# Homebrew Serial Numbers



## daringone (Jun 11, 2012)

I saw a post on here where someone suggested making a serial number system, to protect our none NI powered libraries, using the load array function. I have made a script which does that, it's just a demo so the security key isn't secure it just demonstrates a way that this could be achieved.

I've also locked editing of the script so I have included the Resource file so you can access the script, there's also a version of the script for Nils' KSE which is easier to read.

I have also included a simple serial Key generator and an invalid and valid key file so you can see how it works. You have to change the name of the invalid key file to Key, because this is the name of the file that the script expects. The Key files are in the Data folder but you could ask the user to choose a file from any location.

I believe that it wouldn't be too difficult to crack a setup like this.

The key generator script will generate a valid or invalid key. You can call it what you like when you save it but the script will only read in a file called 'Key'. The generator script needs to be compiled in Nils' Editor.

Let me know what improvements we can make. 

Edit: File deleted


----------



## daringone (Jun 12, 2012)

I've been expanding this idea, I've now got it so a user can enter a serial number and this generates the Key File.

The new file attachment is my efforts today at putting together a collection of macros and functions to provide some basic security and more importantly a kind of watermarking.

I haven't included a valid serial but if you look at the code it shouldn't be too difficult to work out what counts as valid. Again there isn't a proper serial key algorithm in here, i'm still just fleshing out ideas so that will come later on.

Edit: File Deleted


----------



## daringone (Jun 15, 2012)

So noone got any comments on this?


----------



## Mike Greene (Jun 15, 2012)

I find this very interesting and downloaded both files a few days ago, but haven't had a chance to check them out. 8)


----------



## daringone (Jun 15, 2012)

So I have been busy the last couple of days with this.

I have created another little demo project. It's a serial key generator and validator.

It uses an algorithm I came up with (I'm sure it's not original).

The serial is then encrypted using an algorithm very similar to a One Time Pad (OTP) Cipher. As long as the key is secret the serial should be secure. 

After that the generated serial (or a non-generated serial, i.e a guess) can be passed to the validate function which decrypts the serial and checks that it's valid. Returns 1 for valid 0 for invalid.

Have fun 

Edit: File Deleted


----------



## daringone (Jun 18, 2012)

This new version has a better key validation/generation algorithm.

Instructions are included. I've also built a keygen to go with the script. The Key Gen is a standalone app, you just put in the appropriate values from your script and it will generate a load of unique valid keys. I generated 10000 earlier without a problem, although it froze when I tried to do 50000. 

Enjoy!

Edit: File Deleted


----------



## RiffWraith (Jun 18, 2012)

daringone @ Fri Jun 15 said:


> So noone got any comments on this?



Yeah - I have a comment.

This looks like a fantastic idea if it works, but don't have time to check it out yet. Hope to soon, tho.....


----------



## daringone (Jun 19, 2012)

It has been brought to my attention that, as I expected, this method of security is not that secure.

I'm also posting the source code for the keygen here, it's written in visual C#. So if you want to customise the algorithm in your script you can also change the Key gens algorithm to match..

If anyone has any idea on incresing the effectiveness of this script then please let me know.

Enjoy!

Edit: File Deleted


----------



## Dynamitec (Jun 19, 2012)

Unfortunately I think the serial thing done that way is a waste of your time. It only makes it harder for users to actually "activate" the library. There is no extra security added. Don't underestimate the crackers. They cracked the Cubase dongle, disassembling the software, reading the assembler code...how hard do you think it will be for them to figure out a script which is available in plain text written in such a primitive language like KSP?


----------



## daringone (Jun 19, 2012)

Dynamitec @ Wed Jun 20 said:


> how hard do you think it will be for them to figure out a script which is available in plain text written in such a primitive language like KSP?



"I believe that it wouldn't be too difficult to crack a setup like this "

"as I expected, this method of security is not that secure"


----------



## Dynamitec (Jun 20, 2012)

Well, yes, but I mostly replied to your last post which also says:



> So in order to make this more effective I recommend hiding the key within your script, making it more difficult for a would-be hacker to determine which numbers are the important ones, and do anything else you can think of to make the task of hacking the script more time consuming.



... I mean that doesn't really make much of a difference as the script can be easily "disassembled" by everyone who has basic understanding of programming languages.


----------



## Blackster (Jun 20, 2012)

Dynamitec @ Wed Jun 20 said:


> Unfortunately I think the serial thing done that way is a waste of your time. It only makes it harder for users to actually "activate" the library. There is no extra security added. Don't underestimate the crackers. They cracked the Cubase dongle, disassembling the software, reading the assembler code...how hard do you think it will be for them to figure out a script which is available in plain text written in such a primitive language like KSP?



If you really (and I mean REALLY) want to protect software, don't publish it! Easy as that!  .... 

BUT, I think this a good idea though as long as it is easy to use.


----------



## Lindon (Jun 20, 2012)

Wouldn't you be better just doing this in the installer? Scripting in NSIS seems not so far away from KSP anyway, and your check-process is compiled at least into the installer itself, making it considerably harder to hack...you can then use a key response pair generated on the fly at both ends..Or did I just miss the point of all of this...


----------



## Dynamitec (Jun 20, 2012)

Makes no difference... even if the keyfile is generated by the installer etc. There needs to be keyfile check in the the NKI. And that's the weak spot. It will be possible to bypass this in no time. The only way to have a little bit stronger protection than non is using Kontakt player...and as we all know even that's no protection.


----------

