wow created my first foxpro but license issue how to solve

[adnan khan]

Hello all,

I have created an application in visual foxpro and when the app start it search for a validate license if not found it focus a form on which we have to write a license key the problem i am facing is how can i make another app for generating a valid key for it.

the form on which we enter key is as follows can anyone guide.

xval = ALLTRIM(SUBSTR(thisform.txtkey_gen.value, 1, 5)+SUBSTR(thisform.txtkey_gen.value, 7, 5)+SUBSTR(thisform.txtkey_gen.value, 13, 5)+SUBSTR(thisform.txtkey_gen.value, 19, 5)+SUBSTR(thisform.txtkey_gen.value, 25, 4))
 xval = STRTRAN(ALLTRIM(xval), '$', 's')
 IF AT('s', xval)>0
    MESSAGEBOX("NOT VALID KEY OR .", 64, ')
    thisform.txtkey_gen.value = "$$$$$-$$$$$-$$$$$-$$$$$-"
    mconfirm = 'N'
    thisform.btn_cancel.click
    RETURN
 ENDIF
 RELEASE str_encode
 DIMENSION str_encode(15)
 j = 1
 mstr_decrypt = SPACE(1)
 FOR i = 1 TO 30 STEP 2
    str_encode[j] = SUBSTR(xval, i, 1)
    mstr_decrypt = ALLTRIM(mstr_decrypt)+str_encode(j)
    j = j+1
 ENDFOR
 zval = CHRTRAN(mstr_decrypt, "ZTYIXCWOVSU5T4X3R2Q1PAOBN6MDL7KFJ8IH", "1234567890ZYXDEFGHIJKLMNOPQRXVBUCTWA")
 xcheck_date = SUBSTR(zval, 5, 2)+"/"+SUBSTR(zval, 7, 2)+"/20"+SUBSTR(zval, 9, 2)
 IF CTOD(xcheck_date)<DATE()
    MESSAGEBOX('Your Licence Key is Not Valid. Contact to [URL unfurl="true"]wwww.abc.com[/URL] or email to abc@gmail.com.', 64, ')
    mconfirm = 'N'
    thisform.btn_cancel.click
    RETURN
 ENDIF
 newencript = CHRTRAN(SUBSTR(zval, 5, 6), "1234567890ZYXDEFGHIJKLMNOPQRXVBUCTWA", CHR(20)+CHR(11)+CHR(23)+CHR(15)+CHR(16)+CHR(17)+CHR(14)+CHR(25)+CHR(36)+CHR(64)+CHR(1)+CHR(8)+CHR(5)+CHR(3)+CHR(4)+CHR(7)+CHR(33)+CHR(34)+CHR(126)+CHR(128)+CHR(161)+CHR(162)+CHR(163)+CHR(164)+CHR(165)+CHR(166)+CHR(167)+CHR(168)+CHR(169)+CHR(170)+CHR(171)+CHR(171)+CHR(172)+CHR(173)+CHR(174)+CHR(175))
 newdecript = CHRTRAN(newencript, CHR(20)+CHR(11)+CHR(23)+CHR(15)+CHR(16)+CHR(17)+CHR(14)+CHR(25)+CHR(36)+CHR(64)+CHR(1)+CHR(8)+CHR(5)+CHR(3)+CHR(4)+CHR(7)+CHR(33)+CHR(34)+CHR(126)+CHR(128)+CHR(161)+CHR(162)+CHR(163)+CHR(164)+CHR(165)+CHR(166)+CHR(167)+CHR(168)+CHR(169)+CHR(170)+CHR(171)+CHR(171)+CHR(172)+CHR(173)+CHR(174)+CHR(175), "1234567890ZYXDEFGHIJKLMNOPQRXVBUCTWA")
 asiacheck = SUBSTR(newdecript, 1, 2)+"/"+SUBSTR(newdecript, 3, 2)+"/"+SUBSTR(ALLTRIM(STR(YEAR(DATE()))), 1, 2)+SUBSTR(newdecript, 5, 2)
 lkdate = CTOD(asiacheck)
 SELECT * FROM options INTO CURSOR tmpkey
 SELECT options
 USE
 SELECT tmpkey
 SET LIBRARY TO MD5.FLL
 SET EXACT ON
 IF clchk=md5hash(SUBSTR(mstr_decrypt, 1, 4))
    DO unprotectfile.prg
    SET LIBRARY TO vfpencryption.fll
    UPDATE hardfile SET brefno = encrypt(ALLTRIM(newencript), '&*^', 1024)
    SET LIBRARY TO MD5.FLL
    SELECT hardfile
    USE
    MESSAGEBOX("Key is Validated."+CHR(13)+"Your Licence is updated. upto "+DTOC(lkdate), 64, ')
    mconfirm = 'Y'
    DO protectfile.prg
    UPDATE tktcheck SET eamount = md5hash('L1') WHERE ALLTRIM(etax)=md5hash(ALLTRIM(ghardid))
    lkcheck = .T.
    thisform.btn_cancel.click
 ELSE
    DO protectfile.prg
    MESSAGEBOX("NOT VALID KEY.", 48, ')
    thisform.txtkey_gen.value = "$$$$$-$$$$$-$$$$$-$$$$$-"
    thisform.txtkey_gen.refresh
    thisform.txtkey_gen.setfocus
    mconfirm = 'N'
    USE
 ENDIF
 USE
 RETURN

 

[Mike Lewis]

Could you state your problem a little more concisely. It is asking a lot to expect forum members to study all that code and try to figure out what it is all about. Some punctuation might also make your meaning clearer.

Also, it would be easier for us to understand the code if you use the proper [ignore]

[/ignore] tags. You can do that by highlighting the code, and then clicking on the "Code" button in the toolbar.

Also, please avoid very wide lines in your code - such as the first line in the code that you posted. The problem with these is that it makes the entire body of the page much wider, which means we have to scroll horizontally to read it.

Finally, something seems to have gone wrong when you pasted your code. The string variables containing successive dollar signs with several blank lines between them are obviously not right.

Mike

__________________________________
Mike Lewis (Edinburgh, Scotland)

Visual FoxPro articles, tips and downloads

 

[Olaf Doschke]

Looks like you either try to find a hack or try to evaluate the strength of the licensing key system.

Or you really just implemented half of the license key check system without first developing the idea fully, including how to generate valid keys. That's a bit like creating a safe room without a door and then ask how to create a key (for a non existing door).

If you develop a license key system you obviously need to develop a lock & key system, you don't invent just the lock and then search for a partner company devloping keys.

...Let me make a wild guess: You decompiled an EXE and found that code. At first you tried to recompile without the license check, but the build isn't working. Now you try to find someone to reverse engineer a key for you. Am I close?

Bye, Olaf.

 

[JRB-Bldr]

Congratulations on creating your first VFP application.

Like Mike says above you need to help us by narrowing down your request to where the problem actually occurs.

If you are not already familiar with VFP Debugging tools you might want to look at the free, on-line VFP Tutorial videos at:

http://www.garfieldhudson.com/freevideos.aspx

One that you might focus on would be:

Building a Simple Application - Pt. 2​

One highlight of this video is the use of the Visual FoxPro Debugger.​

Then, once you understand specifically which line(s) of code create the error, you can give us just that code and we can better help you.

Good Luck,
JRB-Bldr

 

[Olaf Doschke]

One check "your" code does is CTOD(xcheck_date)<DATE(). It's totally easy to construct input resulting in whatever future (license valid thru) date you like. So as soon as someone decompiles this code this barrier is easily taken.

A good licensing system will work with external license files, which can even have data like the valid thru date in clear text, the whole license file will then be signed with an asymmetric signature algorithm using a keypair. The signature can be checked via a public key, you can embed in your EXE, the private key to create the signature will be kept away from the end user/customer though, it will be used to sign the license. To not need your personal assistence you can hold the private key on your product internet domain and produce or update license files online. That would be a good licensing idea.

Why can data as the valid thru date be written in clear text in such a license file? Well, when it's changed, the signature gets invalid, so the license becomes invalid as soon as a user fiddles with its content. And if the license file actually should be updated, eg prolonging the valid thru date, this will need to be done server side with the private key you don't have in your application. So unlike your CHRTRAN strings there is no secret in the EXE, which can be used or changed to allow the acceptance of the license file, a user cannot update the license file signature to be valid for the changed data, neither by signing with the public key only (signing needs the private key) nor by changing the public key (public key is part of a key pair only working correctly as a pair, there is no second public key matching).

This is still only as hard a protection as the source code is protected, when you decompile with a foxpro decompiler a code part checking a license can of course simply be removed overall.

Bye, Olaf.

 

[TamarGranor]

This article describes both pieces of a good licensing system:

http://doughennig.com/papers/Pub/Jun00.pdf

Tamar