"Decompile the invoking class, remove the verification, compile
the new class and add it back to the jar."
Unless you have some method of _inline_ code in a lot of methods
to do a complex validation of a string from the license data,
use a tool that does something more.
You could try for example
http://freshmeat.net/projects/licensemanager
http://www.agilis-sw.com/ezlm/
But mostly the entrypoint to the licensemanager is vunerable.
With decompilers you can remove those calls from the software.
Obfuscators make it a lot harder, but not impossible.
I haven't seen any products inserting bytecode to prevent this
weakness. Please inform me if you do (pryxan at yahoo).
I also like to have any code which does not decompile or
decompiles to unreadable and unusable code.
Regards,
Michael.
=?UTF-8?b?TMSByrtpZSBUZWNoaWU=?=
<laie@win_remove_get_nospam_solutions.com> wrote in
news:1110786817.11fe281a25ddc1e437c2f7ae5af6ede6@t eranews:
> On Sat, 12 Mar 2005 10:58:17 +0800, Ravi Shankar wrote:
>
>> Dear all,
>>
>> Can anyone suggest some of the state of the art, best tools for
>> license key generator?
>>
>> We are releasing a product, so that we would like to generate license
>> keys, for evaluation, permanent, high availability etc, thanks
>>
>> Open source also welcome, prefer proven tools,
>>
>> Please advise, thanks
>>
>> Regards,
>> Ravi
>
> To generate:
>
> Generate a random Initializing Vector (iv).
> Serialize your license data (data).
> Calculate a hash of iv + data.
> return base64_encode( iv + Encrypt (data + hash) )
>
> To verify:
>
> blob = base64_decrypt( input )
> remove the iv from the front of blob
> decrypt the rest of blob (leaving only license data).
> remove hash from the end
> calculate the correct hash of iv + data.
> If the real hash doesn't match the hash sent in, it's not a valid
> license. deserialize the license data and verify it to your heart's
> desire.
>
> HTH,
> La'ie Techie
>
>
Similar Threads
