MATLAB Answers

pink
0

mode trial or serial number

Asked by pink
on 21 Jul 2011
is there a code that can be used for the application (gui) can function for 30 days or whether it can provide an example to make an application to embed serial numbers?

  0 Comments

Sign in to comment.

2 Answers

Answer by Jan
on 21 Jul 2011

This has been discussed repeatedly. If your program is cheap and large (< 10.000$, > 10.000 lines), P-coding is a fairly secure encryption method. Checking the date ("if now > datenum('23-Aug-2011')...") is easy to break by overloading the command NOW. "builtin('now')" is one step more secure, but even BUILTIN can be overloaded and the system clock can be manipulated also.
As next step the client computer could contact a server in the internet to check the date. But this communication can be manipulated also, therefore Walter talked of aquantum encryption. Anyhow, if your program is not too expensive (< 10.000.000$), an AES enctrypted communication should be sufficient. But then the P-coding will be the weakest point again.
This page shows some methods to create a serial number: Undocumented: ComputerID. All these numbers can be manipulated.
I assume a printed and signed non-disclosure-agreement is the best protection.

  6 Comments

Jan
on 23 Jul 2011
@Pink: If I publish an approach here, these instructions will be useful assisence for your customer to break the protection. The fundamental principle of protection is obfuscation. In consequence my best suggestion here ist:
1. Insert this in your code:
disp('This program is license to <CUSTOMER> until 29 March 2012');
Or better: Print it in large letters in a splash screen when your program starts.
2. if (now < datenum('30-Mat-2012')), return; end
3. P-code the function.
Now I would need two minutes to break this protection, but a certain degree of criminal intent is necessary to ignore the message repeatedly.
Alternatively you can pay at least 20% of the price of your program to a professional programmer to implement a more secure version.
Program protection against determined attackers is a topic for a series of graduate level university courses.
Program protection against lazy unmotivated attackers is simple: just make the program so poor and useless that no-one will want to bother running it.
Jan
on 24 Jul 2011
@Walter: I still do not get the feeling, that there is a scientific or professional approach for protecting important data. The magic keys are still saved in clear text in the memory, the 3DES encrypted bank transferes can be redirected by silly skimming attacs, famous software packages do still use the harddisk ID to identify a machine and the secret documents can by copied in TerraBytes from the Pentagon. Are you really sure that there is any graduate level university course and if so, where do the students go?!

Sign in to comment.


Answer by Walter Roberson
on 21 Jul 2011

What level of certainty do you need? This task is very very difficult to do robustly if the user is more than 12 km away from the server (the current practical distance limit for quantum cryptography; recently extended to 20 km in specialized optical fibres, but that is not in production yet.)

  2 Comments

Jan
on 21 Jul 2011
@Walter: You can create a quantum cryptography channel between the server and the client, but the transmission can be modfied between the hardware interface and the Matlab GUI. Can this gap ("the last cm") be secured? I remember the encrypted transport of HD movie signals from the Blueray player to the LCD monitor. But inside the LCD, the decrypted pixel stream must be existing physically anywhere...
I just want to learn the basics of an application protection system.

Sign in to comment.