Questions tagged [license-enforcement]
License enforcement the application of an access control policy on code, restricting the environments in which it may be executed.
47 questions
0
votes
1
answer
1k
views
How to license an offline software that automatically expired in the given amount of time? [duplicate]
Suppose I have a software which I sell to customer to use. I want to include a license that will be expired in let's say 1 year, so that customer need to renew their package.
I want to prevent the ...
- 3
0
votes
0
answers
114
views
Usage of HMACs to verify the licensing during production
We have a production that uses our software (put on a chip) and a requirement that we need to limit the amount of chips produced for each customer (so they need to buy a license) - so they can't ...
- 101
0
votes
0
answers
28
views
Is using free product key or license key safe [duplicate]
I have installed VMWare Workstation Pro from the official website. Now after the trial version has ended, I have searched for free products key on the internet. If I use these product keys, will it be ...
- 43
2
votes
1
answer
2k
views
Manufacturer-assigned hard-disk serial number as licensing ID
I'm deploying software that is licensed based on uniquely identifiable computer characteristics. I am wondering about the Manufacturer-assigned serial number of an internal fixed hard-disk.
To be ...
- 133
0
votes
2
answers
1k
views
Protect a software in offline envirement
These days I intensively read maybe all posts and topics based on software security, but I couldn't find any solution that would be acceptable for me (if there are any of them matching my requirements)...
- 109
0
votes
1
answer
224
views
How to prevent Source code excessive usage and redistribution?
We sell our code to a company that they can run our code 100 times a month. We need to do a few things before giving the code to the company.
Hide our logic (we can hide our logic by code obfuscation)...
2
votes
0
answers
535
views
DRM implementation for offline licensing
I am improving one of the DRMs that I'm using for my software, and I have a few questions about how to best implement transferable licenses for offline computers. But first, a disclaimer - I am very ...
- 121
1
vote
4
answers
235
views
Untouchable local server
We have a software that needs a connection to our servers for license management purposes. Now we have a new customer who wants to use our software on systems that don't have access to internet. So I ...
- 113
0
votes
1
answer
529
views
Server encryption, client decryption, without the client having the ability to encrypt?
Is it possible to encrypt data server side and then decrypt it client side; without the client having the ability to encrypt the data themselves after decrypting?
I'm working on a license manager ...
- 101
0
votes
1
answer
255
views
Securing Delphi application SSL traffic from decryption
I wrote a VCL app using Delphi10.2. It has a simple activation setup, encrypted key is stored in Kinvey backend. The key to decrypt the encrypted key is hidden in the source code.
Now in order to ...
- 3
39
votes
5
answers
15k
views
Is it really Security Misconfiguration to show a version number?
Our web application uses a HTML file with jQuery embedded inside.
According to the jQuery license (https://jquery.org/license/), we have to leave the license header intact, including the version ...
- 491
2
votes
1
answer
1k
views
Is anything missing in the offline software licensing plan?
I'm working on a piece of software written in VB.NET for Windows machines (mainly Windows Server). I have some understanding of cryptography and security, but I want some good old fashioned peer ...
- 123
0
votes
0
answers
172
views
What prevents the client from changing the signature in files?
From what I can tell, some software licenses work client side.
For example, when looking in to the purchased software for the first time, the server will return a software license. In order to ...
- 1
1
vote
2
answers
292
views
How secure is this schema for Online Licensing System?
I'm trying to make a good licensing system without affecting user's experience and at the same to make it as secure as possible. I know it's impossible to make it 100% secure, but I would like to make ...
0
votes
1
answer
1k
views
Key Encryption / Obfuscation
I got a GUI Program, which loads the Logic from a webserver if the entered License Key is valid.
The actual connection string I hexed and xor'd with a secret key. (which is unfortunately static)
The ...
- 119
0
votes
2
answers
144
views
Allow setting both server URL and public key - security hole?
We have a licensing system where our software, a commercial product we sell to people, contacts our licensing server when starting to get an OK to run.
It contacts our licensing URL and passes up an ...
- 513
4
votes
2
answers
1k
views
C++ binary obfuscation: how to get around license checks being a simple if/then branches?
I'm looking into binary obfuscation for an exectuable binary written in C++. I realize preventing cracks is impossible, but making it slightly harder would be nice.
No matter how complex the actual ...
- 143
1
vote
3
answers
348
views
dongle development
I am to provide a hardware+software solution. The software is an application in c++ running on windows. The hardware is motherboard+processor+disk+memory. In order to protect the solution, I need to ...
- 119
0
votes
0
answers
171
views
How strong is software licencing security based on reading the computer specs?
How strong is software license security based on reading the computer specifications such as Windows installation ID, hard disk serial number, size and so forth?
Context:
I'm researching software ...
- 109
-1
votes
2
answers
134
views
Method for verifying a product key offline when having a special build for every user?
I want the user to temporarily have full access to the software, after which a permanent license would be required.
Assuming every build has only one user (and different builds are binarically ...
- 805
3
votes
2
answers
838
views
Client-Server Authentication Security Issue
This is a repost, because i accidentialy posted on stackoverflow first
I was wondering how i could achieve a high security level, using Client-Server Authentication. Below is a rough draft of what i ...
- 33
2
votes
2
answers
380
views
DRM - Make sure that a SDK is used by the client legally
We are an IT startup which provides some clients with a Software Development Kit, which may be used by the client within a specific environment, according to some terms and legal agreement.
Especially,...
- 33
0
votes
2
answers
3k
views
Protect Node.js Server Code
Situation/Enviorment:
I have a project written which's core is an NodeJs Web- and API-Server. I'd like to sell it to multiple clients, they will host the server on their system.
Problem:
The NodeJs-...
- 101
2
votes
2
answers
1k
views
Cloning problem of VM license keys
How do software companies ensure that their product or app can only run in a given number of bare-metal or VM instances? I'm curious about the cryptography behind the scenes. What prevents a user from ...
- 665
0
votes
1
answer
207
views
secure ways to prevent access to an application by more than one person at a time?
If an application is licensed in such a way that is set up for one user, on one computer, how can I secure it?
Even if locking into one computer, how could you prevent the computer from being ...
- 907
0
votes
0
answers
457
views
Altering assembly without affecting digital signature
I have discovered a software crack where the license check assembly (.NET) has been altered but the digital signature and the strong name are both still perfectly intact.
Strong naming is easy to ...
- 202
2
votes
5
answers
2k
views
Is it secure to ship public key with license file?
I've implemented a licensing client and server for our web-applications.
Currently there is only one way for licensing an app, user should manually upload the license file using specified form and ...
- 145
2
votes
2
answers
276
views
Flaws in my proposed license verification system?
in my firm, most of the software is secured by a couple of different antiquated licensing systems. For example, after setup the user has to start another program that tells him his calculated machine ...
- 212
1
vote
2
answers
2k
views
Where is my missunderstanding in how digital signatures are used with licence files to allow program to run?
I'm trying to learn how digitally signing a licence file helps prevent piracy. For example say an application only runs if it verifies the date as specified in a licence file has not past. Obviously ...
- 10.2k
3
votes
1
answer
282
views
How to notify Adobe about a software issue
Recently, I stumbled upon a way to reset the software trial of any product under the adobe suite. It's as simple as changing some attributes within a few files. I'm assuming that it can be deemed an ...
- 55
34
votes
11
answers
59k
views
Can 'cracked' product keys harm the user in any way?
If a user download commercial software through the official, corresponding website, but use a product key which you did not legitimately purchase (e.g. websites that offer a list of product keys for ...
- 343
4
votes
2
answers
374
views
How can I generate short signatures?
I'm looking to create a licensing system, and I need a serial generation scheme. I want to sign some data with a private key and verify it with a public key embedded in the software.
I don't need ...
- 201
0
votes
1
answer
314
views
Xbox and Playstation copyright protection vs PC
AFAIK, both Xbox one and PS4 use x86 IC very similar to PC. The questions are:
1/ How can they keep those console systems protected from cracker and software privacy? What is the main method to ...
5
votes
1
answer
6k
views
Encrypting/decrypting our license key
We need to provide a license key to customers for our application. The actual license is XML but we need to encrypt it and then in our program decrypt it. I think it is the following, but am asking to ...
- 513
2
votes
2
answers
989
views
Restricting source code to domain name
I'm starting a very large project soon. It must include a licensing system.
The project will produced using PHP/Laravel/JavaScript and use many different libraries, a CMS, and a few databases.
The ...
- 21
1
vote
2
answers
3k
views
copy protection (or licensing) mechanism for an android app
I am trying to implement a copy protection (or licensing) mechanism for an android app. The app is not distributed through Google Play or other online market and instead it is distributed through ...
- 167
2
votes
2
answers
610
views
Obstacle in Implementing a Time Limited/Number of Use Limited Software
How does one implement a trial period in a product properly, e.g. a trial period that lasts 30 days, or limits the number of product uses to 10?
Storing the entries, even in an encrypted form, isn't ...
- 475
4
votes
5
answers
580
views
Should you notify software vendors that their software has been cracked?
Apologies if this is not the right place to ask this question, I will happily move it to another Stack Exchange site if need be.
Before I explain the rationale behind the question, let me clear up a ...
- 202
2
votes
1
answer
2k
views
Examples for practicing reverse engineering/disassembly of win32 .executables
I remember back in the day, there used to be a website where users would post hackits in the form of win32 exes for users to crack. Usually the goal was to defeat some sort of DRM, such as a nag ...
- 315
-3
votes
1
answer
278
views
Am I covered with GPL If I want to share open source code of project developed in my company? [closed]
I do not know if it's the right place to ask this question. But I find that this site is the closest site in the exchange sites to ask a such question.
I m working in a company and in my job contract ...
- 113
1
vote
5
answers
2k
views
Encrypt-function inside PHP code that you have to publish
If you write a PHP application, where you have to deliver the compiled code to the customer, how could you include a functionality to send encrypted data from that application to others, and include ...
- 2,390
-3
votes
1
answer
5k
views
How can police find out about criminal activity on an iPod Touch?
Higher authorities could easily find out about criminal activity - such as drug trafficking and child pornography - being conducted on a laptop simply by hacking into it or somehow seeing the history. ...
- 133
4
votes
1
answer
1k
views
The best ways to persist the license client information in the database
I develop a license server and a license client system (Java based applications).
The flow is the following:
The license is stored on the license server
The client application includes a ...
- 1,479
0
votes
3
answers
448
views
Implement server serial key for server software
Me and my friend want to sell game server-side software, but we want some sort of control, over use of that software.
For example, we want some sort of serial key system, so only verified/paid ...
- 263
8
votes
3
answers
1k
views
A safe license System
So I'm trying to think of a good way to check if the license key a user supplies for a program is legit or not.
Let's suppose this is the way they get there license
They make some type of purchase.
...
- 753
4
votes
1
answer
1k
views
Storing License Keys
I'm creating an application which generates licenses key and stores this in a database (the licenses are checked online). I don't wish to store these license unhashed, in case the database is stolen.
...
- 143
16
votes
3
answers
28k
views
License key / Serial number generator and checker
I need a serial number generator and accompanying checker. I would like to be able to set a salt (and maybe a length). The generator should only produce serial numbers that pass the test of the ...
- 261