Hello everyone!
I want to add a licence expiration feature in my application (written in visual c++).
When the licence expires i would like my application to generate a random numerical key which will be sent to me by the user.

Using this key and a personal key-generator i would like to send back to the user an activation code.
The key/activation-code combination should not be stored anywhere in either sides. They must be as random as they can get.
The user should not need any kind of internet connectivity (my previous activation was web-based and i want to remove it).

What kind of algorithm can i use?
I would like some guidelines or any links to useful information if available.

I am not looking anything that is related on how i could "lock" my application with third party software or anything that has to do with hardware serial numbers etc...

Thanks in advance!

How can your application send you anything without some form of internet activity?

Sorry i didn't make that clear.
The user is responsible of sending me the key via phone, sms or even email but this has nothing to do with the application. The machine on which the application runs could have no internet access.

I'll try to break it down.

Let's say you gave me a key number like 584663214796.
And this number contains a "hidden" information of how we both should compute the activation number. So i calculate it using my private app, and send it back to you.
You compare the number i sent you with your calculation and if they match.. licence is updated.

Hello everyone!
I want to add a licence expiration feature in my application (written in visual c++).
When the licence expires i would like my application to generate a random numerical key which will be sent to me by the user.

Using this key and a personal key-generator i would like to send back to the user an activation code.
The key/activation-code combination should not be stored anywhere in either sides. They must be as random as they can get.
The user should not need any kind of internet connectivity (my previous activation was web-based and i want to remove it).

What kind of algorithm can i use?
I would like some guidelines or any links to useful information if available.

I am not looking anything that is related on how i could "lock" my application with third party software or anything that has to do with hardware serial numbers etc...

Thanks in advance!

There are many algorithms you could use--in fact any reasonable homebrew algorithm would suffice. A common way is to alter a randomly generated number based on the customer's name. So if the client program generates "923024903113993" and they enter a name of "Shabba", you could use that name to come up with a completely different looking number.

You could, for example, rotate bits based on the numerical representation of each individual letter in their name. Cast each individual char of the string to an int and perform circular rotate left or right that many times on the number. If you wanted to mix it up, you could rotate left for the first char, right on the second, left on the third, and so on.

Before you do this, you may want to XOR the bits with some bit pattern, perhaps based on their name as well, or just 10101010101010101. The reason for this is, if by some fluke the random number generated is some 2^n-1, it ends up being 1111111111111 and any rotating will simply result in the same number--which would suck.

Anyway, after you make this new number, you send it back. Then their client code performs the same rotates and XOR (you can either reverse the process on your number, or perform the original process on theirs), and if the number it comes up with based on the original number matches the one you sent to them (or vice-versa), then success. Of course, that means that the algorithm must be present on their computer as well, and can be revealed by all sorts of decompiling methods and memory watching softwares. But that's the problem with all software--it's no coincidence that hackers have made key generators for almost every popular software that uses this method, often with cool techno music to accompany it.

Well that's what i was looking for!
I've never implemented anything like that so this guide is definetely a useful starting point!

In fact, i already made an algorithm using bitwise calculations on paper.
:)

... often with cool techno music to accompany it.

Still laughing!!!Hahaa!!Btw why do they always do that??

One last question...
I would like to "include" the days of the new licence in the activation key.
Is it too obvious if i place for example 50 days of licence like this:

Key : 923024903113993
Activation : 92302490(50)3113993

of course without the parenthesis!!
:)

Thank you very much!

Well that's what i was looking for!
I've never implemented anything like that so this guide is definetely a useful starting point!

In fact, i already made an algorithm using bitwise calculations on paper.
:)


Still laughing!!!Hahaa!!Btw why do they always do that??

One last question...
I would like to "include" the days of the new licence in the activation key.
Is it too obvious if i place for example 50 days of licence like this:

Key : 923024903113993
Activation : 92302490(50)3113993

of course without the parenthesis!!
:)

Thank you very much!

I think sending the number of days back in the activation key is not very secure. If you conceal it in some dummy digits of the activation key then all a person would have to do is tinker with it and get different results. That would be about as secure as a metroid code for the nintendo. You might be able to come up with a clever way to do this more securely but I think it would be easier to alter the original random number generated on their side, based on how many days of license they type in that they're buying. For example, if you sell a 50 day license and a 360 day license, you could have two very large prime numbers for each. Multiply the original random number by this prime number. Then after you verify that the key is valid, check to see if the key is divisible by these prime numbers, whichever mod returns 0, that's the license they get.

easier still (and much more secure) to just buy one of the plethora of available commercial products to handle license key generation and distribution...

Since my licences are 4 : 15, 30, 60 and 90 days i think that i could bitshift the Activation key by 3, 6, 9 and 12 digits respectively and provide a tottaly different key which includes the days of licence.

The client side algorithm will try the four bitshift operations and compare the resulted keys with the original activation key wich includes no licence days.

The shift operation that succeeds will provide also the days of licence.

I think that this level of security is pretty enough for the licence days, since in any way, the number of days could not be more than 90.
The worst that could happen is that a given licence of 15 days will be "hacked" and give the client 90 days.

Well good luck hackers!
:)

Thanks again Greywolf333

easier still (and much more secure) to just buy one of the plethora of available commercial products to handle license key generation and distribution...

Unfortunately this is not an option. I already have a USB dongle in order to lock the application and buying also another type of commercial security product would raise the cost too much.

And it's a lot more fun having to do this on your own!
Either way if someone wants it really bad, he will "crack" it.
:)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.