Answer the question
In order to leave comments, you need to log in
How to implement the protection of the application by its "hardware" and further authorization on the server?
The application uses a connection to the partner's server to receive a large amount of data and their subsequent processing on the client side. To connect to the partner's server, authorization (login, password) is required.
Task:
To secure the software so that at first there is a connection to my server and only after authorization on my server, the client connects to the partner.
I am planning a server on .net core infrastructure, Debian operating system. I am also considering the option with Azure, but at this stage this is not necessary.
Goals:
- Secure the software;
- Make monetization more efficient, by monthly subscription;
- Check that the program is running on only one device should work;
- Binding to PC hardware must be implemented. At the first start, a unique key is assigned to the corresponding login on my server, which is rigidly tied to the hardware, and if the user has demo status, then when the demo account was launched on another PC, another key was saved on the server and assigned to the data user, and the demo account ended exactly on its expiration date. When you re-register a demo and run the software on a computer, this demo account is blacklisted and assigned to this user, if the program has already been launched on this PC before and the time of the previous demo account has expired.
This measure is necessary so that users cannot cheat the system by constantly registering new demo accounts, re-installing the OS or creating virtual machines. This is a good incentive to purchase/renew a paid subscription.
My server will also collect statistics on the client, but in the future.
--
Questions:
Answer the question
In order to leave comments, you need to log in
After all, you read the news, crack bands post their work regularly for new products of IGR, Software.
.net and c/c++/asm will open in a couple of hours if desired.
Attached to the hardware - calls with complaints, HDD / CPU / Motherboard was replaced and the program does not start. Break off faster than write.
All important checks on the server, the client will break everything if desired.
The login password should be enough, or think that the thread, but with the growth of popularity they will bypass.
VM - vmware has settings, VM detection will work if you write it yourself or use a not too common way to use it.
The client should not connect directly to the partner, they will find out via wireshark/netstat/... ip, and you will be bypassed in this chain.
Encrypt the data via https, there will be no problems, the firewall will miss it.
The program installation flags on the PC are bypassed quickly, they take a snapshot of the PC state, install your software, remove it, take 1 more snapshot. 2 snapshots are compared, the presence flag of the program installation is found. MS even has such a utility, I forgot the name.
If you want protection - use virtual machines (~VMProtec), medium and higher qualifications are needed to hack them.
Create a three-tier structure, and implement all the business logic on your server, the client is just for viewing. As an example of Diablo 3, everything is implemented on the Blizzard server, the game itself only draws the data received from the server, as a result, no one broke it, it makes no sense.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question