mode trial or serial number

21 Jul 2011
2 Answers
5 Views (30 days)

0 votes

is there a code that can be used for the application (gui) can function for 30 days or whether it can provide an example to make an application to embed serial numbers?

Sign in to answer this question.

Answers (2)

Jan
Jan on 21 Jul 2011

1 vote

This has been discussed repeatedly. If your program is cheap and large (< 10.000$, > 10.000 lines), P-coding is a fairly secure encryption method. Checking the date ("if now > datenum('23-Aug-2011')...") is easy to break by overloading the command NOW. "builtin('now')" is one step more secure, but even BUILTIN can be overloaded and the system clock can be manipulated also.
As next step the client computer could contact a server in the internet to check the date. But this communication can be manipulated also, therefore Walter talked of aquantum encryption. Anyhow, if your program is not too expensive (< 10.000.000$), an AES enctrypted communication should be sufficient. But then the P-coding will be the weakest point again.
This page shows some methods to create a serial number: Undocumented: ComputerID. All these numbers can be manipulated.
I assume a printed and signed non-disclosure-agreement is the best protection.

6 Comments
Show 4 older comments Hide 4 older comments

Jan
Jan on 22 Jul 2011
@Pink: The fundamental basics about protection systems:
1. You cannot get 100% security.
2. The costs for the implementation of a protection level grow with k/(100-protection level) with a certain factor k. (Remember the programmers law: The total costs will be twice as high as expected, even if this law is considered).
3. For an efficient business model it is enough to create a level of protection, which let the costs for breaking be higher than for buying.
4. Even multi-million and -billion dollar projects like the copy-protection of DVDs or famous operating systems have not been able to keep the protection for longer than a half year. Therefore my conclusion is: As soon as your computer is connected to the internet, your program protection programs are near to be broken.
4. P-coding and a checking the date locally or remotely through an encrypted internet connection are a fair trade between the costs for development and breaking the protection. I claim this produces a 60% level of security (without specifying the units and scala, of course).
5. The CodeMeter hardware dongle has not been broken until today. Unfortunately the company seems to _discuss_ the price with the customer, such that the proceedings might be too time-consuming.
pink
pink on 22 Jul 2011
I just want to learn the basics of an application protection system. is very difficult to protect an application? whether it can help to provide examples or tutorials how to protect an application, for example by trial or save a system using a serial number
Walter Roberson
Walter Roberson on 22 Jul 2011
It is very easy to protect an application badly. It is very hard to protect an application well.
Naive implementations of timed usage are trivially broken by setting the clock back on the computer.
Jan
Jan on 23 Jul 2011
@Pink: If I publish an approach here, these instructions will be useful assisence for your customer to break the protection. The fundamental principle of protection is obfuscation. In consequence my best suggestion here ist:
1. Insert this in your code:
disp('This program is license to <CUSTOMER> until 29 March 2012');
Or better: Print it in large letters in a splash screen when your program starts.
2. if (now < datenum('30-Mat-2012')), return; end
3. P-code the function.
Now I would need two minutes to break this protection, but a certain degree of criminal intent is necessary to ignore the message repeatedly.
Alternatively you can pay at least 20% of the price of your program to a professional programmer to implement a more secure version.
Walter Roberson
Walter Roberson on 24 Jul 2011
Program protection against determined attackers is a topic for a series of graduate level university courses.
Program protection against lazy unmotivated attackers is simple: just make the program so poor and useless that no-one will want to bother running it.
Jan
Jan on 24 Jul 2011
@Walter: I still do not get the feeling, that there is a scientific or professional approach for protecting important data. The magic keys are still saved in clear text in the memory, the 3DES encrypted bank transferes can be redirected by silly skimming attacs, famous software packages do still use the harddisk ID to identify a machine and the secret documents can by copied in TerraBytes from the Pentagon. Are you really sure that there is any graduate level university course and if so, where do the students go?!

Sign in to comment.

Walter Roberson
Walter Roberson on 21 Jul 2011

0 votes

What level of certainty do you need? This task is very very difficult to do robustly if the user is more than 12 km away from the server (the current practical distance limit for quantum cryptography; recently extended to 20 km in specialized optical fibres, but that is not in production yet.)

2 Comments
Show None Hide None

Jan
Jan on 21 Jul 2011
@Walter: You can create a quantum cryptography channel between the server and the client, but the transmission can be modfied between the hardware interface and the Matlab GUI. Can this gap ("the last cm") be secured? I remember the encrypted transport of HD movie signals from the Blueray player to the LCD monitor. But inside the LCD, the decrypted pixel stream must be existing physically anywhere...
pink
pink on 22 Jul 2011
I just want to learn the basics of an application protection system.

Sign in to comment.

Categories

Find more on MATLAB Compiler in Help Center and File Exchange

Tags

Asked:

pink
pink
on 21 Jul 2011

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!