Algorithm for activation key- Security

Question

I'm writing a software application that the user needs to buy a license for and activate it. I need suggestions on how to start about writing a powerful algorithm for code generation and of course, code checking. I know that people can reverse engineer the code and make a keygen, however, my question is two parts:

1. In general, regardless of the application being cracked this way, how can I start writing an algorithm to accept a certain Serial or String or a combination. (e.g is that the right thing? e.g: the first number is from 3-9 the second should be the first - 3, while the third number should be the second * + ....whatever...??)

2. What is the best approach for protecting a Desktop application from piracy without dealing with the internet. Is it the algorithm (make it harder to reverse engineer), protect the source code from being seen after application is installed somewhere?? ...??

PS: Maybe it is worth to mention that I am using Java as my development language. Thanks

Answer 1

1. It sounds like you might benefit from the public-key cryptography approach.

2. This can be broken down into two sub points:

   • A. Have you read this thread here on SO? It might give you some breadth on the issue.
   • B. As @Jaka said, it's not a great challenge (from what I've read) to produce human readable code from Java byte code. You can run your code through an obfuscator to make it more difficult for someone to produce human readable code from it, but if someone really wants to read your code, they'll almost always find a way. The best approach to combat this is to take the advice in the SO thread I linked to: make it easier for someone to buy your app than for someone to steal it.

(edited after stated he's using Java)