Announcement

Collapse
No announcement yet.

Need Simple Self Checking Code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need Simple Self Checking Code

    I need a simple function to verify a simple access code. I need not be complex or super secure.

    Something like:

    if IsCodeValid("ABC-123-XYZ-890") then.....

    I've been looking at other registration schemes and those are overboard.

    Thoughts?

    Thank you,
    Paul

  • #2
    Code:
    FUNCTION IsCodeValid (s AS STRING) AS LONG 
     ' YOUR BUSINESS RULES GO HERE 
    
    
      FUNCTION = %TRUE 
       or 
      FUNCTION = %FALSE 
    
    END FUNCTION
    That may appear 'flip' but without any way of knowing how you would determine if a code is or is not valid that is about all anyone could do here.

    You could...
    - Have a list of all valid codes in your program and test using
    Code:
       SELECT CASE S 
         CASE "ABC-123-456-789", "CDE-678-123", ....
             FUNCTION = ^TRUE 
         CASE ELES
            FUNCTION = %FALSE
       END SELECT
    Or, you could store all valid values in a text file...
    Code:
    ABC-123-456
    CDE-789-123
    ....
    .. and just compare the input to see if that value is in the text file.

    Or you might have some algorithm you use with check digits or something.

    The bottom line is, you need that "business rule" before you can even think about writing your IsCodeValid() function.

    MCM
    Michael Mattias
    Tal Systems (retired)
    Port Washington WI USA
    [email protected]
    http://www.talsystems.com

    Comment


    • #3
      I suppose it's the business rule I'm looking for then.
      Paul

      Comment


      • #4
        Well, I just generate more-or-less random serial numbers, and store em in a file after checking to make sure they are not duplicated.

        No muss, no fuss, no bother.

        I think you can use the GUID functions to generate guaranteed unique values. You could store those in file, too.

        MCM
        Michael Mattias
        Tal Systems (retired)
        Port Washington WI USA
        [email protected]
        http://www.talsystems.com

        Comment


        • #5
          The problem with that is I'd have to store those numbers in the code.

          I'd rather compute something...
          or actually do a computation on someting to check it....
          Paul

          Comment


          • #6
            Originally posted by Paul MacFarlane View Post
            The problem with that is I'd have to store those numbers in the code.
            Paul, do not store serial numbers in your code. Store their hash values instead.
            If the user enters his serial number, calculate the hash value of that serial number (using SHA-1, SHA-256 or other (see source code forum)). Compare the calculated hash value with the hash values stored in your code.
            If there is a match, the serial number is valid. If no match, serial number is not valid.
            The advantage of storing hash values rather than serial numbers itself in your code, is that no hacker can find a serial number inside your code by disassembling it, because there aren't any.
            And if he would find a hash value in your code, he would not be able to derive a valid serial number from it (if you are using a secure hash algorithm like the ones mentioned above).

            The problem is, schemes like these are usually 'broken' because the hacker looks at the code where you compare the calculated hash value with the stored one. He changes the lines:
            Code:
            IF Calculated_Hash = Stored_Hash THEN
                 Enter_Program
            END IF
            into:

            Code:
            IF Calculated_Hash <> Stored_Hash THEN
                 Enter_Program
            END IF
            and he could run your program without knowing the serial number.
            Of course, above scheme works just fine for your average computer user. It is ideal to 'keep honest people honest'...

            Kind regards
            Last edited by Eddy Van Esch; 9 Mar 2009, 05:08 PM.
            Eddy

            Comment


            • #7
              Paul,
              how about something like this:
              Code:
              %bignum = 8002952207&&    'happens to be prime
              %offset = 1
              FUNCTION IsCodeValid(PassKey AS QUAD) AS LONG
              LOCAL r,t AS LONG
              
                  IF PassKey MOD %bignum = %offset THEN
                      FUNCTION = 1
                  ELSE
                      FUNCTION = 0
                  END IF
                  
              END FUNCTION
              
              
              FUNCTION CreatePassKey(num AS LONG) AS QUAD
              
                  FUNCTION=num * 8002952207 +%offset
                      
              END FUNCTION
              
              FUNCTION PBMAIN() AS LONG
              LOCAL x AS LONG
              LOCAL y AS QUAD
               
              FOR x = 1 TO 10
                  PRINT  CreatePassKey(x)
              NEXT
              
              DO
              INPUT LINE "What key?";s$
              
              IF IsCodeValid(VAL(s$)) THEN
                  PRINT "Valid code"
              ELSE
                  PRINT "Code not valid"
              END IF
              
              LOOP UNTIL VAL(s$)=0
                  
              END FUNCTION
              Just choose your own bignum and offset.

              Paul.

              Comment


              • #8
                This is about as low-security as I could think of off-hand.

                How about just a simple checksum routine? The key generator randomizes all but the last byte/word, which is calculated to make it all equal some checksum of your choosing.

                If it needs to be a little more impressive than just a hex string, tart it up by converting some hex codes to letter pairs, and just reverse that before testing.
                The boy just ain't right.

                Comment


                • #9
                  You might try something like the Canadian Social Insurance Number(others may be similar) where the number itself contains the check. There are several ways of doing this, and they can be overlapped.
                  Example:--simple
                  123 456 789 -keep summing the digits until you are reduced to one digit.
                  45
                  9
                  Example:--overlapped
                  123 456 789 -keep summing the digits of the first 6 and the last 6- two check numbers
                  21 39
                  3 12
                  3 3

                  223 336 123
                  25
                  7
                  223 336 123
                  19-6
                  10-6
                  1-6
                  Although not 100% reliable, it will give you a margin of safety, increasing with the summing pattern. You would generate the number according to the checking system that matches the check number, in the case of the simple version you could use the number of your choice, say 6, and create code numbers that reduce to 6.
                  Alternatively, you could make the numbers reduce to the last or first number of the access code, there again, your choice. As in the first example above.
                  You may be able to incorporate the ascii values of letters to allow alphanumeric access codes.(Haven't tried that.)
                  Rod
                  In some future era, dark matter and dark energy will only be found in Astronomy's Dark Ages.

                  Comment


                  • #10
                    All you have to do is think of what you want the code to contain (issue number, date, product id, etc) and write an encoding/decoding scheme and a keygen.

                    I really would have to question the purpose of a 'random' key scheme, it is extremely easy to crack.
                    kgpsoftware.com | Slam DBMS | PrpT Control | Other Downloads | Contact Me

                    Comment


                    • #11
                      This is for a library I'm selling. So the user (programmer) will be passing their "key" to my DLL before using other functions. So I want to keep the overhead low....

                      I want to be able to issue "keys" just as a verification. If they start passing it around, so be it The other option is to have NO verification.

                      The users will want support and updates and if I find the DLL in use somewhere then I can see who's code is calling it and tack it back.

                      For the most part the group of programmers are honest..<g>
                      Paul

                      Comment


                      • #12
                        Originally posted by Rodney Hicks View Post
                        You might try something like the Canadian Social Insurance Number(others may be similar) where the number itself contains the check.
                        That's what I'm looking for. Just hadn't written one before and figured something like this must already exist in all the code snippets around.
                        Paul

                        Comment


                        • #13
                          The ISBN formula is pretty standardized. If you're creating the base number, then you can avoid numbers that generate a check digit of "X" to not give it away.
                          The boy just ain't right.

                          Comment

                          Working...
                          X