.NET MD5 Checksum

Question

I'm creating a modular desktop application with agile licensing in a database. I have several ways of preventing hackers from using the application and I want to implement more.

I thought about having the software create its own MD5 checksum and the MD5 checksum of its plugins and then running it against the database to make sure no one has tampered with it.

Would this be a good idea?

The only cons I see is that I'd have to update the database with checksums of the current versions of all the plugins which may be fruitless in the long run having to do this every time there's a version increment. Another con would be the ability of the hacker to intercept the packages or just feed the client what it wants to hear to make it functional.

What do you think?

Thanks for your time!

Answer 1

Another con would be the ability of the hacker to intercept the packages or just feed the client what it wants to hear to make it functional.

That's exactly the problem. If you can tamper with it enough to invalidate the hash, you can easily tamper with it enough to return the valid hash.

My philosophy is:

• With a little effort you can keep "naturally honest" people honest; very minimal licensing code is required for this.
• It can take a lot of effort to even deter those who really want to get around whatever licensing you put in place. The games industry spends a fortune on this, and still seems to suffer enormously from piracy.

I'd spend your time making your product so good that people will want to pay you for it rather than wasting the money of people who are paying you for it: they're effectively paying for a "feature" that doesn't help them do their work any faster.