communicating securely between two pocesses - windows - c++

freelancerTax

hi
i have written a plugin for another piece of software. it a windows dll. i am currently trying to do some form of copy protection/licencing system.

because the software the plugin is for is run in standard (limited) user mode i cannnot get good hardware information to lock the licence to.

i was getting the hard disk physical serial through deviceiocontrol but it does not always work in non admin accounts.

i hear you can set acls on a device so all users can access this kindof data but i coluldnt find out how to do this

i thoght i would write a windows sevice that runs in system and can access hardware information and pass it to my plugin over a named pipe pobably encrypted with openssl rsa public private keys

im wondering since im using this for copy protection how i can make it more secure and less easily hacked cracked.

also what kindo of vulnerabilitis am i opening up by using named pipes and a service with admin privilages

licence will be a rsa signed hash of the hardware info that can be checked at various points in execution with an embedded public key

thanks
ft

srsly78

You can't make anything 100% secure, the user still has root and physical access to their machine.

All you can do really is rely on some security through obscurity type thing. DRM like steam etc uses a kernel mode driver (steamservice) to access physical info, and yet even this can be hacked.

One of the obvious vulnerabilities is with non-secure memory. If your key is loaded into ram, and then the machine goes into hibernation -> your key gets written to page file on disk. Then attacker can just copy your disk and then pillage the page file at leisure. Solution is to use secure memory that doesn't get paged to disk. There are API calls for this and you can roll your own memory manager or get a library for it.

freelancerTax

thanks for the reply srsly78
i know cannot make anything 100% secure, but want to get reasonably secure with resonable effort - as in i want to stop completely easy access with not a huge effort on my part.

thanks for the pointer to secure memory - ill look that up - any opinion on named pipes?
or on communicating with a windows service?

thanks
ft

srsly78

The only way to make things really secure is to have an online component.

Otherwise just put some silly hack in that will stop amateurs. I deployed a database system in the 90s and there was some stupidly bad copy protection where it looked for a special entry on the 1st of april 1666. Without this it would popup a dialog box asking the user to contact support

If you update the software often, change the copy protection scheme in each version. Can't stop pirates but can make their lives difficult.

freelancerTax

hi
i wont be adding an online component - as its too annoying to my userbase
just need something to stop casual copying - i know there is no way to stop the pro hackers!

srsly78

That's fine, just generate a hash based on hardware like you were thinking in the OP. Don't worry about "vulnerabilities" - since the user is admin EVERYTHING is vulnerable.

freelancerTax

ok thanks for the tips !!!