Thread: Request for a good protection scheme in Java
View Single Post
  #1  
Old 02-17-2014, 22:13
DaGoN DaGoN is offline
Friend
  
Join Date: Jan 2004
Posts: 45
Rept. Given: 15
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 25
Thanks Rcvd at 18 Times in 7 Posts
DaGoN Reputation: 6
Smile Request for a good protection scheme in Java
Hi to all ,
this is my scenario:
- assumptions: A .jar file with all classes signed.

Ok, i've choose the key file solution.
The key file is 'hashed' with sha-256 then the calculated hash is crypted by ECDSA algo.
My app test the genuine of key file in this way: remove crypted hash, recalculate sha-256 and then decrypt sha-256 hash and compare them.

The keygen is impossible... but remains the byte patching approach.

My request is... there is an efficent solution to avoid the byte patching?

All suggestions are accepted...

PHP Code:
key file template example:
---------
user=testuser
email=test@test.it
hwId=111-111-111
signature=%%
------------

sha-256 ECDSA encrypt

user=testuser
email=test@test.it
hwId=111-111-111
signature=%[(sha-256 <= ECDSA encrypt)]%

My apps remove signature and recalculate sha-256 hash

---------
user=testuser
email=test@test.it
hwId=111-111-111
signature=%%
------------

if(new sha-256 ==  ECDSA decrypted (sha-256))
   print "good"
else
   print "bad" 
Thanks in adv,
DaGoN
Reply With Quote