Presentation is loading. Please wait.

Presentation is loading. Please wait.

Keygens, Protection, Encryption Panel Registration Key Considerations (SIC 2001) Chris Thornton Thornsoft Development, Inc.

Published byGabriel Long Modified over 10 years ago

Similar presentations

Presentation on theme: "Keygens, Protection, Encryption Panel Registration Key Considerations (SIC 2001) Chris Thornton Thornsoft Development, Inc."— Presentation transcript:

1 Keygens, Protection, Encryption Panel Registration Key Considerations (SIC 2001) Chris Thornton Thornsoft Development, Inc. chris@thornsoft.com www.thornsoft.com/sic

2 Why use registration keys at all? Theyre so convenient! Both for us, and for the customer. –No special URLS to remember –Easy to rebuild system after system rebuild. Registered Version can be traded anyway. Will be increasingly problematic with Napster/Wrapster/Gnutella, IRC, etc., technology. (OOPS! Last years slide!)

3 Anti-Cracking The crackers will still crack you. Thats just the way it is. But if a user has to sift through 5 old non- functional keygens or published crack keys, they may decide that $20 isnt so much to ask after all! Goal: Make the crack experience less enjoyable for the crack users.

4 Techniques Sprinkling –Spread the checks into various places in the program. Time Bombs Use Message In A Bottle technique Compression / Obfuscation And….

5 Partial Key Verification Dont give the cracker enough information to build a complete key. –They can only build a keygen against what they see in the program. So, leave some of the checks out, and add them back into future releases. Each release only checks part of the key (Details on next slide) Each release of your software requires crackers to make a new keygen. Users arent impacted, as their keys have all correct digits.

6 Example of obsolete keygen.

7 The Mechanics I use If SampleKey = UserKey then Registered=True algorithm. (standard stuff) To generate the SampleKey, first, I generate 10 decoy digits, from the users name. –Ex: for i := 0 to 9 do RegKey[i] := (Ord(CleanString[i]) * 2) Mod 10; Then, in the positions that Im actually checking, I overwrite the decoys with digits generated by the actual algorithm, leaving decoys in the unchecked digits. –Ex: RegKey[7] := ((Ord(CleanString[1])*3) - Ord(CleanString[4])) Mod 10;

8 Mechanics (cont) In the previous example, the middle 5 digits are not checked. I dont check the decoys. In the next release, Ill add another digit, and take one more away. Forged keys can now be detected. Forged keys generate an error message, and invite the user to read more about the error at our web site. The target page logs their IP address, the name/key that was used, and the date/time. Future versions may not ask permission... But my customers keys, generated with all correct digits, will be just fine.

9 Reality Check 3657 visits to my naughty pirate page during the past month (June 17-July18 2001), or avg 121/day. Next version wont ask permission after 3rd violation - it will just bring up the web page automatically. Next version will shut down completely after 5th illegal use. I am considering a more friendly message and page. (honey vs. stick) I am seriously considering using stronger encryption in ClipMate 6.

Download ppt "Keygens, Protection, Encryption Panel Registration Key Considerations (SIC 2001) Chris Thornton Thornsoft Development, Inc."

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Building Secure Mashups D. K. Smetters PARC Usable.
About Contractions Phyllis Russell 5/14/02.

About Contractions Phyllis Russell 5/14/02.
MYTH vs. REALITY Top 10 myths about underage drinking Prepared February 2006 for the Maine Office of Substance Abuse by MESAP: Maines Environmental Substance.

MYTH vs. REALITY Top 10 myths about underage drinking Prepared February 2006 for the Maine Office of Substance Abuse by MESAP: Maines Environmental Substance.
EWU On-line Application Tutorial. Online Employment System Training for Eastern Washington University Applicants This presentation will take approximately.

EWU On-line Application Tutorial. Online Employment System Training for Eastern Washington University Applicants This presentation will take approximately.
Site License Considerations (SIC 99) Chris Thornton Thornsoft Development, Inc.

Site License Considerations (SIC 99) Chris Thornton Thornsoft Development, Inc.
Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.

Review Ch. 3 – Connecting to the Worlds Information © 2010, 2006 South-Western, Cengage Learning.
Chapter 10 Fine-tuning, Completing, and Publishing Your Project.

Chapter 10 Fine-tuning, Completing, and Publishing Your Project.
LeadManager™- Internet Marketing Lead Management Solution May, 2009.

LeadManager™- Internet Marketing Lead Management Solution May, 2009.
Chapter 16: Recovery System

Chapter 16: Recovery System
1 Unit & District Tools Phase 1. 2 To access the new Unit and District Tools, you will need to click on the link embedded in the MyScouting Flash page.

1 Unit & District Tools Phase 1. 2 To access the new Unit and District Tools, you will need to click on the link embedded in the MyScouting Flash page.
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Duplo Help Desk Simple user guide Click on the link in the registration email or go to www.duplohelpdesk.comwww.duplohelpdesk.com.

Duplo Help Desk Simple user guide Click on the link in the registration or go to
What is a Firewall Anyway?

What is a Firewall Anyway?
Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.

Welcome to Florida International University Online J.O.B.S. Link Applicant Tutorial.
Keygens, Protection, Encryption Panel Software Protection Methods (SIC ‘2004) Chris Thornton Thornsoft Development, Inc.

Keygens, Protection, Encryption Panel Software Protection Methods (SIC ‘2004) Chris Thornton Thornsoft Development, Inc.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Welcome to the Brookdale Community College Online Employment System Applicant Tutorial.

Welcome to the Brookdale Community College Online Employment System Applicant Tutorial.
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
A common error that appears on the copier’s screen is seen here when a scan to Sharpdesk is not sent to the computer successfully. This guide intends to.

A common error that appears on the copier’s screen is seen here when a scan to Sharpdesk is not sent to the computer successfully. This guide intends to.
1 Welcome to the Colgate University Online Employment System Applicant Tutorial.

1 Welcome to the Colgate University Online Employment System Applicant Tutorial.

Similar presentations

Ads by Google