0

I have read several solutions about that. The most fitful to my need is this one. I think that what I need is something quite general.

That said I have to go deeper since I have to make a license system that works in two steps:

  1. no serial added-----> 30 DAYS FROM INSTALLATION
  2. serial added--------> X MONTHS FROM SERIAL ADD DATE

This has some practical problems. This is how I have tought to do it.

  1. Installation from setup.
    • store installation date in registry (in what hive would it be the best??? not the name of the program nor the company name)
    • store installation date in file (again where? and with what filename??)

This step has some practical problems already. I am using Excelsior installer which is a very basic installer. So it can just copy files and stop. It would be very easy to let all the job done from my C# program (e.g. if the hive in question in the registry or the file are not found) but that would mean to give the user the ability to override the system by deleting the hive or the file. So I'd still stick to find a way to do this by the installer.

------from that point and for 30 days the license is in trial mode------

  1. After 30 days the license serial is required and this information is stored in the same location as point 1.

  2. Each time the program is launched the license time is checked.

  3. Should there be a backward time jump (e.g. the user sets the date back) the license is deleted. (would that be too harsch??)

I am fully aware that this is no prevention for piracy but that is not my target. I am just searching for a system that has no evident weakness.

I have thought about storing information in registry + file so that if a registry restore is performed or the file is deleted I have one more chance to keep information.

Differently from this I won't store the username in the sha1 encrypted data (what's the purpose of this????) but the number of months the serial lasts for.

So again please just let me know if in my procedure there is something blatantly wrong or weak.

Thank you in advance.

Community
  • 1
  • 1
Patrick
  • 3,073
  • 2
  • 22
  • 60
  • 1
    SHA1 is not encryption, it's hashing. It's a very important difference. One can be reversed, the other can't (in general terms). – Sami Kuhmonen May 08 '16 at 07:39
  • Fair enough! Hashing is a part of encryption – Patrick May 08 '16 at 07:55
  • @Patrick: Not really. The relationship is more "hashing is one-way encryption" – Ben Voigt May 08 '16 at 08:02
  • 1
    BTW, it will be very surprising if your license code term counts from the unlock date, all other similar systems I've seen calculate from the purchase date, and the expiration is encoded in the license key. – Ben Voigt May 08 '16 at 08:05
  • Finally, expect the license check to be cracked. See http://stackoverflow.com/a/4532568/103167 – Ben Voigt May 08 '16 at 08:06
  • Ok thank you. Your answer would be very important to me. So I have to store: (1) Hardware information (e.g. mac address + something else) to link the serial to only one computer. (2) License owner (3) purchase date (4) license duration. – Patrick May 09 '16 at 07:26
  • That said if I store all with SHA1 can it be reversed? I'm googling but still confused. I know I need SHA1 to make it UNIQUE. But if it can be reversed it's no use. So should I go through SHA1 and then ADDITIONALLY ENCRYPT it? I mean if I only use sha1 it can be reversed as you say. And if I only encrypt it can be not unique. So I have to use both right? But which one before? – Patrick May 09 '16 at 07:29

0 Answers0