All geek questions in one place

.NET LicenseProvider using RSA encryption to protect product license

I am trying to find a solid licensing scheme using Microsoft LicenseProvider. My thought is to use asynchronous encryption using RSA (RSACryptoServiceProvider with 2048-bit keys). I found this pretty simple, but I'm not sure how safe the mechanism really is. This is not for fun and requires copy protection of several products (we are talking about 100 installations) in the USA. Validity is not required.

Now I use the private key to encrypt the license file (.lic). On the client computer, the license manager checks the unique identifier of the computer for a unique identifier stored in the .lic file at run time. Since the product will have the corresponding public key, it can decrypt the file. If the identifiers match, the license is valid and the program starts.

(The BTW computer identifier is a combination: MAC address + processor serial number + hard drive serial number. Therefore, if one of these changes, the license must be updated)

It is so simple? As I see it, even if you can decrypt a .lic file, you can never encrypt it, because you do not have a private key.

Now, in addition to buying an expensive third-party solution, hacking and bypassing the licensing DLL, how safe is this idea of ​​using RSA + computerID?

(Yes, we study code obfuscation to make it better)

Thanks for the feedback!

+3
source share
3 answers

Regardless of whether you confuse the code or not, the fact is that you are not safe and can be defeated. Your licensed product scheme will only be as secure as your obfuscation.

, RSA , RSA , , . , , , JMP, , .

, "", , /. , "", . , , , . "" , , . , , .

, "", , , . , "pass-phrase", , , , /dll/whathaveyou.

, , , . , , - , , , - - .

, - , , , , , , .

, - . , , , , , Id , .

+3

. , , revesere, , revese. , engineerer , (.. , , ).

+1

( , , ) [provider].SignData([params]) [].VerifyData([params]). .

0

Source: https://habr.com/ru/post/1725608/

More articles:


All Articles