Secure my application
Secure my application
Secure my application
Secure my application
Secure my application
Secure my application Secure my application Secure my application Secure my application Secure my application Secure my application Secure my application Secure my application
Secure my application Secure my application
Secure my application
Go Back  Xtreme Visual Basic Talk > > > Secure my application


Reply
 
Thread Tools Display Modes
  #1  
Old 07-25-2007, 06:04 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Unhappy Secure my application


Hi everyone,
I just finish all my application written in visual basic.net with .net framework 1.1 and it works well.

But I have problem to deploy my application because it has just a .exe file and the database. I don't know how to secure for no copying application.

I think to do register or any kind of file that will be hiden in any folder of operating system and in page load of main form first to check if this file exist and if exist then to execute program or if not exist then shut down.

Pls help me
Reply With Quote
  #2  
Old 07-25-2007, 06:25 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Unhappy Secure my application

Hi everyone,
I just finish all my application written in visual basic.net with .net framework 1.1 and it works well.

But I have problem to deploy my application because it has just a .exe file and the database. I don't know how to secure for no copying application.

I think to do register or any kind of file that will be hiden in any folder of operating system and in page load of main form first to check if this file exist and if exist then to execute program or if not exist then shut down.

Pls help me
Reply With Quote
  #3  
Old 07-26-2007, 10:19 AM
MKoslof's Avatar
MKoslofSecure my application MKoslof is offline
Cum Grano Salis

Retired Moderator
* Guru *
 
Join Date: Jul 2002
Location: Baltimore, Maryland
Posts: 14,636
Default

Hi nooB:

Can you better explain what you are trying to secure? Do you want the end user to be presented with a login screen in order to use the application? Are you trying to secure any sensitive settings that might be in your app.config file if you are using one? Are you trying to secure login entry to the database?/Location of the database?

When you say "no copying" of the application, do you mean someone taking the installation folder and moving it somewhere else? Unfortunately that is very open-ended and if the user wants to copy files (because on the Windows NTFS file system, that is all these entities are, files) they can do that without issue given they permissions on the directory they want to copy to. It would be a better approach to limit running the application, since you have much more control over that - - you would be able to tell if an application was INSTALLED in a certain directory or the files were placed by some installation program, but if a user is hell-bent of moving the directory from C:\Programs Files\Blah to C:\Temp\Mine you aren't going to find a good way to stop that..without locking down the entire computer based on their AD or network account, which wouldn't be feasible.

Now if the application was installed on some shared network directory or mapped drive, maybe you could work with your network admin to verify this directory can't be viewed/edited, etc.
__________________
"Artificial Intelligence is no match for natural stupidity." ~unknown
Reply With Quote
  #4  
Old 07-26-2007, 10:48 AM
MKoslof's Avatar
MKoslofSecure my application MKoslof is offline
Cum Grano Salis

Retired Moderator
* Guru *
 
Join Date: Jul 2002
Location: Baltimore, Maryland
Posts: 14,636
Default

Also, it looks like you have posted here as well, within the Installation sub forum:

http://www.xtremevbtalk.com/showthread.php?t=286200

Which might be an overall better location...

I will have these posted merged into the installation forum.
__________________
"Artificial Intelligence is no match for natural stupidity." ~unknown
Reply With Quote
  #5  
Old 07-26-2007, 05:17 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Default

Yes but i think this is not for installation forum..
I explain that my application is running just one .exe file and nothing more.
Reply With Quote
  #6  
Old 07-26-2007, 05:26 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Default

Sorry i didn't read first your reply..
I will tell you what is my problem..
When I compile my project in bin folder has just one .exe file and one .pdb and nothing else.Now simple I can copy this .exe file in other PC and the database too and it work fine. Problem is that someone can log on in the pc and simple can just copy the .exe file of my application and can paste on another pc without problems.
I am thinking how can I do to protect from this copy...
My friends tell me to do one .dll file that will be hidden in other folder ex C:\
and when the client will run that .exe file first of all it will check if that .dll file exist in that path ...
i think it is clearer what I do to do.
Pls if you have any idea, or another help me
Reply With Quote
  #7  
Old 07-27-2007, 10:25 AM
MKoslof's Avatar
MKoslofSecure my application MKoslof is offline
Cum Grano Salis

Retired Moderator
* Guru *
 
Join Date: Jul 2002
Location: Baltimore, Maryland
Posts: 14,636
Default

Again, focus on keeping someone from RUNNING the application, not the physical location of files. Even if you use a dll, what level of effort are you going to put in so that you can "hide" the files. If a user wants to find the file and they are computer literate, they will find a way to locate the files you have put on the machine.

1) If you are using any sort of Installation program, you can write to the registry, use .Net Isolated storage or other ways to signify this application was installed in x directory, and its x version, etc. Then if the application is modified or moved, on start up the application would die, telling the user they can't run from this "foreign" directory. Again, the files might have been COPIED somewhere, but they aren't usable.

2) Use a Web Service and user name tokens stored in SQL Server. On application start up if the "application identity" credentials (up to you what they are, a GUID, self made identifier) are sent via the built in WSDL Proxy and validated...again, runtime, not physical copy and paste location.

3) Use Licensing, this is a broad topic, but you can the .Net licensing model to protect specific assemblies or your entire application, forcing a user to register there copy of the application/get a license key before running the application.
__________________
"Artificial Intelligence is no match for natural stupidity." ~unknown
Reply With Quote
  #8  
Old 07-27-2007, 11:17 AM
AtmaWeapon's Avatar
AtmaWeaponSecure my application AtmaWeapon is offline
Fabulous Florist

Forum Leader
* Guru *
 
Join Date: Feb 2004
Location: Austin, TX
Posts: 9,500
Default

Also keep in mind that large companies have spent millions if not billions of dollars on developing copy protection for software, yet methods to copy software generally exist within days of release. Vista's activation scheme was cracked before Vista was even released; if Microsoft's money and resources aren't sufficient to prevent pirating then you shouldn't expend too much effort on it. Your goal is to prevent the casual pirate from having an easy way out.

A method I favor is having a license file that simply contains the computer's hard drive ID and some private token encrypted together. This is machine-unique and cannot simply be copied. However, you must generate this value some kind of way, and a determined cracker can reverse-engineer your algorithm then produce a key generator.

Any runtime checks are somewhat moot; it is trivial to use readily available tools to determine where the licensing checks are made, remove them, then recompile. The sinister hacking tools used for this are ILDasm and notepad, both freely available. However, if your code is obfuscated and you are clever enough to check the license in every constructor, this can prove difficult enough that the casual pirate will not expend the effort.
__________________
.NET Resources
My FAQ threads | Tutor's Corner | Code Library
I would bet money 2/3 of .NET questions are already answered in one of these three places.
Reply With Quote
  #9  
Old 07-29-2007, 02:17 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Default

I found result for my problem.. Thanks to you.. I did a file from notepad, simple notepad file and i save that file on c:\\ like hidden.

On my main form load i do this:
Code:
        If IO.File.Exists("c:\blah.blah") Then
            ' Do something to the file that we found. 
        Else
            msgbox("Application is not complete,Contact me")
            Application.Exit()
        End If

Last edited by n00bb; 07-29-2007 at 08:01 PM. Reason: I found answer
Reply With Quote
  #10  
Old 07-30-2007, 01:54 PM
MKoslof's Avatar
MKoslofSecure my application MKoslof is offline
Cum Grano Salis

Retired Moderator
* Guru *
 
Join Date: Jul 2002
Location: Baltimore, Maryland
Posts: 14,636
Default

n00bb:

I'm glad you came up with a solution you deem suitable but that *really* isn't one of the recommended solution presented by Atma or myself.

If this is the implementation you want to take, I recommend NOT hard coding some hidden file path to check. At the best I guess, store the location in the app.config file and then encrypt the app config file so .Net decrypts it automatically via its built in encyrption/decryption libraries by storing the hashed key in its machine store.

While I completely don't like that option in general , it will better protect your current implementation and not force it to be hard coded within your code.
__________________
"Artificial Intelligence is no match for natural stupidity." ~unknown
Reply With Quote
  #11  
Old 07-30-2007, 06:29 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Default

Yes but the problem is that i don't know to use app.config so I just do this quickly. I suppose my project not to distribute to many peoples but just once or twice.
If you can send me any tutorial for this app.config I will be thanks to you.
Regards...
Reply With Quote
  #12  
Old 07-31-2007, 11:47 AM
MKoslof's Avatar
MKoslofSecure my application MKoslof is offline
Cum Grano Salis

Retired Moderator
* Guru *
 
Join Date: Jul 2002
Location: Baltimore, Maryland
Posts: 14,636
Default

__________________
"Artificial Intelligence is no match for natural stupidity." ~unknown
Reply With Quote
  #13  
Old 08-01-2007, 05:02 PM
n00bb n00bb is offline
Newcomer
 
Join Date: Jul 2007
Posts: 16
Default

Thanks MKoslof I will continue learning this app.config
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Advertisement:





Free Publications
The ASP.NET 2.0 Anthology
101 Essential Tips, Tricks & Hacks - Free 156 Page Preview. Learn the most practical features and best approaches for ASP.NET.
subscribe
Programmers Heaven C# School Book -Free 338 Page eBook
The Programmers Heaven C# School book covers the .NET framework and the C# language.
subscribe
Build Your Own ASP.NET 3.5 Web Site Using C# & VB, 3rd Edition - Free 219 Page Preview!
This comprehensive step-by-step guide will help get your database-driven ASP.NET web site up and running in no time..
subscribe
Secure my application
Secure my application
Secure my application Secure my application
Secure my application
Secure my application
Secure my application Secure my application Secure my application Secure my application Secure my application Secure my application Secure my application
Secure my application
Secure my application
 
Secure my application
Secure my application
 
-->