Poor man serial number generation scheme, part 2

Question

This is continuation to my previous question here:

Poor man serial number generation scheme

Let's say I have generated private / public key pair, but I want to save private key within registered application itself - for example by generating .c code which contains only data (public and private key parts).

Of course it's risky solution - since if hacker extracts private key from application - he can create licenses by himself.

But this is "poor man solution", so I want everything to be in one application - private and public keys - so registration form would be also serial number generation dialog.

So I want to place private key inside application, but to protect it with some password, which only I know about.

So by entering serial number - in first pass we try to match against particular hardware (verify signature), but if that one does not succeeds, we try to check if end-user is "administrator" (or serial number generation person).

What would be best two-way encrypting algorithm , which will use password as an input and would be tolerant to brute force attacks ?

I guess "administrator password" should be reliable enough, not to be easily guessable (not listed in any well known brute-force hack dictionaries).

Also it would be good to store password in registry / or at least in encrypted form. May be makes sense to password === sha-1 hash ===> 20 bytes hash - store it in registry ("administrator password"), and then to use hash to encrypt private key.

Same issue as in previous question - As a base I would prefer to use plain C or C++ (not C#), preferably Windows / wincrypt.h or any existing plain C source code (Preferably not huge 3-rd party libraries).

And how will your password mechanism work, may I ask, so that the key can't be stolen? — TNW, Feb 25 '16 at 14:31
I will probably rely on that my pc is secured and no third party hackers can access it. Also not distribute my password to anyone except myself. If security is penetrated - I can change private / public keys in new version and distribute new serial numbers to interested people. — TarmoPikaro, Feb 25 '16 at 14:35
I don't mean that. If you need your clients to have your private key, even encrypted, that means they might want to use it (unless you want to distribute it, so not to lose it). If you want them to use it, assume that they will have access to it, no matter what you do (unless we're messing with hardware based trusted execution platforms and such). That, or I'm missing the point entirely. What do you want to achieve as the final result? — TNW, Feb 25 '16 at 14:39
Client's will not use private key of course - because they are not "serial number generators" or "administrators". Only I will use private key. Public key will be distributed with application and will be used to verify "signature" of serial number. — TarmoPikaro, Feb 25 '16 at 14:41
So why would clients have private key in application, even encrypted? And what's the big picture? It seems you're going towards [XY problem](http://mywiki.wooledge.org/XyProblem) quickly. — TNW, Feb 25 '16 at 15:12
I guess simplest case to use - you come to testing team or to someone you trust your serial number generator. You don't have licensing application with you, or you don't have your pc with you - but you want to license that application for use. Simplest way to register application on tester's computer - is simply to type password, and license application by yourself. May be after registering you can remove "administrator rights" again. But of course that remote computer is something you should be able to trust (no keylogger software). So simplicity to use is my target. — TarmoPikaro, Feb 25 '16 at 15:17
The raison d'etre of public key signature/encryption is to separate the signing/encryption and verification/decryption. If you're going to be doing both at the same place anyway, there are easier ways to do what you wanted to do for the same security and without the complexity of public key cryptography. — Lie Ryan, Feb 25 '16 at 15:21
May be you can create me some simple to use serial number generation scheme ? So it looks like you're proposing something, but I don't see a exact proposal here. — TarmoPikaro, Feb 25 '16 at 15:24
So typically you create two applications: One - license / serial number generation application, one - normal application being licensed. And then all that playing around with licenses, serial keys, and so on. Simple means that no separate mail or question for licenses does not needs to be sent. You can license application right away on end-user desktop. — TarmoPikaro, Feb 25 '16 at 15:29

score 0 · Answer 1 · edited May 23 '17 at 11:54

0

Posted answer to this in here:

Poor man serial number generation scheme

In my own prototype I'm using RC4 stream encryption algorithm for two way encryption.

Is it reliable ? Can someone crack it ?!

edited May 23 '17 at 11:54

Community

1
1

answered Mar 05 '16 at 22:10

TarmoPikaro

4,723
2
50
62

Apparently, RC4 is deprecated as it is believed to be breakable. See: https://en.wikipedia.org/wiki/RC4 It is being removed from TLS. The wiki has a number of links that may help. Perhaps, Rivest's "Spritz" may be your answer – Craig Estey Mar 05 '16 at 22:47
Somehow I've guessed that one - I'm not security expert, that's why I've posted this question here. Perhaps you can recommend me reliable encrypt / decrypt security algorithm - what I have checked from wincrypt.h - there are quite many different algorithms supported - I need to select one of them: CALG_DES,CALG_3DES_112,CALG_3DES,CALG_DESX,CALG_RC2,CALG_SKIPJACK,CALG_TEK,CALG_CYLINK_MEK,CALG_SSL3_MASTER,CALG_SCHANNEL_MASTER_HASH,CALG_SCHANNEL_MAC_KEY,CALG_SCHANNEL_ENC_KEY,CALG_PCT1_MASTER,CALG_SSL2_MASTER,CALG_TLS1_MASTER,CALG_RC5,CALG_AES_128,CALG_AES_192,CALG_AES_256,CALG_AES – TarmoPikaro Mar 06 '16 at 08:02

score 0 · Answer 2 · answered Mar 07 '16 at 00:45

Caveats:

This is less of an answer to the direct question about a given encryption algorithm, but more about your overall goal, based upon your two posted questions and answers and comments.
While I follow software security issues generally, I'm not an expert, so take anything I say herein accordingly.

You're trying to protect your software. That is, what you're looking for is a way to implement a licensing scheme.

What you need [and hopefully have], but did not post is a functional/design specification for this. The two way encryption is but a part of this.

You aren't the first person to need this. There are already schemes to do this. I'd recommend using an existing solution. There is probably a public/free open source version.

You talked about email and registration form and cut-and-paste but didn't detail how that works. Nor did you mention how this interacts with your application. Do you register with a web browser or have the app present a registration dialog?

I'm guessing that you have a user enter an email address into a form. Then, your server will send back an email with some special code [e.g. that is valid for 15 minutes] that the user must enter to complete registration to prove the email is valid, along with the system identity information.

You mentioned that the cut-and-paste is the limiting factor. But, IMO, it isn't really as you could put the key in a MIME encoded attachment and have the user save it to a file. The registration form could then upload this file. Even a lengthy value that is (e.g. 10 lines of 72 chars / line) will still fit inside a clipboard.

You gather [hopefully] unique identifying information about the client system. The CPU serial number is now 0 on most post pentium-III processors [unless enabled in the BIOS]. But, other CPUID parts may provide some uniqueness. The Ethernet MAC address is unique, but many NICs allow it to be changed in software. A disk serial number isn't a good choice [IMO] because disks have the highest failure rate and need to be replaced over time.

But, let's assume you can gather enough information from the above sources [and maybe some others] to get a "system ID". You can concatenate this with other stuff like username, etc. You can run this through a one way hash like sha1 [or whatever] if you choose. So, now, you've got an "system identity". Save that somewhere (e.g. file or registry)

But, storing the private key in the app [or anywhere on the client system] is a non-starter, IMO. You only need this during the generation phase.

So, have the registration process send the system identity to a private server that you control (e.g. Amazon EC2). The server encrypts/signs [using public/private key crypto like RSA] the system identity and sends back the public key and the "signed result". These get stored.

The verification for any app is to regather the system identity information, apply the algorithm with it and the public key. It should match the signed result.

This eliminates the need to store the private key with the app, keep it encrypted with a password that uses RC4 [or equiv]. This eliminates complexity that just served to weaken your protection in the first place.

I'm a bit confused about the "system administrator" or "serial license generation person". If that's not you [or your server], then it implies you're going to give out OEM contracts and the local admin can generate licenses for a given subset of systems under this control. So, you'll need an OEM key [that gets sent to your server] to allow multiple licenses to be generated.

Now, the bad news.

Any software licensing scheme is [easily] breakable. In the app, no matter how complex [or simple] the verification algorithm is, it boils down to a [or multiple] go/nogo tests. That is, something like:

#include <stdlib.h>

int user_authorized(void);
void run_program();

int
main(void)
{

    if (! user_authorized())
        abort();

    run_program();

    return 0;
}

This translates to:

    .globl  main
main:
    subq    $8, %rsp
    call    user_authorized
    testl   %eax, %eax
    je      .L5                         # change this to a nop
    xorl    %eax, %eax
    call    run_program
    xorl    %eax, %eax
    addq    $8, %rsp
    ret
.L5:
    call    abort

Notice the je .L5 to abort the program. If the program is patched to change this instruction to nop, the license test "passes", regardless of what user_authorized does.

This can be repeated for as many security checks as the program has.

Security is a relative term. A $50 app doesn't need as much protection as one that sells for $500,000 (e.g. some CAD/CAE programs from Xilinx).

Take a leaf from Microsoft's playbook. They present a "licensing" dialog that you must accept (i.e. "shrink wrap"). One must accept the agreement. It prohibits reverse engineering, etc. This gives you legal cover. Consult an attorney on this.

This is, in addition to, whatever software scheme you ultimately decide on.

I had some vision how to proceed, but after I've coded it - I've got full understanding - may be you can also check my current idea of how to manage serial numbers in here: http://stackoverflow.com/questions/35626119/poor-man-serial-number-generation-scheme I haven't seen any open code alternative. Mostly I was talking about pc application, not web server / http form. You're right about copy-paste of any key size, but shorter is simpler. I've used network card mac address as a base for unique hardware id. — TarmoPikaro, Mar 07 '16 at 21:35
Storing private key within application itself is risky indeed, but then you don't accidentally loose it. What I was driving at - is usability. You come, type password and voila - application is licensed. Like I've also mentioned about anti-hacker protection - code is not protected against nop / jmps kind of replacement, but sometimes you can just let them hack. Probably most reliable scheme would be network based licensing, then you won't miss any copy of your software. — TarmoPikaro, Mar 07 '16 at 21:42
Even thus you cannot do anything about jmps/nop assembler cracking - this kind of cracking typically needs analyzing assembly code, and it's highly version specific. That's why most of cracking tools preferably create key gens instead of cracking - key gens are application version independent. By this solution I'm trying to protect against making key generators. — TarmoPikaro, Mar 07 '16 at 21:54

Poor man serial number generation scheme, part 2

2 Answers2

Linked