Thread: Which is Best Protection Software Add License/Key System
View Single Post
  #9  
Old 10-27-2015, 02:19
atom0s's Avatar
atom0s atom0s is offline
Family
  
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 431
Rept. Given: 26
Rept. Rcvd 130 Times in 67 Posts
Thanks Given: 54
Thanks Rcvd at 837 Times in 306 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
I'll explain it a bit better since what you are saying is not how it works in my cases.

A client application has several layers of "protection" in my scenario.
1. The client is considered a dummy/stupid client with limited functionality built into it.
2. The client is packed with any given protector(s).
3. The client requires an internet connection to work as it must validate with a remote server.
4. The client does not contain various amounts of code/functionality needed for it to run.

The user downloads the client and installs it on their machine. Afterward they must go through a process of creating a validate license/key for their system. Be it a simple login method of just a username/password, or something more involved with system specific information such as hardware ids, the application is made to be locked down to that specific system.

The user downloads the required license file(s) and places them in the required location(s).

When the user starts the client it begins its validation steps.
1. The client ensures the license file exists and is valid.
2. The client ensures the system has an internet connection and can reach the remote server.
3. The client sends specific data unique the client machine it is running on to the server.
4. The server validates the information sent and ensures the user is a valid licensed user.
5. The server sends back key data required for the client to work.
- This data could consist of a various amount of things:
-- The data could be a simple 'unlock' block of data that is required for the client to work properly.
-- The data could be a block of information that a single part of the client requires to run properly.
-- The data could be literal chunks of code / functions that are needed for the client to run properly.
-- The data could be external files that the client requires to function properly.

This data is encoded/encrypted specifically for the given user and if "copied" will not work on another machine.

The client is not a web application. It is a full installed client on the users machine that requires a server connection to stream required information back to the client in order for it to operate fully and properly.

If the client has no internet connection, the application will not work as it is missing key data/functionality.
If the client is patched to assume it validated fine, it will not work as it will be missing key data/functionality.

The only way to replay the data would be to determine all the encryption points, validation steps and so on to ensure that you can create the block of data to work properly on all machines. Is this impossible? No. But it is certainly more in-depth and involved then a single layer of protection from say, a packer/protector like Themida or similar.
Reply With Quote