least one legal registration code can break the program.
Here is an example, using the Freelip (http://www.und.nodak.edu/org/crypto/crypto/numbers/programs/freelip/freelip_1.1.tar.gz) to implement RSA. The library is written in C and requires a license for commercial use.
1, the first random generation of the key pair. You can program your own random search for large primes. As an example, we use Rsatool (http://www.secretashell.com/TMG/RSATool2v15.zip) to generate parameters for 64-bit RSA:
Large prime number p = a57f2b33, large prime number q = E7c441b3, modulus n = 95d49fd119ef27a9, private key D = 76d2a6e2ac86cc99, public key E = 65537
2, the production of registration machine. The user name is encrypted with the private key D, and the resulting ciphertext is used as the registration code:
First you define the macro WIN32 (VC takes it yourself, but you need to define it in BCB), and then include the header file "Lip.h":
#ifndef WIN32
#define WIN32
#endif
#include "Lip.h"
and add "LIP.C" to project.
The ASCII code of the user name is then converted to the appropriate hexadecimal string:
Char username[] = "4E6574677579";
Char serialnumber[256];
Verylong N = 0, D = 0, M = 0, C = 0; The large number type in the Freelip is Verylong.
Zhsread (UserName, &m); Initializes the plaintext M,m equal to the user name in hexadecimal representation
Zhsread ("95d49fd119ef27a9", &n); Initialize modulus n
Zhsread ("76d2a6e2ac86cc99", &d); Initialize private key D
Zexpmod (M, D, N, &c); Compute ciphertext C = (M ^ D) mod N
Zswrite (SerialNumber, C); Writes the decimal string representation of C to SerialNumber, which is the registration code