Secure a DLL file with a license file [closed]
https://stackoverflow.com/questions/106347
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What is the best way to secure the use/loading of a DLL with a license file?
Solution
A couple of things you might want to consider:
Check sum the DLL. Using a cryptographic hash function, you can store this inside the license file or inside the DLL. This provides a verification method to determined if my original DLL file is unhacked, or if it is the license file for this DLL. A few simple byte swapping techniques can quickly take your hash function off the beaten track (and thus not easy to reproduce).
Don't store you hash as a string, split it into unsigned shorts in different places.
As Larry said, a MAC address is fairly common. There are lots of examples of how to get that on The Code Project, but be aware it's easy to fake these days.
My suggestion, should be use private/public keys for license generation.
In short, modes of attack will be binary (modify the instructions of your DLL file) so protect against this, or key generation so make each license user, machine, and even the install specific.
OTHER TIPS
You can check for a license inside of DllMain() and die if it's not found.
It also depends on how your license algorithm works. I'd suggest you look into using something like a Diffie–Hellman key exchange (or even RSA) to generate some sort of public/private key that can be passed to your users, based on some information.
(Depending on the application, I know of one case where I wrote the license code on contract for a company, they used a MAC address, and some other data, hashed it, and encrypted the hash, giving them the "key value", if the registration number was correct). This ensures that the key file can't be moved, (or given) to another machine, thus 'stealing' the software.
If you want to dig deeper and avoid hackers, that's a whole 'nother topic....
