Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

communicating securely between two pocesses - windows - c++

  • 31-05-2013 12:26am
    #1
    Registered Users, Registered Users 2 Posts: 391 ✭✭


    hi
    i have written a plugin for another piece of software. it a windows dll. i am currently trying to do some form of copy protection/licencing system.

    because the software the plugin is for is run in standard (limited) user mode i cannnot get good hardware information to lock the licence to.

    i was getting the hard disk physical serial through deviceiocontrol but it does not always work in non admin accounts.

    i hear you can set acls on a device so all users can access this kindof data but i coluldnt find out how to do this

    i thoght i would write a windows sevice that runs in system and can access hardware information and pass it to my plugin over a named pipe pobably encrypted with openssl rsa public private keys

    im wondering since im using this for copy protection how i can make it more secure and less easily hacked cracked.

    also what kindo of vulnerabilitis am i opening up by using named pipes and a service with admin privilages

    licence will be a rsa signed hash of the hardware info that can be checked at various points in execution with an embedded public key

    thanks
    ft


Comments

  • Registered Users, Registered Users 2 Posts: 7,157 ✭✭✭srsly78


    You can't make anything 100% secure, the user still has root and physical access to their machine.

    All you can do really is rely on some security through obscurity type thing. DRM like steam etc uses a kernel mode driver (steamservice) to access physical info, and yet even this can be hacked.

    One of the obvious vulnerabilities is with non-secure memory. If your key is loaded into ram, and then the machine goes into hibernation -> your key gets written to page file on disk. Then attacker can just copy your disk and then pillage the page file at leisure. Solution is to use secure memory that doesn't get paged to disk. There are API calls for this and you can roll your own memory manager or get a library for it.


  • Registered Users, Registered Users 2 Posts: 391 ✭✭freelancerTax


    thanks for the reply srsly78
    i know cannot make anything 100% secure, but want to get reasonably secure with resonable effort - as in i want to stop completely easy access with not a huge effort on my part.

    thanks for the pointer to secure memory - ill look that up - any opinion on named pipes?
    or on communicating with a windows service?

    thanks
    ft


  • Registered Users, Registered Users 2 Posts: 7,157 ✭✭✭srsly78


    The only way to make things really secure is to have an online component.

    Otherwise just put some silly hack in that will stop amateurs. I deployed a database system in the 90s and there was some stupidly bad copy protection where it looked for a special entry on the 1st of april 1666. Without this it would popup a dialog box asking the user to contact support :)

    If you update the software often, change the copy protection scheme in each version. Can't stop pirates but can make their lives difficult.


  • Registered Users, Registered Users 2 Posts: 391 ✭✭freelancerTax


    hi
    i wont be adding an online component - as its too annoying to my userbase
    just need something to stop casual copying - i know there is no way to stop the pro hackers!


  • Registered Users, Registered Users 2 Posts: 7,157 ✭✭✭srsly78


    That's fine, just generate a hash based on hardware like you were thinking in the OP. Don't worry about "vulnerabilities" - since the user is admin EVERYTHING is vulnerable.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 391 ✭✭freelancerTax


    ok thanks for the tips !!!


Advertisement