I know TurboPower with their OnGuard components which generates inifiles suggested you stick copies of the inifile all over the place and also use the registry. I read somewhere where someone had 6 inifiles all encryped, all with different names stuck in various windows directories. Then checked that they still existed and that they all validated.
I use double encryption for demo versions. Thus, if a hacker tries to decrypt a 31 digit character, which includes a funny formatted expiry date, and in it's encrypted form spans 2 A4 pages of garbage symbols and black blobs, they must be keen. Because they would have to double decrypt it figuring out the 2 different algorithms I used, then work out what the 31 character code means. I just keep it in the same directory as the app. If it is missing, the program won't load. If it has been tampered with, the program won't load. If the file date has changed, the program won't load. Release codes are generated for the computer that has registered the program, the encrypted demo code is deleted. Won't work on any other computer. It also takes care of client/server instances. Therefore, if someone copied the app to another computer it would not work. So forget GUIDS and the registry, it is easy enough to find out when something was added to registry and when, just like it is easy to find out what was installed on your HDD and when. Mike -----Original Message----- From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Walter Prins Sent: Tuesday, 31 May 2005 12:33 AM To: [email protected] Subject: Re: [list] RE: [delphi-en] Re: GUIDs and the registry Vahan, Programs like RegMon (http://www.sysinternals.com/ntw2k/source/regmon.shtml) makes it very easy to find things that are hidden merely by putting it in an obscure place. IE I don't think that's a very good way of protecting the app. It would be better in my humble opinion, to retrieve (for example) the Windows serial number/key and/or activation key (which should be unique per installation of Windows) at install time, and hash this in some way, and store result of the hash (the hashed value) in a standard location for your app, eg HKEY_LOCAL_MACHINE/Software/<>/ActivationKey. This way it doesn't matter if the user sees it or knows how to use regedit as they won't know what goes into the has value, nor how you calculate it. When the application starts, it can simply recalculate the hashed value and compare it to the install time value from the registry. Thus, even if the user is clever enough to copy the app and the registry tree for your application over to another PC, the new calculated hash value on the new machine will be different to the one on the original machine (due to the windows serial/key and other values being different), and thus the app won't work unless they also modify all the registration/key etc values that you use in your hash calculation to be the same as on the original machine. Since they won't know exactly what you use, that is likely to be more hassle than it's worth the average user. Good things to try and include would be: Windows Product key, Activation key (if you can find it), Network Mac address, HDD Serial number, Video card adapter ID string. etc. Cheers Walter ----------------------------------------------------- Home page: http://groups.yahoo.com/group/delphi-en/ To unsubscribe: [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/delphi-en/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
