Announcement

Collapse
No announcement yet.

Need Simple Self Checking Code

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joseph Cote
    replied
    The ISBN formula is pretty standardized. If you're creating the base number, then you can avoid numbers that generate a check digit of "X" to not give it away.

    Leave a comment:


  • Paul MacFarlane
    replied
    Originally posted by Rodney Hicks View Post
    You might try something like the Canadian Social Insurance Number(others may be similar) where the number itself contains the check.
    That's what I'm looking for. Just hadn't written one before and figured something like this must already exist in all the code snippets around.

    Leave a comment:


  • Paul MacFarlane
    replied
    This is for a library I'm selling. So the user (programmer) will be passing their "key" to my DLL before using other functions. So I want to keep the overhead low....

    I want to be able to issue "keys" just as a verification. If they start passing it around, so be it The other option is to have NO verification.

    The users will want support and updates and if I find the DLL in use somewhere then I can see who's code is calling it and tack it back.

    For the most part the group of programmers are honest..<g>

    Leave a comment:


  • Kev Peel
    replied
    All you have to do is think of what you want the code to contain (issue number, date, product id, etc) and write an encoding/decoding scheme and a keygen.

    I really would have to question the purpose of a 'random' key scheme, it is extremely easy to crack.

    Leave a comment:


  • Rodney Hicks
    replied
    You might try something like the Canadian Social Insurance Number(others may be similar) where the number itself contains the check. There are several ways of doing this, and they can be overlapped.
    Example:--simple
    123 456 789 -keep summing the digits until you are reduced to one digit.
    45
    9
    Example:--overlapped
    123 456 789 -keep summing the digits of the first 6 and the last 6- two check numbers
    21 39
    3 12
    3 3

    223 336 123
    25
    7
    223 336 123
    19-6
    10-6
    1-6
    Although not 100% reliable, it will give you a margin of safety, increasing with the summing pattern. You would generate the number according to the checking system that matches the check number, in the case of the simple version you could use the number of your choice, say 6, and create code numbers that reduce to 6.
    Alternatively, you could make the numbers reduce to the last or first number of the access code, there again, your choice. As in the first example above.
    You may be able to incorporate the ascii values of letters to allow alphanumeric access codes.(Haven't tried that.)

    Leave a comment:


  • Joseph Cote
    replied
    This is about as low-security as I could think of off-hand.

    How about just a simple checksum routine? The key generator randomizes all but the last byte/word, which is calculated to make it all equal some checksum of your choosing.

    If it needs to be a little more impressive than just a hex string, tart it up by converting some hex codes to letter pairs, and just reverse that before testing.

    Leave a comment:


  • Paul Dixon
    replied
    Paul,
    how about something like this:
    Code:
    %bignum = 8002952207&&    'happens to be prime
    %offset = 1
    FUNCTION IsCodeValid(PassKey AS QUAD) AS LONG
    LOCAL r,t AS LONG
    
        IF PassKey MOD %bignum = %offset THEN
            FUNCTION = 1
        ELSE
            FUNCTION = 0
        END IF
        
    END FUNCTION
    
    
    FUNCTION CreatePassKey(num AS LONG) AS QUAD
    
        FUNCTION=num * 8002952207 +%offset
            
    END FUNCTION
    
    FUNCTION PBMAIN() AS LONG
    LOCAL x AS LONG
    LOCAL y AS QUAD
     
    FOR x = 1 TO 10
        PRINT  CreatePassKey(x)
    NEXT
    
    DO
    INPUT LINE "What key?";s$
    
    IF IsCodeValid(VAL(s$)) THEN
        PRINT "Valid code"
    ELSE
        PRINT "Code not valid"
    END IF
    
    LOOP UNTIL VAL(s$)=0
        
    END FUNCTION
    Just choose your own bignum and offset.

    Paul.

    Leave a comment:


  • Eddy Van Esch
    replied
    Originally posted by Paul MacFarlane View Post
    The problem with that is I'd have to store those numbers in the code.
    Paul, do not store serial numbers in your code. Store their hash values instead.
    If the user enters his serial number, calculate the hash value of that serial number (using SHA-1, SHA-256 or other (see source code forum)). Compare the calculated hash value with the hash values stored in your code.
    If there is a match, the serial number is valid. If no match, serial number is not valid.
    The advantage of storing hash values rather than serial numbers itself in your code, is that no hacker can find a serial number inside your code by disassembling it, because there aren't any.
    And if he would find a hash value in your code, he would not be able to derive a valid serial number from it (if you are using a secure hash algorithm like the ones mentioned above).

    The problem is, schemes like these are usually 'broken' because the hacker looks at the code where you compare the calculated hash value with the stored one. He changes the lines:
    Code:
    IF Calculated_Hash = Stored_Hash THEN
         Enter_Program
    END IF
    into:

    Code:
    IF Calculated_Hash <> Stored_Hash THEN
         Enter_Program
    END IF
    and he could run your program without knowing the serial number.
    Of course, above scheme works just fine for your average computer user. It is ideal to 'keep honest people honest'...

    Kind regards
    Last edited by Eddy Van Esch; 9 Mar 2009, 04:08 PM.

    Leave a comment:


  • Paul MacFarlane
    replied
    The problem with that is I'd have to store those numbers in the code.

    I'd rather compute something...
    or actually do a computation on someting to check it....

    Leave a comment:


  • Michael Mattias
    replied
    Well, I just generate more-or-less random serial numbers, and store em in a file after checking to make sure they are not duplicated.

    No muss, no fuss, no bother.

    I think you can use the GUID functions to generate guaranteed unique values. You could store those in file, too.

    MCM

    Leave a comment:


  • Paul MacFarlane
    replied
    I suppose it's the business rule I'm looking for then.

    Leave a comment:


  • Michael Mattias
    replied
    Code:
    FUNCTION IsCodeValid (s AS STRING) AS LONG 
     ' YOUR BUSINESS RULES GO HERE 
    
    
      FUNCTION = %TRUE 
       or 
      FUNCTION = %FALSE 
    
    END FUNCTION
    That may appear 'flip' but without any way of knowing how you would determine if a code is or is not valid that is about all anyone could do here.

    You could...
    - Have a list of all valid codes in your program and test using
    Code:
       SELECT CASE S 
         CASE "ABC-123-456-789", "CDE-678-123", ....
             FUNCTION = ^TRUE 
         CASE ELES
            FUNCTION = %FALSE
       END SELECT
    Or, you could store all valid values in a text file...
    Code:
    ABC-123-456
    CDE-789-123
    ....
    .. and just compare the input to see if that value is in the text file.

    Or you might have some algorithm you use with check digits or something.

    The bottom line is, you need that "business rule" before you can even think about writing your IsCodeValid() function.

    MCM

    Leave a comment:


  • Paul MacFarlane
    started a topic Need Simple Self Checking Code

    Need Simple Self Checking Code

    I need a simple function to verify a simple access code. I need not be complex or super secure.

    Something like:

    if IsCodeValid("ABC-123-XYZ-890") then.....

    I've been looking at other registration schemes and those are overboard.

    Thoughts?

    Thank you,
Working...
X