How to make a key for program selling?

  • (2 Pages)
  • +
  • 1
  • 2

21 Replies - 1320 Views - Last Post: 22 February 2019 - 12:42 PM

#1 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

How to make a key for program selling?

Posted 25 January 2019 - 08:43 AM

I participate in a small startup. We decided to monetize the game by selling licenses. And so I have a question about creating license keys. How do you create keys? How to avoid handing over keys to others?
Is This A Good Question/Topic? 1
  • +

Replies To: How to make a key for program selling?

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14854
  • View blog
  • Posts: 59,270
  • Joined: 12-June 08

Re: How to make a key for program selling?

Posted 25 January 2019 - 08:46 AM

I would recommend looking at a third party company who has a commerical, off the shelf, product already and _NOT_ try to roll your own.
Was This Post Helpful? 1
  • +
  • -

#3 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 25 January 2019 - 09:38 AM

View Postmodi123_1, on 25 January 2019 - 08:46 AM, said:

I would recommend looking at a third party company who has a commerical, off the shelf, product already and _NOT_ try to roll your own.

I have not found any developments that could be reused. Probably you are right
Was This Post Helpful? 0
  • +
  • -

#4 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 28 January 2019 - 08:48 AM

What could you advise? What companies, programs?
Was This Post Helpful? 0
  • +
  • -

#5 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14854
  • View blog
  • Posts: 59,270
  • Joined: 12-June 08

Re: How to make a key for program selling?

Posted 28 January 2019 - 09:02 AM

You would have to do you own research for that.
Was This Post Helpful? 0
  • +
  • -

#6 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6765
  • View blog
  • Posts: 23,069
  • Joined: 05-May 12

Re: How to make a key for program selling?

Posted 29 January 2019 - 01:37 PM

Moving out of C# since this is not language specific...
Was This Post Helpful? 0
  • +
  • -

#7 Sheepings   User is offline

  • Senior Programmer
  • member icon

Reputation: 201
  • View blog
  • Posts: 1,122
  • Joined: 05-December 13

Re: How to make a key for program selling?

Posted 30 January 2019 - 06:57 AM

That's a very deep question which can be answered in so many ways and it all depends on how you want to go about distributing those keys and further how you would restrict a given user from using someone elses key. How do you think would be best to do this?

If it where me... I'd probably setup a web server which can take TCP web requests, and have your software issue a once off install key which would be chained to a remote server key upon activation. If the key on user 1s PC is active, and user 2 acquires user 1s CD key/code, then that key would be marked as unauthentic and therefore blocked. The rightful owner/user who bought the key would need to fill in their personal details to acquire a reset code from your website, enabling them to use your software once again. User 1s previous key would be blocked and banned and If user 1s key is stolen more that 2 times, you should ban the user from requesting another key in accordance with your privacy, piracy terms of service; in which they would have to agree too in order to use your services when buying your product. This will cover you legally in most countries.

I hope you find the idea somewhat helpful, and if you were hoping for some starter code, Well I don't think anyone here will be doing that for you for you for free, but if you have something to show for, such as an attempt, or a more specific question, as how-to ascertain the correct way to use TCP clients or how to make web calls to a TCP server from a c# application, then this is likely as much info as you're likely to get on this one. Good luck with the project.
Was This Post Helpful? 2
  • +
  • -

#8 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 30 January 2019 - 08:03 AM

My research led me to a similar scenario. I do not hope for a complete solution. Thanks for participating

This post has been edited by Skydiver: 30 January 2019 - 01:39 PM
Reason for edit:: Removed unnecessary quote. No need to quote the post above yours.

Was This Post Helpful? 0
  • +
  • -

#9 KolanMans   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 04 February 2019 - 08:02 AM

View PostR0nald, on 28 January 2019 - 08:48 AM, said:

What could you advise? What companies, programs?


I can advise the ready-to-use solution like Rhino or ArmDot. These programs are able to generate, check, block license keys.
Was This Post Helpful? 0
  • +
  • -

#10 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5359
  • View blog
  • Posts: 14,256
  • Joined: 18-April 07

Re: How to make a key for program selling?

Posted 04 February 2019 - 01:17 PM

I don't see a problem of rolling your own as long as you thoroughly thought it out. Sheepings is on track with a great solution. We have implemented our own licensing before and as long as you can make keys unique enough and strong enough, then when they turn in a key bind it to something like their mac address (when the software registers, it also passes something unique to the computer like a mac address) then you can be good to go. If they try on another computer, the key can be looked up, seen that it is registered to a different mac address and rejected (or dealt with accordingly). The user can go to the website after logging in and "unbind" the license. That would then allow them to change computers and rebind it. That is the simplistic view anyways of how we did it.

:)
Was This Post Helpful? 1
  • +
  • -

#11 Skydiver   User is online

  • Code herder
  • member icon

Reputation: 6765
  • View blog
  • Posts: 23,069
  • Joined: 05-May 12

Re: How to make a key for program selling?

Posted 04 February 2019 - 02:03 PM

If your software is important enough, I recommend buying instead of rolling your own. Lean towards the solutions that require a hardware dongle. (Yes, it sucks for people wanting to run in a VM, but there you have it.)

But if you decide to roll your own, there is some great advise here: Implementing a Partial Serial Number Verification System in Delphi and there is a corresponding C# port.

I can't find the other article, but it had a great discussion of how to have "variable strength" keys as well. And there was another completely different approach using public key encryption. Unfortunately, this one was great in terms of keys and key generation, but had very little advise on how to protect your program from being cracked "e.g. somebody just bypasses your key checks").
Was This Post Helpful? 1
  • +
  • -

#12 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 05 February 2019 - 09:47 AM

I did some research and came to the same conclusions as Martyr2 and Sheepings wrote.
I made a small "plan" how to implement it. If it does not work out, then I will use other tips.
If someone has ideas or advice, feel free to share.
Was This Post Helpful? 0
  • +
  • -

#13 Sheepings   User is offline

  • Senior Programmer
  • member icon

Reputation: 201
  • View blog
  • Posts: 1,122
  • Joined: 05-December 13

Re: How to make a key for program selling?

Posted 05 February 2019 - 10:55 AM

If you want to roll your own, you'd be best ensuring you bind the keys to a number of factors as pointed out above.

as you can make keys unique enough and strong enough, then when they turn in a key bind it to something like their mac address

While this is only one layer of the onion, it is also not foolproof, as changing PC/OS/Installing VM's, will also change your MAC address. If your users computer is strong enough to act as a hypervisor, the VMs you run on it will use self-assigned MAC addresses, and these can be managed manually. So when you bind a licence key to a MAC, the MAC address may be subject to change if your user using your key wants to use your application in a virtual environment where changing MAC addresses may be required for them (for whatever reason). Regardless, It wouldn't be something I'd allow.

Consider binding to other sources such as GEO location based on an IP address as well. While some users use VPN's this might be a problem for them too with this method. But by doing this, you will and can determine if a user using one of your provided keys has leaked or lost it, and you can tell when that key has multiple GEO locations. But factor in, that a use may travel a lot, but even so, they will not have a different MAC every time they travel as the MAC is commonly assigned from the network card chipset. So these will be ways of identifying certain boggy keys when you collect a multitude of information(s) from the PC registering the initial serial key.

Further, you could also make 10 digits of your key completely anonymous to both the serial key owner and anyone else who manages to gain access to another users key. The ten digits you keep secret will become a seed in your servers registrar, and thus allows rightful owners of stolen keys to request a reset of the Key they bought. When they reset the key, this does not reset the key they ascertained upon purchase but it generates a new seed key on your server, rendering all users using the same key disabled with an unlicensed version of your application. You could also (as pointed out by Skydiver), add an extra layer of protection for your seed by encrypting the seed on the server and then issue an auth code back to your application for authentication against the seed. If they match, then the new key becomes active again.

You should also factor in personal information which only the key owner would know, as part of registering a key code for use. This will also stop piracy providing the thief of the stolen key does not know the personal details of the user who rightfully owns the key. These methods would also allow you personally or an automated bot script to ban keys that have been used on multiple machines. Lastly, you should put a lot of thought into protecting your code with obfuscation software (which is also not fool proof, but does make it harder) as well as other checks to ensure your key checks are not being avoided as pointed out by Skydiver.
Was This Post Helpful? 0
  • +
  • -

#14 R0nald   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 11
  • Joined: 17-January 19

Re: How to make a key for program selling?

Posted 06 February 2019 - 06:50 AM

Oh, you touched on a lot of things that I thought about.
At first I wanted to bind the key to the MAC address. Then I changed my mind. But in the end it can be a good solution. I know how to do it, it does not take much time.
I did not think about personal information. It is very important. For example, to restore access. Thank. This is really good practical advice.
Was This Post Helpful? 0
  • +
  • -

#15 Sheepings   User is offline

  • Senior Programmer
  • member icon

Reputation: 201
  • View blog
  • Posts: 1,122
  • Joined: 05-December 13

Re: How to make a key for program selling?

Posted 06 February 2019 - 05:51 PM

You're very welcome, and I'm glad I could help with the perspective. I would just like to put some emphases on something I said, which I think would be better for you when it comes to protecting the keys.

View PostSheepings, on 05 February 2019 - 05:55 PM, said:

Further, you could also make 10 digits of your key completely anonymous to both the serial key owner and anyone else who manages to gain access to another users key.

The ten digits you keep secret will become a seed in your servers registrar, and thus allows rightful owners of stolen keys to request a reset of the Key they bought. When they reset the key, this does not reset the key they ascertained upon purchase but it generates a new seed key on your server, rendering all users using the same key disabled with an unlicensed version of your application.

You could also (as pointed out by Skydiver), add an extra layer of protection for your seed by encrypting the seed on the server and then issue an auth code back to your application for authentication against the seed. If they match, then the new key becomes active again.


Note :: When they reset the key, this does not reset the key they ascertained upon purchase but it generates a new seed key on your server, rendering all users using the same key disabled with an unlicensed version of your application.

If you decide to implement this idea, which I think you should. When you begin binding the personal data to the purchased key, it should be bind to the seed of the key and not the actual key itself. The key supplied to the user at purchase is only "like" an activator for them to bind to a ten digit seed, and the binding data will require them to register the auth code they received from your server upon activation of the purchased key code. Thus this make sense, have i explained this well enough or have I over complicated with this elaboration?

Curious if anyone else has any suggestions to make this concept better, or if there is a better way to go about it? Post your thoughts.

PS, you should still bind to the MAC address and any other data also. There is no reason for you not to, especially if your keys protection is priority.
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2