I have an application which has a license key function.
The user gets their license key, then type it into the TextBox where the license key is supposed to go, and if the license key is valid, they get taken to the main form, where all of the features are.
Now, to make my program more secure, I need to be able to check that the user has definitely typed in their license key, and they haven't done something like delete (by decompiling) the license key form so they can gain access to the main form where all of the features are.
Note: My license keys are stored on a server.
How would I check that the user has definitely typed in the license key?
Below is the code.
AddLicense.vb:
Imports SKM.V3
Imports SKM.V3.Models
Imports SKM.V3.Methods
Public Class AddLicense
Private p_oRandom As Random
Private Const INTERVAL_MIN_SEC As Integer = 4
Private Const INTERVAL_MAX_SEC As Integer = 25
Private Sub Timer1_Tick(sender As Object, e As EventArgs) Handles Timer1.Tick
If BunifuProgressBar1.Value = 50 Then
Label3.Show()
Label2.Hide()
End If
BunifuProgressBar1.Value += 1
If BunifuProgressBar1.Value = BunifuProgressBar1.MaximumValue Then
BunifuProgressBar1.Hide()
Label3.Hide()
Label2.Hide()
Timer1.Stop()
BunifuMaterialTextbox1.Show()
BunifuThinButton21.Show()
Label4.Show()
LinkLabel1.Show()
BunifuThinButton22.Show()
End If
Timer1.Interval = p_oRandom.Next(INTERVAL_MIN_SEC, INTERVAL_MAX_SEC) * 3
End Sub
Private Sub BunifuImageButton1_Click(sender As Object, e As EventArgs) Handles BunifuImageButton1.Click
Me.Close()
End Sub
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
p_oRandom = New Random
End Sub
Private Sub LinkLabel1_LinkClicked(sender As Object, e As LinkLabelLinkClickedEventArgs) Handles LinkLabel1.LinkClicked
Try
Process.Start("https://selly.gg")
Catch ex As Exception
End Try
End Sub
Sub Nolicense()
BunifuThinButton21.Enabled = False
End Sub
Private Sub BunifuThinButton21_Click_1(sender As Object, e As EventArgs) Handles BunifuThinButton21.Click
Dim token = "WyIxMDM2IiwiZ082d2dnS0FmTkRuTXNPcGhlSkllVEx6ckFWMFhhSzlMM3Rvc01xUSJd"
Dim key = BunifuMaterialTextbox1.Text.Replace(" ", "")
Dim license = New LicenseKey() With
{
.ProductId = 3888,
.Key = key
}
If license.Refresh(token, True) Then
' we are able to auto complete missing key info
Me.BunifuThinButton21.Enabled = license.HasFeature(1).IsValid() ' either we have feature1 or not.
MsgBox("License is valid! Thanks for purchasing.")
Me.Hide()
Sploitbase.Show()
If license.HasFeature(4).HasNotExpired().IsValid() Then
Me.Hide()
Sploitbase.Show()
ElseIf license.HasNotFeature(4).IsValid() Then
Else
MsgBox("Your license has expired and cannot be used.")
Nolicense()
End If
license.SaveToFile()
Else
' something went wrong.
MsgBox("Unable to access the license server or the key is wrong.")
End If
Me.Close()
End Sub
Private Sub BunifuThinButton22_Click(sender As Object, e As EventArgs) Handles BunifuThinButton22.Click
End Sub
End Class
Sploitbase.vb - the main form:
Imports SKM.V3
Public Class Sploitbase
Private Sub Sploitbase_Load(sender As Object, e As EventArgs) Handles MyBase.Load
End Sub
Public Sub NoLicense()
End Sub
Private Sub TabPage1_Click(sender As Object, e As EventArgs)
End Sub
Private Sub LinkLabel1_LinkClicked(sender As Object, e As LinkLabelLinkClickedEventArgs)
Try
Process.Start("https://selly.gg")
Catch ex As Exception
End Try
End Sub
End Class
I believe what you want is to stop users from decompiling your program and removing the license key form entirely...
Unfortunately, it's impossible to stop that, as long as a program can be run on an ordinary computer, it can be decompiled, otherwise, it would be impossible for the processor to process it.
This means, that it would be possible to remove the relevant instructions for that, and C# and VB is easy to decompile - tools like dotPeek get valid source code (it won't be exactly the same as the original, but still readable and runs like the original) just with a click.
Keep in mind that even proper commercial programs made by whole companies have this problem.
So, what could you possibly "do"? Well, I only really have two suggestions... but they won't work too well.
One only makes it harder and the other one requires access to the internet all the time.
Obfuscation essentially makes the code harder to read after decompiling, however, it won't stop people from deleting the form, it will just make it slightly harder.
I posted it as an option because it will make the code very confusing when recompiling and it might be helpful to "protect" it a bit more. However, just remember this: "It's a weak layer of defence for a weak attacker."
An obfuscator you could use is Eazfuscator.NET, that webpage I sent also has a description of essentially what it does and how to use it - it may be worth taking a look at.
This one requires a connection to the internet... but, it's the only other option you have at all - it's either this or... able-to-get-rid-of-product-key.
Essentially, in this idea, you make a server do all the work that the application has to do and then return the result of it.
Imagine the user's computer is a server. Their "server" runs the code, and so the code is on their "server" (otherwise it has nothing to run) and everything is processed on their server. Now, if you run it on your server, all the code is on your server and your server only returns the result, meaning, they can't get at the process that provides that result.
In the end, this would mean that the application physically would not be able to do anything without a license key, since the only way it can get its data processed is via the server, and the server won't process the data without a product key.
The only downside to this is that you must have an internet connection and if the internet connection is slow - the program will be slow.
Since you want to know how to do this in vb.net taking a look at ASP.NET may help, but it's really designed to make a full-website - not to just process a few tasks.
I can leave it up to you how you would want to approach this task but here's one way of doing this:
The code below will make a "request" to a certain URL and then get the result back - with this, you could make it so when it goes to that URL the server processes the data given (including the product key) and returns back a result.
Dim request As System.Net.HttpWebRequest
Dim response As System.Net.HttpWebResponse
request = System.Net.HttpWebRequest.Create("https://URLHERE")
response = askforupdate.GetResponse
Dim result As System.IO.StreamReader = New System.IO.StreamReader(response.GetResponseStream)
result now contains a String - but, keep in mind that you can use this for practically anything - even images! (Images are just New Bitmap(response.GetResponseStream))
You can pass data to the server via a Query String, for example:
my.website/processSomething?license=AAAAAAAA&sizeInput=241&somethingElse=asagsag
But, really, it's up to you how you do that.
I'm sorry I couldn't give you an exact solution, but, there really isn't one. You're going to end up sacrificing something either way.
Hopefully, this was at least helpful and helped you understand that it's really not possible to prevent people hacking your software without losing something.