nimasdj — 2014-02-24T07:22:42-05:00 — #1
I created a license key file for my product, i wrote a math formula to encode/decode it now i want to make sure if it is scure. Is here someone to try to decofe it tgat i make sure thhat my users cannot break the license?
nimasdj — 2014-02-24T14:26:55-05:00 — #2
Below is a license key I made. It contains an array of license info such as domain, ip etc. can someone try to decode it that I see if it is secure or not?
Hints: the domain for this key is: yyy.com
cpradio — 2014-02-24T14:40:59-05:00 — #3
Okay, so I'm curious, so the first thing I did was run base64_decode (twice), which leaves me with a much more complex message that looks to use mcrypt or something similar.
Am I on the right track thus far? If you are using mcrypt, it is just likely a matter of brute forcing until I get the right combination of CIPHER type and mode used (assuming yyy.com is the key).
As an aside, I am assuming your product is installed on remote hosts, so there would be some source code available to see how the key is being utilized. It would be nice to see some of that so I can properly identify how easy it is to infer some of the remaining components
nimasdj — 2014-02-24T15:21:08-05:00 — #4
Another hint: No, mcrypt is NOT used. I am not interested to use mcrypt because may be my end-user don't have it installed. I am not sure if it is widely installed on each and every server. so probably a problem for end-user.
No, yyy.com is not the key to encode this license. This is the domain that the product would be locked on with this license.
thereddevil — 2014-03-14T21:20:06-04:00 — #5
I am sorry to break your bubble, but a custom made algorithm for a license key is not really as secure, as you might believe.
Depending on how you implement it, there will be several ways to avoid it, or even break it.
In most cases you would be better off using either Zend Guard or IonCube if it is PHP, if it is another language a similar encryption system if any exists.