Log in

View Full Version : Correctly stated question gives the true answer...

banshee
April 15th, 2003, 14:52
One thing I want to discuss: is there any way to make unreversable serial number protection? I mean not uncrackable, cos there is always possibility to change je->jne, but unable to keygen. Usually process of serial check seems like that two parts must be equal:
1. entered serial = f(some magic) or
2. some magic = f(entered serial)
3. or like that (entered serial)^(some magic1) = (some magic2), where ^- some operation
The first way is more stupid cos by changing some bytes reverser gets keygenerator built-in in the main application. Last two ways are similar, I think, and the leak of that scheme that developer of protection has to generate true serial himself. That makes f reversable:
true serial = f`(some magic)
Of course he can make that f very complicated, but finally it will be reversed just because it is reversable by definition
My question is: anyone has an idea to solve that problem and create unbreakable serial check? May be I can't see the simplest way, just point me.
r4g3
April 15th, 2003, 15:12
ye.
runtime code decryption using asymetric cipher
dELTA
April 15th, 2003, 15:28
Yes, as r4g3 says (although in very few words ), the best way to do this is to use asymmetric cryptography (like for example RSA).

Example:

Software publisher does this:

Code:


X = encrypt_with_key1(secret_value + salt)


Program does this:

Code:


Y = decrypt_with_key2(X)

if ( <Y == secret value + some salt>

{

   <license is valid>

}

else

{

   <bad cracker>

}

Where key1/key2 is the asymmetric key-pair, and X is the "serial" that is given to the customer. Key1 is kept secret by the publisher (in his keygen), and key2 is embedded in the application. Salt can contain any data, e.g. info about the current licensee and such.

Please note that this is a very simple and schematic example.

This scheme is impossible to keygen without breaking the crypto itself.

dELTA
banshee
April 15th, 2003, 15:45
Thanks guys!
Yee, it was very simple. I had dim ideas about that assymmetric cryptography and you perfectly described everything that I couldn't get clear for myself. Thank you.
There is only one question remains: why every developer doesn't use that method?
dELTA
April 15th, 2003, 15:50
First of all, because they don't know jack shit about such things.

Second of all, because most asymmetric crypto algorithms are quite hard to implement for most people (requiring bignum-libraries, a brain, and other such rarities ).

dELTA