The code file of the application of Microsoft .NET is similar to the file generated by Java, and they have no local code, but a code similar to compilation. In this way, as long as there is a suitable tool, you can completely write the procedures written by others into the program files you need. I know. Net under the .NET is Salamander and Reflector two tools, they can compile the .NET's assembly to the language you need. Then, the procedure we write, how to do genuine license management, have many ways. The best solution is a combination of several methods. Let me talk about a separate license verification method. The easiest way is to use licensed storage. The method is that the user enters the genuine registration code, verify the specifically algorithm program in the program, the result of the result is compared with the result compared with the result in prior to the program, and the alignment is correct. The results are then saved in the store, such as registry or dedicated license files, program licenses. The number of people / companies used in this method, but the shortcomings are also the most, as long as the above tools use the above tool to clarify the algorithm of the verification registration code, you can write a registration machine that generates a serial number. This registration method is insensible. There is also a better way to follow the WindowsXP activation mechanism, the customer's program automatically accesses a dedicated server for the Internet, and the license is saved after the license is licensed by TCP / IP or WebService remote access to the license. On the end computer. The advantage of this method is that the license verification code is saved on the developer control computer, and the client cannot obtain the verification algorithm, and it is very convenient to manage users through the database. But this method also has a shortcoming, first is a reliable Internet connection. If you want to prevent the user from using piracy, you must add a random access to the remote license server authentication in the client's program, which not only requires a 24-hour Internet connection, but also verifies the normal operation of the program frequently. Also, if someone gets a virtual verification server, this feature will be done by studying the code that returns the information returned to the information. Then, all the focus is gathered on the client's verification algorithm, as long as the client's verification algorithm is clarified, the entire program can say that there is no existence, so many developers / development companies have a big strength, Get a sufficiently complex verification algorithm to resist the crack with complexity of the algorithm. But the complex algorithm, as long as someone is written, some people can crack it out, I think everyone understands. Is there a different way to encrypt the encryption algorithm and the decryption algorithm? Have. And there is this algorithm in the .NET combo library. The principle of this algorithm is the principle of asymmetric encryption. Asymmetric encryption principles, everyone knows. The encrypted password (key) is divided into two parts, the public key, and the private key. Cipheths encrypted by private key can only be decrypted by public key. According to this feature, we can find that as long as the developer saves a private key, even if the algorithm code is broken by the client, the registration code cannot be generated because the client does not know the private key saved at the developer. This algorithm is the RSAPKCS1SIGNATUREFORMATTER class (to generate a registration code) and the RSAPKCS1SIGNATUREDEFORMATTER class (used to verify the registration code) in the client authentication code). The verification process is as follows: First, you need to generate a public key and private key pair. Of course, relying on people cannot be generated, we can generate public key / private key pairs through the RSacryptoServiceProvider Class in the System.Security.cryptography namespace.
Using (RSacryptoServiceProvider RSA = New RsacryptoServiceProvider ()) {// Public Key String Pubkey = rsa.toxmlstring (false); // Private Key String Prikey = RSA.TOXMLSTRING (TRUE);
}
After getting private key, you can use
The RSAPKCS1SIGNATUREFORMATTER class generates a registration code, the code is as follows (reference name space)
Using
(RSacryptoServiceProvider RSA)
=
New
RsacryptoServiceProvider ())
{Rsa.FromXmlString (prikey); // encryption target RSAPKCS1SignatureFormatter f = new RSAPKCS1SignatureFormatter (rsa); f.SetHashAlgorithm ( "SHA1"); byte [] source = System.Text.ASCIIEncoding.ASCII.GetBytes (txtIn.Text); SHA1MANAGED SHA = New Sha1Managed (); Byte [] Result = SHA.ComputeHash; Byte [] B = f.createsignature (Result); msg.text = Convert.Tobase64String (b);}
The above code is a sample ASPX page code. The page includes an ID of the MSG's Label control. A TextBox control for txtin. One ID is the Button control of BTNOK. The above code is the content of the BTNOK's event handler. Everyone can see the process process, generate a RSAcryptoServiceProvider class instance, and then specify the encryption key of this class instance to the PriKey string containing the private key because the encrypted decryption / private key must be corresponding. Then get the contents of txtin input, and display it on the MSG control after generating a key.
Below is used
RSAPKCS1SIGNATUREDEFORMATTER class to verify input:
Using
(RSacryptoServiceProvider RSA)
=
New
RsacryptoServiceProvider ())
{Rsa.FromXmlString (pubkey); RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter (rsa); f.SetHashAlgorithm ( "SHA1"); byte [] key = Convert.FromBase64String (txtKey.Text); SHA1Managed sha = new SHA1Managed (); byte [ ] Name = sha.computehash (txtin.text)); if (f.Text)) msg.text = "Verification success"; else msg.text = "unsuccessful";
The above code is also very well understood, that is, an IDTBOX control is more than TXTKEY, and he verifies by simultaneously obtaining the username / encryption key. The focus is the RSA class's proxmlstring () method, pay attention to the above method to get the public key, indicating that this verification code is saved in the client, the client code is no private key, even if someone puts the code code. It is useless. The above two paragraphs need to be aware that the generated public key / private key must match, I use the RSA object to generate the key pair to save this problem, you can solve this problem.
The above method still unable to resolve customers with ILDASM's anti-compile violent modification IL code, only relying on reliable strong names and digital certificates to ensure that the assembly is not modified.
