Page 1 of 2 12 LastLast
Results 1 to 15 of 21
  1. #1
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Secure Application (VB6)

    I'm about to try my application on a user who does not work for us and not sure of the trust level.

    Everything should be OK but I would rather be safe than sorry than them distributing willy nilly.
    What I would like to do is implement some kind of serial code system at lets say 6 Monthly intervals.

    On first installation, ideally a popup asking for a serial number to proceed.
    This has to be unique so possibly a calculation on the current date and time.

    So, the user will install for the first time and be prompted for a serial number.
    If the current date and time is 11/08/2004 17:15:00 and then for arguments sake, multiply by 3 to give the correct serial.

    Can this be done and at 6 monthly intervals, or is there another way ? <img src=/S/thinks.gif border=0 alt=thinks width=15 height=15>

  2. #2
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Re: Secure Application (VB6)

    How about having a built-in expiration date? Here is some actual code I've used. Note that gbAborting is a global "abort" flag, defined in a separate code module.

    Private Sub Form_Load()

    Dim ldtExpire As Date
    Dim lsDate As String

    'Set expiration date as 1/1/2004 - but don't be obvious
    lsDate = CStr(2 2) + "-"

    'here is the day of the month
    lsDate = lsDate + CStr((2) - 1#) + "-"

    'Finally have the year
    lsDate = lsDate + CStr(1002 * 2)

    'Check for the expiration date
    ldtExpire = CDate(lsDate)

    If CDate(Now) > ldtExpire + 1 Then

    MsgBox "This program expired on " + _
    Format$(CStr(ldtExpire), "mmmm, dd, yyyy") + vbCrLf + _
    "Check www.softwarepolish.com" + vbCrLf + _
    "for an updated version", vbCritical, _
    "Program Expired!"

    gbAborting = True
    End If

    <code removed>

    frmJJJJ_Exit:

    'Need to abort if initial Form_load fails
    If gbAborting Then
    Unload Me
    End If

    Exit Sub

    <code removed>

    End Sub
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  3. #3
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    Rick

    Thanks for your code here.
    I've had a little play with it and yes there is a possibility I could use it.
    I can link it with my FTP to update the user.

    The part I'm confused over is where the data is collected.

    <pre>Dim ldtExpire As Date
    Dim lsDate As String

    'Set expiration date as 1/1/2004 - but don't be obvious
    lsDate = CStr(2 2) + "-"

    'here is the day of the month
    lsDate = lsDate + CStr((2) - 1#) + "-"

    'Finally have the year
    lsDate = lsDate + CStr(1002 * 2)</pre>


    How does this work and how do I use the CStr function ??

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Secure Application (VB6)

    CStr converts any type of value to a string.
    The code fragment assembles "1-1-2004" by concatenating pieces, and obfuscates things by performing some calculations, so that someone who happens to look at the application (for example with a hex editor) will not see 1-1-2004 as a literal string.

  5. #5
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    Hmmmm

    A couple of questions on this.

    1/ With an HEX Editor, would some-one be able to view the FTP IP, UserName & PassWord which are hard coded ?

    2/ With the make up of the date using CStr etc, how do I alter it to a date of my own ?

  6. #6
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Secure Application (VB6)

    1. Yes, strings that are hard coded can be seen using a hex editor. You can apply some kind of scrambling to the literal strings, so that the strings that can be seen in the exe are useless. But unless you use industry strength enncryption, it may be possible to unscramble them.

    Here is a very simple scrambling function:

    Function Scramble(AString) As String
    Dim i As Integer
    Dim strRes As String
    For i = Len(AString) To 1 Step -1
    strRes = strRes & Chr((410 - i - Asc(Mid(AString, i, 1))) Mod 256)
    Next i
    Scramble = strRes
    End Function

    Say that your password is "Dave". Type ? Scramble("Dave") in the immediate window, the result will be "1!7U". This would be the string you use in your code:

    If Me.txtPassword = Scramble("1!7U") Then

    2. You can make up anything you like. Say that you want the expiration date to be 31 December 2004.

    The day is 31. This can be 2 ^ 5 - 1, or 3 * 10 + 1, or 62 / 2, etc.
    The month is 12. This can be 17 - 5, or 2 * 2 * 3, or 5 * 3 - 6 /2, etc.
    The year is 2004. This is 4 * 501, or 2 * 10 ^3 + 2 ^ 2, etc.

    You can concatenate the parts:

    lsDate = CStr(2 ^ 5 - 1) & "-"
    lsDate = lsDate & CStr"(2 * 2 * 3) & "-"
    lsDate = lsDate & CStr(2 * 10 ^ 3 + 2 ^2)
    ldtExpire = CDate(lsDate)

    or you can use the DateSerial function:

    ldtExpire = DateSerial(2 * 10 ^ 3 + 2 ^2, 2 * 2 * 3, 2 ^ 5 - 1)

    or you could use the scramble function here too.

  7. #7
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    Hans


    []_#%Ek'%[img]/forums/images/smilies/ohmy.gif[/img]"Ls!*(60E <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15>

  8. #8
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Secure Application (VB6)

    That didn't survive the browser intact, but you're welcome.

  9. #9
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    Rick

    Is it possible for the gbAborting code ?

  10. #10
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Re: Secure Application (VB6)

    Dave, I'm not sure what your question is. I agree with what HansV suggested.

    The program uses the gbAborting variable as shown in my first post. I have error trapping code in each routine where errors could occur. If a non-recoverable error occurs, I set gbAborting = True.

    There is logic to "bail" out of the program, which gets called from Sub Main. This could do things such as closing open database connections, closing any other open files, and giving the bad news to the user.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  11. #11
    Silver Lounger
    Join Date
    Jun 2002
    Location
    Cheadle, Staffordshire
    Posts
    2,177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    Rick

    Thanks.
    I had the feeling the gbAborting routine was something specific to the code you supplied.
    I've sorted it now with my own error trapping and get out situations.

    Thanks for the code anyway, it works fine now.

    Can't wait till the expiry date on the application, the phones will go nuts !! <img src=/S/rofl.gif border=0 alt=rofl width=15 height=15>
    I think I'll invest in an answer machine. <img src=/S/rofl.gif border=0 alt=rofl width=15 height=15>

  12. #12
    Bronze Lounger
    Join Date
    Nov 2001
    Location
    Arlington, Virginia, USA
    Posts
    1,394
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Re: Secure Application (VB6)

    Another option for encrypting a string is to use simple XOR encryption. Example:

    <code>Public Function EncryptTextXOR(strText As String, _</code>
    <code> strPWD As String) As String</code>
    <code> ' Encrypt or decrypt a string using the XOR operator.</code>
    <code> </code>
    <code> Dim b() As Byte</code>
    <code> Dim b_Pwd() As Byte</code>
    <code> Dim lngPos As Long</code>
    <code> Dim lngLen As Long</code>
    <code> Dim n As Long</code>

    <code> b = strText</code>
    <code> b_Pwd = strPWD</code>
    <code> lngLen = LenB(strPWD)</code>

    <code> For n = 0 To LenB(strText) - 1</code>
    <code> ' Get the next number between 0 and lngLen - 1:</code>
    <code> lngPos = (n Mod lngLen)</code>
    <code> b(n) = b(n) Xor b_Pwd(lngPos)</code>
    <code> Next n</code>
    <code> EncryptTextXOR = b</code>

    <code>End Function</code>

    The same function is sued to encrypt or decrypt string, given a password. Sample results:

    <code>? EncryptTextXOR("MarkD","123")</code>
    <code>|SAZv</code>
    <code>? EncryptTextXOR("|SAZv","123")</code>
    <code>MarkD</code>

    For more info see MSKB 110308:

    How To Encrypt a String with Password Security

    Brief quotes: "Software tools for debugging and viewing binary code can easily find ASCII strings stored in compiled executable .EXE programs." Some options suggested. Re XOR: "The exclusive-OR operator (Xor in the Basic language) performs a logical exclusion on two expressions. ... A useful behavior of Xor is that the first expression expr1 is returned without losing any bits when you perform Result Xor expr2. This ability to restore the first expression from the Result combined with the second expression is why the Xor function is useful for encryption." See article for more info. Note that XOR encryption is not industrial strength - an expert hacker may be able to crack code - but most non-experts will not be able to decipher encrypted text w/o password. To make things more difficult for any would-be hacker, use a longer password. Also, passwords are case-sensitive - sort of:

    ? EncryptTextXOR("MarkD","xyz")
    5 =
    ? EncryptTextXOR("5 =","XYZ")
    mARKd
    ? EncryptTextXOR("5 =","Xyz")
    marKD

    (Some characters were not displayed in HTML above)

    HTH

  13. #13
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts

    Re: Secure Application (VB6)

    I typically show the expiration date on the main form of the application. It may not be a good idea to keep the users in the dark about the expiration date.

    For example, I had a user who was planning a lengthy road trip. They would have been REALLY unhappy if the application suddenly stopped working with no advance notice!
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  14. #14
    Bronze Lounger
    Join Date
    Nov 2001
    Location
    Arlington, Virginia, USA
    Posts
    1,394
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Re: Secure Application (VB6)

    PS: If using XOR to encrypt text string, can make it a little harder to crack code by adding a psuedo-random seed to function. Example:

    <code>Public Function EncipherText(ByVal strText As String, ByVal strPwd As String) As String</code>

    <code> Dim i As Long</code>
    <code> Dim n As Long</code>
    <code> Dim s As String</code>

    <code> Randomize</code>
    <code> For i = 1 To Len(strPwd)</code>
    <code> n = n + Asc(Mid$(strPwd, i, 1))</code>
    <code> Next</code>
    <code> Rnd -n</code>

    <code> ' XOR using random A-Z char</code>
    <code> For i = 1 To Len(strText)</code>
    <code> s = Int((vbKeyZ - vbKeyA + 1) * Rnd + vbKeyA)</code>
    <code> Mid$(strText, i, 1) = Chr$(Asc(Mid$(strText, i, 1)) Xor s)</code>
    <code> Next i</code>

    <code> EncipherText = strText</code>

    <code>End Function</code>

    Test results (not all characters displayed in HTML):

    <code>? EncipherText("MarkD","ABC123")</code>
    <code> 7$8 </code>
    <code>? EncipherText(" 7$8 ","ABC123")</code>
    <code>MarkD</code>
    <code>? EncipherText(" 7$8 ","abc123")</code>
    <code>_ce|</code>
    <code>? EncipherText(" 7$8 ","Abc123")</code>
    <code>@{}q@</code>

    At least now the password is actually case-sensitive... this is still not industrial-strength encryption by any standard, but should work for simple scrambling of text strings.

    HTH

  15. #15
    Star Lounger
    Join Date
    Mar 2001
    Location
    Atlanta, Georgia, USA
    Posts
    64
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Secure Application (VB6)

    I've done similar routines in some of my programs. You might want to also add a couple of 'traps' to your code, as well. Put a clear-text field in that has a date in it. When the program runs, have it compare the checksum of the date to see if it has been changed. If it has, pop up a warning messages, stating that the program has been tampered with - then shut down.

    If you REALLY want to be nasty, have it write a value to a data file that is a 'tamper lock'. The file would have been created when the program was running correctly, so restoring the program from a backup won't help. They could only get it running by wiping out the data and starting fresh, or restoring from a backup - prior to the tampering. It's not foolproof, but you just want to prevent the casual hacker. Making things too complicated can sometimes come back to bite you - hard!

    Brian

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •