Artem's blog

Mainly .NET (C#, ASP.NET) and my projects

Archives for Encryption

The new generation of app protection

In order to emphasize the ability to control an application when online key validation is being used, I have created a poster. Serial Key Manager be found here.

skm_system_all_skgl

Keep everything under control

A possible change for machine code

In the recent issue, it was reported that machine codes are repeated approximately once per 50 different machines in SKGL 2.0.5.3. The reasons under investigation are:

  • small hash value allows even more collisions.
  • the machine information that is being hashed does not collect all hardware that can be changed.

The first reason is currently in focus, and I have tried to develop a piece of code that now increases the length of the machine code. It would be great if those of you who are able to test this on several machines could do so, and comment(either directly below this thread or here) how frequent the collisions are on different machines! Thank you in advance! ūüôā

EDIT 2: This can be done by anyone using Windows:

  1. Download the software below (no installation required): (or download the exe file directly here) NOTE: In Google Chrome, it might tell that the file is dangerous because it is not commonly downloaded. Please right click and press keep.

Machinecode experiment

EDIT: You can also write the machine code you get on your own computer and post it below this thread. (hardware info using dxdiag would be awesome, but the machine code is more important at this point)

Two new videos about Serial Key Manager

This week I was able to record two new videos that describe the process of external validation of a license key using Serial Key Manager. Now, my final aim is to record a third, last video about the way the local time can be synced with a server to prevent user from gaining more days than allowed by a license.

Below are the videos:

An article about Licensing systems

This is an article about three different licensing systems, using C#.NET environment.

Title: Three different algorithms for constructing licensing systems, their advantages and disadvantages using C# .NET environment.

Abstract: A key validation algorithm is one of the important parts in the protection of a computer application. Even if an already existing API is to be used, it is important to understand its weaknesses in order to compare it with alternative ones. Therefore, in this article, three different categories will be described with clear definitions that will make it possible to distinguish between them and allow an analysis of currently existing APIs. Every category is accompanied with examples and in some cases suggestions for further development. The categories described in this article are Checksum based key validation, Pattern based key validation, and Information based key validation. It is going to be found that the choice of a key validation system depends on the information that is to be stored in the key. It is also concluded that at this point it would be better to use online key validation instead.

Vigenère cipher, programming contest

Yesterday I was solving an interesting question that has been used on the Swedish Computer Science contest – a programming contest, in 2010, which probably is simple, but interesting because it emphasises sequences, et cetera.

The question introduced the Vigenére cipher in a classical way, with two disks containing letters of the English alphabet. In the beginning, we know several things about the encrypted text, which are to help us when we are going to crack the message.
bokstavssnurra

  • The disks might have different number configurations, i.e. there is still a shift, which is unknown.
  • In order to “make it harder” for the enemy, each time we have obtained a letter, we continue by using a new shift, and this shift is increased by a¬†constant value.
  • Fortunately, we get to know that each message contains the word “HEJ” – a Swedish word for “hello”, which might be used as ¬†“bye”, I think.

Also, we get some examples as well, for instance:

Example 1:
Encrypted text: LRIJOUZRIYAQIRAG
Message:¬†HEJVITARENFIKANU –¬†means let’s take a “fika”

Example 2:
Encrypted text: GCGDJJI
Message:¬†HEJHOPP –¬†hello in an optimistic manner

There is also an example of this sequence,in¬†Example 1, which is tells us that the difference is 9, 12, 15, 18… (common difference 3).

I’m solving this using a¬†recurrence, and I’m not simplifying this arithmetic progression in any way, I just add d¬†all the time.

The code below has passed all their tests, which are located at the end of this post.

Example 1
RIPIWDUXRS
HEJSOVERNI

Example 2
IGNUFAKPXYVSF
HEJNUKOMMERDE

Example 3
PAJESQBIPOOPKAP
HEJKOMHITGENAST

Reference:
http://www.progolymp.se/Oldpage/arkiv/kval10.pdf
http://www.progolymp.se/Oldpage/arkiv/kvalsvar10.pdf

A new feature is coming to SKGL Project

In order to decrease the distribution of serial keys over ‘bad’ hacking sites, I would like to present a feature that probably will be released in SKGL 2.1.1.0 – Machine code locking. This means that each serial key will have support for machine code storage, so that the serial key is bounded to a single computer. As you know, the project is open source, and you can join it whenever you want to (http://skgl.codeplex.com/). If you think I should change something, please write to me or comment this post. Good Luck!

Get Hash Code with Java Script

Once, I wrote about hash function that I improved. Though, that was C#. In this post I will show you how to get hash code with Java Script. (previous post)

In order to calculate a hash value, you need to define two main variables. First of all, the string to calculate hash from (input), and eventually, the length of the result (hashLength). It is recommended that you set the hashLength to 8 or in some cases 10.

Please take a look at this code in work http://editor.clizware.net/?id=9

Hash code generator

Dear Readers,

The last time I have spent on the development of SKGL API, which is a library for those of you who want to secure, protect your hard-coded .NET application. I meanwhile, I have also spent sometime on a code, (basically half an hour), that produces hash code. It is not the best way of doing it, however, so it would be a pleasure to see another version of this code. Much appreciated!

Tip of this weekend (25/2-12)

Another good method to encrypt ASCII based text. To view this example in work, http://editor.clizware.net/?id=7 (remember to press compile)

Encrypting a website

EDIT: Please check out the updated version of this article.

When encrypting a website, we need to understand the way a browser interprets our input, i.e. html/javascript. In this case, we can produce code that is only readable by a browser.

There are several ways to encrypt a page, the main idea behind all methods is it to convert a human-readable code to ONLY computer-readable one.

    • By HTML only
    • By¬†JavaScript
      • Using hexadecimal values
      • Using “escape/unescape”
      • Using an advanced algarithm

By HTML Only
In HTML, all letters(chars) can be written in a ASCII form, i.e., if we have a small “a” that is to be¬†converted, we simply look up its ASCII value and write it instead of the actual char: a, and so on.To sum up, the prefix is “&#”, then the ASCII code, and lastly a semicolon, “;”.

 

By JavaScript
JavaScript website encryption can be divided into several parts. One way is by using the hexadecimal value of a char, and write it instead of the actual char. We have to use JavaScript to perform this action, as it is shown below:

This method will only encrypt the given text, though, but, the user has to be able to see the encrypted text as a result (the browser won’t understand this code unless we have a function that will interpret it). This method is based on JavaScript, and we therefore need to use JavaScript to decrypt. Let us say that we encrypt “Hello World!”, which results “%48%65%6c%6c%6f%20%57%6f%72%6c%64%21”. As you might see, the prefix is “%”, and then the hexadecimal number. If the result above is our webpage, the source of that webpage should look similar to the example below:

NOTE: There is a big difference between the HTML Only encryption and JavaScript encryption. For example, if you encrypt your whole page with HTML Only encryption, including “tags”, the result in the web-browser will be the source of the page. Encoding “<p>Hi</p>” will result¬†“<p>Hi</p>”. However, by using JavaScript, the result will be executed, as a normal page would. Encoding¬†“<p>Hi</p>” will result “Hi”.


There is also, as you might see, an opportunity to use functions escape and unescape as they are. Their actual usage is to encode/decode the url, i.e., replacing spaces, “special chars.” to url friendly one. All letters and numbers will stay the same, they will not be changed.

The result you will get is Hello%20World%21. It replaces spaces with %20, and “!” with %21. Both of them are special¬†characters(chars).

Unescape function will decode to a normal string.

 

By JavaScript – Advanced algorithm
It took a while for me to define what an advanced algorithm in our case would be. I would say that the more advanced algorithm you have, the more time it takes to “crack it”. The method that will be described in this section of the post is my own little version of advanced¬†algorithm. The method is using a logical operation, called XOR. If you already now what that is, jump to the next section.XOR is an operator, and works at a binary level. A definition in words is that the first or second value is true, but not both. Truth table shown below: 

Input Output
A B
0 0 0
0 1 1
1 0 1
1 1 0
XOR Truth table

An operation, 5 XOR 6, would result 3. The thing is, if we take either 5 XOR 3 = 6 or 6 XOR 3 = 5, we always return to our previous numbers. Conclusion, if two numbers are known, we always will get the third one.

As you might see, the decimal value 5 corresponds to 101; 6 corresponds to 110; 3 corresponds to 011.
1 0 1
1 1 0
1 1 0

By using XOR operation, we might, for instance, set a secret number, or a series of numbers, which always will return our third number. In this post, we will go though how to use a series of numbers, but also how to do it with only one number.

The code shown above is my own advanced algorithm. First, we declare “a”, which is a char at certain place in string t; and b, which is a digit at certain place in k. The text to encrypt is placed in t (all chars), and the key to encrypt with is placed in k (only digits).¬†The variable r is an array of the result/output.

First of all, we assign a to the char code at i. The variable b is then assigned to the char at i mod the length of key.

The reason why I put  a modular operation there is simple. If the key length we use is smaller than the text length, we will not be able to encrypt the whole string without it. When we are encrypting something, the key has to be of the same length as the text. By using a modular operation, even if the key is smaller than the text, it will be repeated. For example, if the key is 567 (key length=3), and the text length is 6, the output key will result 567567.

Secondly, an logical operation is executed. In other words, variable a equals to itself XOR b. Variable a has therefore a new value which is later assigned to r[i], i.e., a place in the array r which corresponds to the index value i.

Lastly, we join our array without some joining char, and that will be our encoded text. To decrypt, use the same function; place your encrypted text in t, and the key in k.

You can, however, remove this key opportunity, or as I previously defined it, using a key series,  to a single key digit. You might still use this method, but only having a key, for instance, 6, or, you might remove it at all, and set the secret digit inside the function.

If you want to include this code in your project without typing the code above, include this code before all scripts (see this code in action):

Source 1:

Source 2:

I hope this article was useful, and that you hopefully have learned something new! Below you find some useful links:

Encrypter Р(for html only encryption)
http://www.iwebtool.com/html_encrypter Р(encrypting to hexadecimal values, javascript)
Bitwise Operators – (about logical operators)
Escape and Unescape
Eval Р(advanced encryption, etc.)

This article was revised 17.03.2013.

Page 1 of 2:1 2 »