Comments are closed.
But in the worst case, a bad actor can create a keygenthat generates valid license keys that work across all versions of an application, requiringa complete upheaval of the product's licensing system. It's also worth mentioning that keygens are much more valuable to bad actors than cracks, becausea keygen can be used on the real application, vs the bad actor having to distribute a modified,cracked version of the application. Now, we've alluded to this legacy algorithm, which is actually still in use to this day by anumber of software vendors. It's called Partial Key Verification, and although it may seemlike a good-enough system, it is security through obscurity. Let's dive in and find out. These days, writing a partial key verification (PKV) algorithm is actually more work than simplydoing it the right way. But for the sake of understanding, let's write our own partial keyverification system. And then we're going to break it. Partial Key Verificationis a software license key algorithm that partitions a product key into multiple "subkeys." With each new version of your product, your license key verification algorithm will check a differentsubset of a license's subkeys. It's called partial key verification because the verification algorithm never tests thefull license key, it only tests a subset of subkeys. (Or so they say.). I'd recommend reading the above blog post by Brandon from 2007, with his partial serial numberverification system being written in Delphi. But if you're not into Delphi, we'll be portingthe partial key verification algorithm to Node. The main components of a PKV key are the seed value and its subkeys (together referredto as the serial), and then a checksum. The subkeys are derived from the unique seed value,accomplished using bit twiddling, and the checksumis to ensure that the serial (seed + subkeys) does not contain a typo. (Yes… in the oldendays, a person actually had to input license keys by-hand.). We're not going to get into the specifics on each of these components, e.g. how the checksumworks, since Brandon's post covers all of that in detail. With that said, let's assume the role of a business that is about to release a new application.We're going to write a keygen that we, the business, can use to generate legitimate keys forour end-users after they purchase our product. Our PKV keygen should be a tightly kept trade secret, because with it comes the power to craftlicense keys at-will. But we'll soon realize, much to our demise, keeping a PKV keygen secretis actually not possible. So, without further ado — let's begin. Here's what a PKV keygen looks like:. Yeah — it's a lot to take in. Most readers won't be comfortable with all of thosemagic numbers and the nifty bit-twiddling. (And rightly so — it is confusing, evento me, as I port over the Delphi code and write this post.).
But with that, let's generate our first license key:. Next, let's break down this new key, ECE4-4EDB-37E8-7FF9-BC96.
- buy now$19.95$9.97Single User License
- buy now$29.95$14.97Company License
- runs on:
- Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit
Windows Vista 32/64 bit
- file size:
- 22 MB
- main category:
- Authoring Tools
- visit homepage
Let's recallthe components of a key: the seed, its subkeys, and the checksum.
In this case, we can strip away the dashes and see our components:.