Hi,
> I'm trying to create a registration system for a new software and I would
> like to have your opinions on the following issues.
> When you distribute your software to various sites do you provide
> registration mechanism to them?
Not unless I trust them (that's a no)
> At some point when the program checks for registration Key/File it will for
> example set a boolean variable to true. Do you do it other way?
Yes, the main points are:
-inline keychecking func
-NEVER display any alert or dialog on correct/incorrect key being
entered, this is trivial to find
-use many many function pointers in structured for keychecking. Makes
it harder to follow the code.
-If your app is 68k, do a check if it's in the simulator/emulator and
in that case always be "Registred" to make it harder to use those
tools to hack it
> Is it possible to check if my program is modified and prevent it from running?
Anything is possible :)
What Ryan suggested works, but is not too hard to circumvent. Instead
you can include RSA public key in your app's code section [preferably
obfuscated], and then sign it, storing the signature in a different
resource. Sign the app when you release. This way nobody can easily
re-sign it without having your private key. Also, do not refuse to run
if modified, and do not tell user app is modified, just run like it's
unregistered. This will have hackers chasing their tails forever. Also
when you do do the checksum, avoid doing things liek
DmGetResource('code',...). the constant 'code' will stand out in the
disassembly. Instead just do something like:
for(i = 0 ;i < DmNumResources(myApps); i++){
uint32 type;
uint16 id;
>
> --
> For information on using the ACCESS Developer Forums, or to unsubscribe,
> please see http://www.access-company.com/developers/forums/
>
--
For information on using the ACCESS Developer Forums, or to unsubscribe, please
see http://www.access-company.com/developers/forums/
