KenR60
24th July 2008 00:58 UTC
Script to scramble a Number
If I have a Number eg. -1787753 and I need to scramble it so its not recognised by the user is there a script availble for doing this. I would need the number so the user sends it to me and then the ability to un-scamble it so I see it as -1787753 again.
LoRd_MuldeR
24th July 2008 01:26 UTC
This has been discussed before. You cannot "protect" any secrets that are hardcoded into your NSIS script. For example tools like 7-Zip are able to disassemble your script from the installe EXE file. A simple memory dump can do the same. All that can be done is obfuscating your script. That is: Don't hardcode your "magic" number into the script. Instead calculate the number at runtime. Use some obscure calculation, so it won't be too obvious for people looking at the disassembly...
KenR60
24th July 2008 01:47 UTC
Thats OK, the Concept is the Installer reads the Hardrive Serial, scrambles it, my Website has a "Request Demo" webform, the User enters the HardDrive Serial ( Called Registration Number ) and then this emails the user the Scrambled number which they type into the Setup to continue. If a anyone wants they can use 7-Zip and see what happens, won't matter because its just access to a Demo of my software. I just needed a method where a user can complete the Setup without asking me for a Number each time, this way the Demo is accessable 24/7 without any interaction from me ;-)
LoRd_MuldeR
24th July 2008 01:59 UTC
This could be solved with RSA. Just generate a RSA key-pair. The "private" key remains on your server. The "puplic" key is hardcoded into your installer. No need to protect it, everybody can read it. Your installer will send the HDD serial to the server. The server will generate a registartion number. The HDD serial must be a part of the registration number. Then the server will sign the registration number with it's private key. Then the registration number is mailed to the user. The user enters the registration number and the installer will verify it: It will first check whether the registration number is authentic by verifying the signature (using the public key). Then it will check whether the registration number suits the user's HDD serial. If all checks went OK, then install. Otherwise show error message and tell the user to request a valid registration...
KenR60
24th July 2008 02:10 UTC
Thanks, more secure solution, just too complicated for what i needed. I'd use the same Harddrive Serial for the Installer but I just want to know what Computers and who has installed the Demo. By scrambling the SN it just stops the user from installing the first Demo, then understanding that if they use the SN of the next computer it will also install another Demo. 10 computers later and no knowledge of what computers are running a demo.