Licensing...

FabioG · Mar 21, 2013

Hello,

I use the library licensing but I noticed that some of my applications have been cracked and published in some illegal Market.

I followed the guide published by Erel, but I would like to know if there is a way to make more secure applications.

Thanks
Fabio

Erel · Mar 21, 2013

Have you used SetVariableAndValue and checked the value?

FabioG · Mar 21, 2013

Erel said:
Have you used SetVariableAndValue and checked the value?

Of course,

this is the code

B4X:

   Dim lc As LicenseChecker    
   lc.Initialize("lc", GetDeviceId, publicKey, "asjdewdncnskueA******************".GetBytes("UTF8"))
       lc.SetVariableAndValue("snc_1", "thisisatestvariable")
       lc.CheckAccess

Erel · Mar 21, 2013

Where are you testing its value?

FabioG · Mar 21, 2013

Erel said:
Where are you testing its value?

the code is this, in Activity_Create call CheckLicense

something is missing?

B4X:

Sub Process_Globals


   Dim publicKey As String

   publicKey = "******************************"

   Dim snc_1 As String

End Sub


Sub CheckLicense

Dim lc As LicenseChecker

   lc.Initialize("lc", GetDeviceId, publicKey, "asjdewdncnskueA******************".GetBytes("UTF8"))
   lc.SetVariableAndValue("snc_1", "thisisatestvariable")
   lc.CheckAccess

End Sub


Sub lc_Allow
   Log("OK Licensed")
End Sub
Sub lc_DontAllow
   Log("License: DontAllow")
   Msgbox("Not Licensed","License")
   Activity.Finish
End Sub
Sub lc_Error (ErrorCode As String)
  Log("License error: " & ErrorCode)
   Msgbox("Not Licensed","License")
   Activity.Finish
End Sub

Erel · Mar 21, 2013

You are not checking the value of snc_1. You should somewhere in your code test its value and if it is not the set value then you should exit the application. This is the purpose of this call.

Whether it is set or not depends on how the crack works.

FabioG · Mar 21, 2013

Erel said:
You are not checking the value of snc_1. You should somewhere in your code test its value and if it is not the set value then you should exit the application. This is the purpose of this call.

Whether it is set or not depends on how the crack works.

you give an example of how to check the value of the variable?

tnks

Erel · Mar 21, 2013

Consider what will happen if someone decompiled your code and remove the call to CheckAccess. Your program will just work fine, which is not good...

In this case the variable will not be set. So later in your code you can add a check such as:

B4X:

If snc_1 <> "thisisatestvariable" Then
 Activity.Finish
End If

You can also implement more sophisticated checks.

FabioG · Mar 21, 2013

Erel said:
Consider what will happen if someone decompiled your code and remove the call to CheckAccess. Your program will just work fine, which is not good...

In this case the variable will not be set. So later in your code you can add a check such as:

B4X:

If snc_1 <> "thisisatestvariable" Then Activity.Finish End If

You can also implement more sophisticated checks.

ok thank you very much
will insert this control somewhere in the code.

How sophisticated controls you have any examples?

thanks again

Erel · Mar 21, 2013

You can set a useful value for this variable and later just use this variable. This way if the check was skipped the code will fail.

For the simple check you should at least use a process global string, so the string will be obfuscated.

FabioG · Mar 21, 2013

Erel said:
You can set a useful value for this variable and later just use this variable. This way if the check was skipped the code will fail.

For the simple check you should at least use a process global string, so the string will be obfuscated.

ok I understand

Now insert the controls and recompile so obfuscated

thanks again

aaronk · Mar 22, 2013

Erel said:
Consider what will happen if someone decompiled your code and remove the call to CheckAccess. Your program will just work fine, which is not good...

In this case the variable will not be set. So later in your code you can add a check such as:

B4X:

If snc_1 <> "thisisatestvariable" Then Activity.Finish End If

You can also implement more sophisticated checks.

Hope this isn't a silly question but if someone decompiles your code and removes the CheckAccess part in your code what is stopping someone removing the variable that the code is looking for as well, or is only part of the code visible when someone decompiles?

Informatix · Mar 22, 2013

aaronk said:
Hope this isn't a silly question but if someone decompiles your code and removes the CheckAccess part in your code what is stopping someone removing the variable that the code is looking for as well, or is only part of the code visible when someone decompiles?

Let's say the things clearly: there's no protection against someone with the basic tools and knowledge. The protection is just there to avoid curiosity and easy cracking. A very good method to secure your app is to embed important functions in a .so library (it's the protection scheme of popular games). The native libraries are not easy to modify. They have to be written with the Android NDK in another language, e.g. C++. And they need to write in Java a wrapper for B4A. So they require to know at least Java and C.

EDIT: And to speak frankly, a guy like me can decompile and crack almost any Android app. I say "almost" and not "all" because when an app runs parts of its code on an external server, things become harder (you have to fake a valid ID or use an existing one). Of course, I don't do this (people doing that are immature or have a self-estim problem and need to prove something); it's just to say that a lot of people have my skills (and more) and that no Android app can be safe. We have to live with it.

Erel · Mar 24, 2013

Hope this isn't a silly question but if someone decompiles your code and removes the CheckAccess part in your code what is stopping someone removing the variable that the code is looking for as well, or is only part of the code visible when someone decompiles?

This is a good question. I guess that most "crackers" use automatic tools to remove Google licensing. In that case they will not remove your custom protection.

You can also make it difficult to find where this variable is used and what is it expected value. I recommend you to use Process_Global strings for the variable name and value. This way it will be difficult to find the variable name.

Licensing...

FabioG

Active Member

Erel

B4X founder

FabioG

Active Member

Erel

B4X founder

FabioG

Active Member

Erel

B4X founder

FabioG

Active Member

Erel

B4X founder

FabioG

Active Member

Erel

B4X founder

FabioG

Active Member

aaronk

Well-Known Member

Informatix

Expert

Erel

B4X founder

Similar Threads

Licensing...

Active Member

B4X founder

Active Member

B4X founder

Active Member

B4X founder

Active Member

B4X founder

Active Member

B4X founder

Active Member

Well-Known Member

Expert

B4X founder

Similar Threads

Privacy & Transparency

Privacy & Transparency