Reputation: 3077
Creating license key in a numbered format question
I've made a cocoa mac application which needs to check if a serial number/license key is correct, i'm unsure what type of algorithms would be the best for this.
Lets say i have this serial number: 4829-1234-4321-1234-4326-5232 or any set of 4 numbers. I was thinking about using an algorithm like if the first set of the license key is divisible by 5, second by 10, third by 24.... but i'm not sure if this is the best way to go about it.
I would also need to generate the keys in PHP.
Any help is appreciated
Upvotes: 2
Views: 1535
Answers (3)
Reputation: 46020
Do not attempt to build a serial number system from scratch without using public key cryptography. It will be child's play to crack it and create a keygen, no matter how convoluted you think your algorithm is.
I recommend the Aquatic Prime library which uses public-key encryption. You should use the Core Foundation C-based version of the library rather than the Objective-C library as Obj-C is ridiculously easy to bypass. You should also statically link to the code rather than using a separate framework. Note that Aquatic Prime is not a complete solution and does not deal with obfuscating the license checks in your code.
It's very important that you don't create a single Objective-C method named something like ‑isRegistered and returning a BOOL. This is trivial to crack.
Instead, use several different C functions (preferably macros) that are scattered throughout your code and that check different aspects of the registration code. For instance, you should check that an invalid code fails your registration test to ensure that your code has not been modified. You can also create a checksum of your app's binary and test that to ensure that it hasn't been patched.
There are many other methods that you can use to make your registration checking code more robust. I recommend searching the archives of the MacSB Yahoo group which are full of information about this topic.
Upvotes: 5
Reputation: 64002
The general idea I've heard is using public-key cryptography.
You generate a key pair, and put one of the keys into your application; the other is your private key. You collect a bit of information from a licensee, such as name and email address. You hash that, and encrypt the hash with your private key, then send the encrypted result to the licensee as the license code.
The licensee is prompted by your application to enter the same information that you collected, along with the code. Now your application simply uses the key embedded in it (the "public" key) to decrypt the code, which retrieves the hash; performs a hash on the name and email; and compares the two results. If they match, the code is valid (or the person got awfully lucky).
Allan Odgaard did a swell writeup that should walk you through everything you need to do: SIGPIPE 13: OpenSSL for License Keys
(Hope I'm not misunderstanding the question.)
Upvotes: 1
Reputation: 2472
There are a number of options available in this arena. One option I would consider is implementing partial serial number verification (http://www.brandonstaggs.com/2007/07/26/implementing-a-partial-serial-number-verification-system-in-delphi/) The link is written for Delphi developers but the concept is a good one and can be implemented in any language.
Upvotes: 4
Related Questions
- Serial generation with PHP
- PHP Convert a string primary key to a number representation
- Ioncube with license key (not license file)
- PHP - generate serial number
- How do I generate a serial number (registration number)?
- Generate machine-specific key for Mac
- How to encrypt data in objective-c using a public key generated from php script
- Generate a unique string
- Creating mac software activation
- Problems with the PHP script to generate the licenses in Aquatic Prime