I stumbled across an that made me think about a solid serial number system based on strong cryptography. Cryptography discourages systems based on secret algorithms, and relies on open algorithms and secret keys. So let us develop a serial number generation/verification system with the same usability as the one in the linked article but without any secret algorithms. First, our serial numbers should have the form XXXX-XXXX-XXXX-XXXX-XXXX where X – an uppercase english letter A. Z; to prevent user’s confusion let us exclude the letter O which looks like zero, so in the end we have 25 possible letters in 20 positions, that is BigInteger.Pow(25, 20) = $1D6329F1C35CA4BFABB9F561 combinations. Next, we want to work with full bytes; this reduces the possible serial keys to 11 byte-long numbers; also we want to use 2 bytes of serial key as a key checksum; this leaves us with 9 bytes, and we have 9*8 = 72-bit serial keys.

That should be strong enough against full keyspace search attack on our system. Suppose you are a micro-ISV and expecting to sell up to 100 copies of you software; then you need to generate 100 72-bit keys and embed their hashes into the executable (if it will turn out later that you need more copies it is not a problem – just recompile your executable with more keys next time; the same way you can revoke leaked keys – by not including them in the next release).

To derive 72-bit keys I use 128-bit master key and AES encryption algorithm as a pseudorandom function. Note that the 128-bit master key is actually the only secret in the system, everything else is calculated. It is worthwhile to generate the master key, for example, by tossing a coin 128 times. For hashing I use SHA256 hash function. I also use CRC16 algorithm to calculate the key checksums.

Delphi 2010 Serial Number Crack Programs Sites. 0 Comments Read Now. Ideally must provide an SDK compatible with Delphi 7-2010, support AES encryption, Keys. 0 Comments Leave a Reply. Write something about yourself. No need to be fancy, just an overview. To improve search results for Devexpress Delphi 2010 try to exclude using words such as: serial, code, keygen, hacked, patch, warez, etc. Simplifying your search query should return more download results. Many downloads like Devexpress Delphi 2010 may also include a crack, serial number, unlock code or keygen (key generator).

The verification is 2-phase process. First, it converts a serial number in 20-letter format entered by user into a 11-byte serial key, calculates the checksum of the first 9 bytes and compares it with the last 2 bytes (this prevents user from mistyping his serial number). Second, it hashes the 9-byte key and checks that the hash exists in the keyhash table. And now the challenge. The last release (0.74) includes full source code of console application with the serial number system described above, in the Demos Challenge subfolder.

The key generation code is also included, though it is not used in the application and could be kept secret; the only thing I keep secret is 128-bit master key used. Build the application with Delphi or Lazarus/Free Pascal. Toothpaste font download. One of the valid serial numbers is: AVVH-GJCX-YVWM-EHUE-YMRL Try to find other valid serial number(s). Attacks on Serial Numbers rarely go after the actual recovery of the private key.

The most common attack on a serial number system is to simply disassemble the code that checks for a valid key and skip it. Then you try to obscure that code, and the attacker uses a reverse debugger. If you move the check from the client to the server, then the attacker moves from attacking the code that checks the serial number to the code that validates the response from the server.

At some point you will reach a point of diminishing returns. When this point is reached, you will annoy your paying customers more than they are willing to be annoyed. So while the strength of AES-128 may comfort some people, it is beside the actual point when used to secure, say, software serial numbers. The weakness in any such system is seldom the cryptography itself. Side channel attacks may exist in some specific implementations, but whenever we apply a strong algorithm like AES-128, and our implementation is in x86 assembler instructions, it’s not too hard to find and defeat that code.

Serial

GUIDs are just unique; strong keys or serial numbers should be indistinguishable from uniformly chosen from the key space. I don’t know GUID generation algorithm, but if you want to derive keys from GUIDs I would recommend to do it by applying HMAC algorithm to GUIDs, or just use standard PBKDF2 key derivation algorithm, that is for example THMAC.MD5.DeriveKey(.) method in TForge; there is no need to “slow down” hashing by using many rounds with GUIDs, the purpose of using HMAC here is to get more uniformly distributed keys. Do not bother with hashing or private keys, just use pure cryptographic random. Client side checks are the usual target anyway, and on the server side, pure random will just beat anything else, the only cost is disk space, but even with 128 bits per key, it’s going to be minimal anyway unless you sell billions of licenses (but then you can afford an extra datacenter or two, hehe) Guid are not strongly random, do not attempt to randomize them through hashing or key derivation, you just risk missing something Just use cryptographic random, it’s designed for that 🙂.

Popular Posts