What is the best way to secure the use/loading of a DLL with a license file?
+2
A:
You can check for a license inside of DllMain() and die if it's not found.
Cody Brocious
2008-09-19 23:21:54
DO read up on what you are allowed to do in DllMain, it's not much!
MSalters
2008-09-21 23:11:15
A:
It also depends on how your license algorithm works. I'd suggest you look into using something like a Diffie/Helman Key Exchange (or even RSA) to generate some sort of public/private key that can be passed to your users, based on some information. (Depending on the application, I know of one case where I wrote the license code on contract for a company, they used a MAC address, and some other data, hashed it, and encrypted the hash, giving them the "key value", if the registration number was correct). This ensures that the key file can't be moved, (or given) to another machine, thus 'stealing' the software.
If you want to dig deeper and avoid hackers, that's a whole 'nother topic....
LarryF
2008-09-20 07:06:21
+3
A:
Couple of things you might want to consider -
Check sum the DLL, using cryptographic hash function, you can store this inside the license file or inside the DLL, this provides a verification method is this my original DLL unhacked, or is the license file for this DLL. A few simple byte swapping techniques can quickly take your hash function of the beaten track (thus not easy to reproduce).
Don't store you hash as a string, split it into unsigned shorts in different places.
As Larry said MAC address is fairly common lots of examples how to get that on CodeProject, but be aware its easy to fake these days.
My suggestion, should be use private/public key for license generation.
In short, modes of attack will be binary (modify the instructions of your DLL) so protect against this, or key generation so make each license user, machine, even install specific.
titanae
2008-09-20 07:21:43