views:

218

answers:

3

The typical product activation scheme is as follows

  1. A unique serial no. is assigned to user
  2. A unique hardware id is generated for the user's machine.

On giving this info to the vendor, the vendor issues an activation code.

I would like to know how the activation code is generated and what are its contents. Also what is the general scheme once the activation code is entered in the application on users pc, like how it is decoded, stored, checked next time?

Thanks

A: 

Like Michael (Todd) commented, the methods or schemes vary with different vendors. If it's really standard, it's probably easier to 'hack', yea?

I assume your ultimate aim is to protect your software from unauthorized use?

Here are a couple of related SO posts:
How do you protect your software from illegal distribution?
Methods to stop Software Piracy ?

UPDATE:
To answer more directly to the OP's question:

I would like to know how the activation code is generated and what are its contents?
@: Can be a proprietary hashing/encryption of serial no. mashed up with user/product/date information or virtually anything else.

Also what is the general scheme once the activation code is entered in the application on users pc, like how it is decoded, stored, checked next time?
@: The software probably has the some algorithm inside that can make sense of this code to at least check for validity. Can be stored as a file, in the registry or even embedded within existing file etc etc.

o.k.w
Yes of course, I just want to know what can be the general scheme, to protect the software. Needed some ideas to get started.
Omkar
Ok, added more info to my post, please see above :)
o.k.w
A: 

A really simple way of doing this is compiling a list of the PC's relevant hardware into a string and then running an MD5 hash over it. So your string would for e.g. contain

"Pentium 4 Dual Core 3.8 GHz, HDD1: 320GB"
etc There are many free implementations of MD5 hashing in almost every language, you can do a Google search for it.

You don't say what platform you are targeting, but if you are using Windows, you can obtain the PC's hardware config by querying WMI or using Windows API calls. For example the physical memory class to look at in WMI is Win32_PhysicalMemory.

When the software is first installed, this hash is compiled, and then sent to the activation server, which sends back some corresponding code that will only match to that hash. A really simple / useless example - let's say the hardware hash is 123, and the check algorithm is that all the digits should be 9 after the hardware hash and activation code are added, the activation server would return 876. The program would add the 2 codes together and get 999, then unlock it for use.

Periodically the program will re-create the hardware hash, add it to the activation code (in my super simple example only), and make sure they still add up. If they don't the product might lock itself and insist on re-activation.

However: I highly recommend you don't use this method of copy protection. Why not?

  • Any time the user upgrades their hardware, re-installs their PC, etc, you will probably incur support costs assisting them to re-activate the software, and inconveniences the user.
  • If you ever discontinue your activation servers, the product, or close your company, you effectively shut down access for the people who paid to use the product.
  • This is pretty much turning the user's PC into a hardware dongle - which sounds like a good idea on the surface, but discourages users from buying the software

Rather I would suggest you use a hash of the registering party's name or company name, and embed that in the program in such a way that it is obvious that the program is registered to them. Yes, this technically allows them to copy the software more easily.

Bottom line is - if your software is really valuable to many people, someone will bypass your copy protection scheme, no matter how convoluted it is. Using product activation based on the hardware configuration will only aggravate the one group of people you really want to do business with - those who are basically honest and want to use your product legally. The folks who don't give a stuff about legal software will use the version where your activation scheme has been cracked.

I personally despise buying any product where there is no guarantee that I will be able to use it if I change my PC or the company shuts down. It's kind of like the recent case where people bought George Orwell's 1984 for their Kindles, and then when there was a copyright dispute, Amazon remotely deleted all the copies of this book that people had bought.

Just my 2c.

Bork Blatt