|
The Application Verification
Your application must perform the following steps to verify the license
system's response to the challenge:
- Receive the output parameters of the call to the LSRequest or the LSUpdate function, and the license system's response.
- Compute a second message digest with the MD4 Message-Digest Algorithm supplied
by RSA Data Security, Inc. For additional information about the format of this
message digest, see LS_CHALLDATA.
- Compare this message digest to the license system's message digest.
- Accept the result only if the two are equal.
There are two different methods you can use to verify a challenge response:
- You can either incorporate the secrets and the algorithm in the code (Algorithmic Method), or
- You can precompute a table containing a number of random challenges with their
expected responses (Table Lookup Method).
For additional information about coding the challenge, see Anti-Tampering Guidelines.
Algorithmic Method
With this method, you incorporate the challenge algorithm and the actual
secret values in the program code. This method requires that you take steps to
obscure the code and to ensure that the secrets themselves are not readily
detectable. These steps are described in Anti-Tampering Guidelines.
Table Lookup Method
With this method, you incorporate a precomputed table of valid challenge
responses in the program code. The table should contain a row for each possible
challenge and a column for each unique secret response. Your application can verify
a challenge by examining the appropriate challenge/response intersection in
the table. This method requires that you choose the challenge values in addition
to the secrets when you code the application.
If intruders successfully duplicate an application's challenge and response
table, they can also circumvent and replace the legitimate license provider. If
all the data in the table is known, the application's secrets are vulnerable. It
becomes more difficult to copy the entire table while inspecting the data
exchanges between the application and the license provider as the size of the table
increases. Therefore, if you use the table lookup method, compute a large
number of random number values to ensure that there are a large number of possible
challenges and responses.
At the beginning of each run time, your application must select one of the
challenge values from your table. It must then pass this value in a call to the LSRequest function. When the call returns, the application must compare the actual
challenge response to the expected response for that challenge value.
A sample table follows. The format and size of the values are examples only.
Challenge
Value
| Secret 1
Response
| Secret 2
Response
| Secret 3
Response
| Secret 4
Response
|
8675309
| 783ndmw732
| 3487dn262
| 367dkb37
| 476dndk263
| -
63JSk23
| 63387d6b36
| 7b6b5u8b7
| 8hn65bv4g7
| 076bb856v6
| -
833jh26
| 73d83m29s
| 8N7GJ829n8
| 89bn73nBH
| 89348nUU7
| -
8LES654
| 733nbV8
| 8H8hu8
| B73h0dn39
| 7590nd73n
| -
28gHjB4
| 39834nd83
| 93n3d93n38
| 393n3ed83n
| 983n38db38
|
If an application used the preceding sample table and challenged Secret 3 with the second challenge value, 63JSk23, it would then pass this value in a call to the LSRequest function. A legitimate license system would respond with a challenge response
of 8hn65bv4g7 and a status of success. The application would then examine the entry at the
appropriate challenge/response intersection in the table and compare it to the
value 8hn65bv4g7. In this case it would find a match, so the challenge response would be
valid.
In addition to including a table such as the preceding example, your
application could also include a similar table of challenge responses for use with calls
to the LSUpdate function.
For additional information about coding the challenge, see Anti-Tampering Guidelines.
| Last news from Greatis Software |
 |
|
Nostalgia .Net |
|
.Net is powerful, but not all-powerful, so sometimes we need to use Win32 API for our .Net applications. It's simple enough with Platform Invoke if you have Win32 skill, but we do not always have time to dig the ancient documentation, declare the special types that are compatible with Win32, find the values of the Win32's constants and so on. Nostalgia .Net offers several simple-to-use classes, and components that will allow you to forget about the headache of Win32 and just use the power of Win32 in your application the same way as you use the native. Net classes. More » |
| Recommended software for developers |
 |
|
Ultimate Pack |
|
Component pack for Delphi and C++ Builder that contains runtime form designer, runtime object inspector, print suite and much more for the very special price. More » |
 |
|
Form Designer .Net |
|
Unique runtime form design solution that allows to edit any form in .Net WinForms application at runtime with full source codes for only 300 euro! More » |
 |
|
Print Suite .Net |
|
Print Suite .Net is a set of components for easy printing texts, images and grids from your WinForms applications. Full C# source codes are available More » |
 |
|
Gradient Controls .Net |
|
Gradient Controls .Net offers controls with gradient background feature. Labels, panels and so on... Full C# source codes are available More » |
 |
|
Greatis iGrid |
|
iGrid plots drawing grid right over your desktop, so you can use it everywhere, with any drawing application without any special plugins for different graphic editors. More » |
All the contacts and projectsDmitry Vasiliev (just.dmitry)
Related LinksSoftware for Visual Studio .NET developers
Software for Delphi and C++ Builder developers
Software for Visual Basic 6 developers
Delphi Tips&Tricks
MegaDetailed.NET More Online Helps Win32 Programmer's Reference
Win32 Multimedia Programmer's Reference
OLE Programmer's Reference
Microsoft Windows Pen API Programmer's Reference
Microsoft Windows Sockets 2 Reference
Microsoft Windows Telephony API (TAPI) Programmer's Reference
Unix Manual Pages
|
