Many ways of achieving that are available and even components can help you. Here is a simple method that I found.
Nothing is 100% safe
No method is 100% safe and secure. Some are more difficult than others to hack but everyone is breakable. The thing here is to know your target population.
If you built something that will be used by professionals in office, you have more chances that they will buy your product. For them, the installation and the registration must be easy and must work the first time they try it.
If you built something that will be used by geeks, then your protection (if you still decide to use one) must be solid.
Again, if you really don’t want anyone ever using it without permission, better delete it from your hard drive right now!
My simple method
The method presented here is very simple. It is just enough to stop everyone from copying it all over the place. I wouldn’t use that method if thousands of users were to use it because they will each contact you to receive their key.
This method, all coded in a single form for the sake of demoing it, lets the user use the application as a trial for a given number of days (30 days in the demo application). It also provides a mean of generating a key from a client name. Finally, it lets you validate a key.
This method is using the registry (the CurrentUser section) to store encrypted information to keep track of everything. Symmetric encryption is used (a single key used to encrypt and decrypt). This demo is using a textbox (titled Pass Phrase) for you to try different combination.
Figure 1: The demo application in action
How to test the application
The very first thing you need to do is to download the source code that goes with this article.
The first group box is titled “Common section” and contains a single textbox. The value of this textbox is used in every encryption/decryption operations. This is the first thing you need to set and you shouldn’t modify it (otherwise, you won’t be able to decrypt what you have encrypted). You are limited to 16 characters here. This value shouldn’t be visible to the user.
The second group box is titled “Application status”. When you press the button, it checks the state of the application and tell you if the application is in trial mode (and in this case how many days left), or it tells you that the trial is expired, or it tells you that you have a fully licensed version.
The third group box titled “Generate Key” lets you create a key. Enter a value in the client name text box and the key will be generated each time the value is modified. This key is generated using the pass phrase. This feature would be useful in a small standalone application that only you would have to generate a key to send to clients when they pay you.
The last group box titled “Validate key” is used to test your key. Enter a name and a key (created in the previous step) and press the test key. If the values are valid, encrypted information will be persisted into the registry for later usage. If not, the yellow label will warn the user.
Improving this method even more
You may have some more ideas in improving this method. One very easy method to make it harder to break would be to use the motherboard ID (returned by the GetMotherBoardID method of the cHardware class) and/or the processor ID (returned by the GetProcessorID method of the cHardware class) as the value that the client sends you (instead or in addition of its name) to generate the license key. That method would stop the user from being able to use its own license on more than one computer.
Conclusion
Limiting unauthorized users from using the application you spent countless hours is not an easy task. Some simple methods like this one can be just enough.
I hope you appreciated the topic and see you next month.