|
Anti-Tampering Guidelines
The security that the LSAPI provides is only as good as the security of the
application code and the secret values themselves.
Distribution of application code to end users means that an intruder can
recover the shared secrets and use them to create a license system flow that appears
to be correct for whatever challenge the application issues. An intruder can
also locate and modify the code that compares and then validates the license
system's challenge response.
You should take defensive steps by using antivirus programming techniques and
other measures to prevent code modification, and also to make it difficult to
circumvent the basic challenge protocol. Following are guidelines that you can
use when you develop an application that includes calls to the LSAPI functions.
For additional information, see Table Lookup Method.
When you select the license secrets
- Choose unique secrets for each one of your company's applications.
- Choose unique secrets for each application version.
When you code the application
- If you include the secrets in the application, obscure them by encrypting them
or scattering them throughout the code.
- Place most of the challenge code and data in discardable overlays, if
possible.
- Incorporate an obscure internal checksum over the code that interfaces with
the license system and with the challenge verification.
- Use different challenge values for calls to the LSRequest and LSUpdate functions.
- Verify the code offset when your application calls the challenge algorithm, at
the entry point to the algorithm, if applicable.
- Avoid simple comparisons and obscure critical comparisons.
- Save the challenge response that the license system returns. Do not compare it
for equality immediately after a call to the LSRequest or LSUpdate function.
- Perform a meaningless comparison immediately after a call to the LSRequest or LSUpdate function.
- Verify the challenge result more than once.
- Perform mathematical operations with the challenge response, and compute
another result that your application verifies later in the code.
- Perform multiple operations with the challenge response, like meaningless
read, comparison, and subtraction operations, before doing a final comparison. If
the intruder uses a hardware monitor, this strategy can increase the number of
hardware breakpoints that occur and thereby cause additional confusion for the
intruder.
- To verify that the current license is still valid, call the LSUpdate function periodically.
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
