The problem with your method is that all a cracker has to do is recompile your app and replace one bit in your code: the return value to your question: is my ini file uncompromised? Then when your routine comes back claiming the file has been comprimised, that is the right answer and your app loads!
DJS --- Mike Lucek <[EMAIL PROTECTED]> wrote: > I know TurboPower with their OnGuard components > which generates inifiles > suggested you stick copies of the inifile all over > the place and also use > the registry. I read somewhere where someone had 6 > inifiles all encryped, > all with different names stuck in various windows > directories. Then checked > that they still existed and that they all validated. > > I use double encryption for demo versions. Thus, if > a hacker tries to > decrypt a 31 digit character, which includes a funny > formatted expiry date, > and in it's encrypted form spans 2 A4 pages of > garbage symbols and black > blobs, they must be keen. Because they would have to > double decrypt it > figuring out the 2 different algorithms I used, then > work out what the 31 > character code means. I just keep it in the same > directory as the app. If it > is missing, the program won't load. If it has been > tampered with, the > program won't load. If the file date has changed, > the program won't load. > Release codes are generated for the computer that > has registered the > program, the encrypted demo code is deleted. Won't > work on any other > computer. It also takes care of client/server > instances. Therefore, if > someone copied the app to another computer it would > not work. > > So forget GUIDS and the registry, it is easy enough > to find out when > something was added to registry and when, just like > it is easy to find out > what was installed on your HDD and when. > > > Mike > > > > > -----Original Message----- > From: [email protected] > [mailto:[EMAIL PROTECTED] On Behalf > Of Walter Prins > Sent: Tuesday, 31 May 2005 12:33 AM > To: [email protected] > Subject: Re: [list] RE: [delphi-en] Re: GUIDs and > the registry > > Vahan, > > Programs like RegMon > (http://www.sysinternals.com/ntw2k/source/regmon.shtml) > > makes it very easy to find things that are hidden > merely by putting it in an > > obscure place. IE I don't think that's a very good > way of protecting the > app. It would be better in my humble opinion, to > retrieve (for example) the > > Windows serial number/key and/or activation key > (which should be unique per > installation of Windows) at install time, and hash > this in some way, and > store result of the hash (the hashed value) in a > standard location for your > app, eg > HKEY_LOCAL_MACHINE/Software/<>/ActivationKey. This > way it doesn't > matter if the user sees it or knows how to use > regedit as they won't know > what goes into the has value, nor how you calculate > it. > > When the application starts, it can simply > recalculate the hashed value and > compare it to the install time value from the > registry. Thus, even if the > user is clever enough to copy the app and the > registry tree for your > application over to another PC, the new calculated > hash value on the new > machine will be different to the one on the original > machine (due to the > windows serial/key and other values being > different), and thus the app won't > > work unless they also modify all the > registration/key etc values that you > use in your hash calculation to be the same as on > the original machine. > Since they won't know exactly what you use, that is > likely to be more hassle > > than it's worth the average user. Good things to try > and include would be: > Windows Product key, Activation key (if you can find > it), Network Mac > address, HDD Serial number, Video card adapter ID > string. etc. > > Cheers > > Walter > > > > > > > __________________________________ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html ----------------------------------------------------- Home page: http://groups.yahoo.com/group/delphi-en/ To unsubscribe: [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/delphi-en/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
