Programmer 7500

home *** CD-ROM | disk | FTP | other *** search

/ Programmer 7500 / MAX_PROGRAMMERS.iso / PASCAL / FLXKEY10.ZIP / FLXKEY.DOC < prev next >

Wrap

Text File | 1992-10-01 | 26.7 KB | 834 lines

FlxKey 1.0 : Registration-key Unit for Borland's Turbo Pascal 4.0 - 6.0 Copyright 1992 by Guy McLoughlin All Right Reserved. Released as Shareware, 01/10/92. DESCRIPTION =========== FlxKey is an easy to use Turbo Pascal unit, that enables you to create encrypted user-registration keys for your programs. To make the whole process as "painless" as possible, FlxKey performs all the encryption, decryption, and error-checking for you. The FlxKey unit comes pre-compiled in four .TPU files: one for Turbo Pascal 4.0 (FLX40TPU.ZIP), one for Turbo Pascal 5.0 (FLX50TPU.ZIP), one for Turbo Pascal 5.5 (FLX55TPU.ZIP), and one for Turbo Pascal 6.0 . (FLX60TPU.ZIP) Also included are several sample programs, each demonstrating a different method of using the FlxKey unit. PUTTING FLX TO WORK =================== There are only two routines to call within the FlxKey unit: CreateFlxKey - Creates an encrypted registration-key based on the data you pass to it. ReadFlxKey - Reads/decodes/error-checks an encrypted registration-key, and returns the key's data. Both of these routines will return an error-code number, which your program can use to determine it's best course of action. CREATING A REGISTRATION-KEY =========================== Before you can use the CreateFlxKey routine you must: 1- Place the name of the FlxKey unit in your program's "uses" declaration. ie: uses Crt, FlxKey; Page 1 2- Declare a "FlxRec" variable, used to pass the data you want to encrypt into the registration key. ie: type FlxRec = record FirstName : st20; LastName : st30; Address1 : st30; Address2 : st30; Address3 : st30; AppName : st20; Version : word; Serial : longint; Date : longint; Access : word; end; var TempKeyRec : FlxRec; 3- Declare two encryption-code string variables, to be used to encrypt the registration key. These strings can be from 1 character to 100 characters in length, though I would recommend using at least 10 characters for each encryption string. ie: var Ecode1, Ecode2 : string[100]; or var Ecode1, Ecode2 : st100; 4- Declare a word-type variable to hold the error-code returned by CreateFlxKey. ie: var ErrorCode : word; 5- Declare a path/filename string variable, that will be used to pass the name of the encrypted registration-key file you want to create. ie: var RegKeyName : string[79]; or var RegKeyName : st79; Page 2 6- Assign your data to the "FlxRec" variable. To assign data to the "TempKeyRec" you declared earlier, you could code something like this: (* TempKeyRec is our "FlxRec" type variable. *) with TempKeyRec do begin (* Assign the firstname, lastname, and address of the *) (* user this key is being created for. *) FirstName := 'John'; LastName := 'Smith'; Address1 := '1234 AnyPlace Road,'; Address2 := 'BigCity, BigPlace,'; Address3 := 'BigCountry, BigZip'; (* Assign the name of your amazing program that this *) (* key belongs to. *) AppName := 'Amazing Program'; (* Assign the version number of your program. For *) (* example, the number below could be used to represent *) (* version 3.10 of your software. *) Version := 310; (* Assign the serial number of the registration-key you *) (* are creating for this user. *) Serial := 1234567890; (* This is the date that will be stored in the *) (* encrypted registration-key, in standard Turbo Pascal *) (* packed "datetime" format. If you set this variable *) (* to zero, the CreateFlxKey routine will automatically *) (* stamp it with the current date/time. *) Date := 0; (* This is the user-access level that you are assigning *) (* to this user. From 0 to 65,535. *) Access := 1234 end; 7- Assign the path/filename to the encrypted registration- key you want to create. ie: RegKeyName := 'AMAZPROG.KEY'; or RegKeyName := 'C:\AP-KEYS\AMAZPROG.KEY'; 8- Assign data to the two the two encryption-code strings that you want to use to encrypt the registration-key. This is a very crucial step in the process, that will be covered in more detail when we look at "embedding" random encryption-codes into your programs. Page 3 For now we will assign two simple encryption-code strings, to be used for demonstration purposes. ie: Ecode1 := 'Apple'; Ecode2 := 'Orange'; ...Now that you've created all the variables necessary, and assigned data to them, you can call "CreateFlxKey" to create the encrypted registration key. ie: CreateFlxKey(TempKeyRec, Ecode1, Ecode2, RegKeyName, ErrorCode); ...If this call was successful, the ErrorCode variable should be equal to zero, and you should now find a new file on your disk called "AMAZPROG.KEY". CHECKING FOR ERRORS =================== ...Ok, so what happens when the ErrorCode variable does not equal zero? Here is an explanation of how to interpret the ErrorCode variable. The ErrorCode number is a "word" type variable, where the "low" byte is used to store a FlxKey error, and the "hi" byte is used to store a standard Turbo Pascal "ioresult" type error. Normally you would first check the "low" byte of the ErrorCode variable, to determine if the error was a FlxKey error or a standard Turbo Pascal "ioresult" type error. To check this you could: AND it with the value of 255, which will give us only the "low" byte of the variable. ie: LowByte := (ErrorCode AND 255); Use the standard Turbo Pascal function called "Lo". ie: LowByte := lo(ErrorCode); Here is a list of the FlxKey errors that could occur in the "low" byte: 0 : No errors. 1 : Error! One or more encryption-code strings is blank. 2 : Error! Filename string for registration-key is blank. 3 : Error! Registration-key is CORRUPT. Data is INVALID. 16 : Error! Standard Turbo Pascal "ioresult" type error. If there was an "ioresult" error, then you can check the "hi" byte of the "ErrorCode" variable to determine what the error was. Page 4 To check the "hi" byte of the ErrorCode variable you could either: Use the standard Turbo Pascal "SHR" operator to shift the "hi" byte down to the "low" byte position. ie: HiByte := (ErrorCode SHR 8); Use the standard Turbo Pascal function called "Hi". ie: HiByte := hi(ErrorCode); Check in your Turbo Pascal manuals, to determine the meaning of this "hi" byte error. (ie: See "RunTime Errors") To see a complete program listing to create an encrypted registration-key, take a look at the sample program called "MAKEKEY1.PAS". READING THE DATA STORED IN AN ENCRYPTED REGISTRATION-KEY ======================================================== Before you can use the ReadFlxKey routine you must perform almost the identical steps you did to create the encrypted registration-key: 1- Place the name of the FlxKey unit in your program's "uses" declaration. ie: uses Crt, FlxKey; 2- Declare a "FlxRec" variable, used to pass the data you want to encrypt into the registration key. ie: var TempKeyRec : FlxRec; 3- Declare two encryption-code string variables, to be used to encrypt the registration-key. These strings can be from 1 character to 100 characters in length, though I would recommend using at least 10 characters for each encryption string. ie: var Ecode1, Ecode2 : string[100]; or var Ecode1, Ecode2 : st100; Page 5 4- Declare a word-type variable to hold the error-code number returned by CreateFlxKey. ie: var ErrorCode : word; 5- Declare a word-type variable to hold the difference in days between the current date and the date stored within the registration-key. ie: var DaysOld : word; 6- Declare a path/filename string variable. This will be used to pass the name of the encrypted registration-key file you want to create. ie: var RegKeyName : string[79]; or var RegKeyName : st79; 7- Assign the path/filename to the encrypted registration-key you want to read the data from. ie: RegKeyName := 'AMAZPROG.KEY'; or RegKeyName := 'C:\AP-KEYS\AMAZPROG.KEY'; 8- Assign the IDENTICAL two encryption-codes that you used to create the registration-key. (If these two encryption- codes are not identical to the ones used to create the registration-key, the data returned by the ReadFlxKey routine will be completely corrupt.) ie: Ecode1 := 'Apple'; Ecode2 := 'Orange'; ...Now that you've created all the variables necessary, and entered the required data, you can now call "ReadFlxKey" to obtain the data stored within the encrypted registration-key. ie: ReadFlxKey(Ecode1, Ecode2, RegKeyName, TempKeyRec, DaysOld, ErrorCode); ...If this call was successful, the ErrorCode variable should be equal to zero, and you should now find the data from the registration-key in the "TempKeyRec" variable. The "DaysOld" variable will also indicate the difference in days between the current date and the date stored inside the registration-key. Page 6 The ErrorCode variable that ReadFlxKey returns, is handled in exactly the same manner as the "CreateFlxKey" routine, with the FlxKey error stored in the "low" byte and the standard Turbo Pascal "ioresult" type error stored in the "hi" byte. Here is a list of the FlxKey errors that could occur in the "low" byte: 0 : No errors. 1 : Error! One or more encryption-code strings is blank. 2 : Error! Filename string for registration-key is blank. 3 : Error! Registration-key is CORRUPT. Data is INVALID. 16 : Error! Standard Turbo Pascal "ioresult" type error. Check in your Turbo Pascal manuals, to determine the meaning of this "hi" byte error. (ie: See "RunTime Errors") To see a complete program listing to read an encrypted registration-key, take a look at the sample program called "READKEY1.PAS". "EMBEDDING" THE TWO ENCRYPTION-CODE STRINGS =========================================== ...One of the main problems with creating a program that utilizes encrypted registration-keys, is where do you store the two encryption-code strings? If you simply use an assignment statement for these two strings, it may be quite easy for someone to look at your .EXE and determine what their values are. For example here is a "hex-mode" display of the compiled "READKEY1.EXE" sample program: 30 01 04 02 01 00 66 02-EE 00 66 02 8A 05 66 02 ................ 05 41 70 70 6C 65 06 4F-72 61 6E 67 65 09 44 45 .Apple.Orange... 4D 4F 31 2E 4B 45 59 2E-20 45 72 72 6F 72 21 20 ................ ...As you can see, the two encryption-strings "Apple" and "Orange" are clearly visible. ...OK, how about if we make these two encryption strings into "typed constants"? (A "typed constant" is basically a variable that is assigned it's data at "compile-time", instead of "run-time".) ie: const Ecode1 : st100 = 'Apple'; Ecode2 : st100 = 'Orange'; ...Again it is quite easy to determine what the encryption- string values are. Here is a "hex-mode" display from an .EXE that uses this method: Page 7 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 00 00 05 41 70 70 6C 65-00 00 00 00 00 00 00 00 ...Apple........ 00 00 00 00 00 00 00 00-06 4F 72 61 6E 67 65 00 .........Orange. 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ ...So what can you do? One part of the solution is to use "random" encryption-code strings. These are strings that contain randomly generated data, and are MUCH harder to find than a simple alphabetical string. Here are the steps required to create "random" encryption-code strings: 1- Clear the encryption-code string variables. fillchar(Ecode1, sizeof(Ecode1), 0); fillchar(Ecode2, sizeof(Ecode2), 0); 2- Set the length byte for both of these encryption-code strings: (* Set the length byte to 20 characters. *) Ecode1[0] := #20; Ecode2[0] := #20; 3- Call the standard Turbo Pascal "Randomize" function to ensure that the data will be random. randomize; 4- Assign random data to each of the encryption-code strings. for Index := 1 to 20 do begin Ecode1[Index] := chr(random(256)); Ecode2[Index] := chr(random(256)) end; ...The second part of the solution is to use the "fake" procedure method of linking these two encryption-strings directly into a compiled program's "code segment". By placing these two "random" encryption strings into the "code segment", it becomes MUCH harder to detect both the location of the encryption-code strings, and which bytes belong to them. Here are the steps required to using the "fake" procedure method of linking these two encryption-code strings into your program's "code" segment: 1- Create two random encryption-code strings, as shown earlier. Page 8 2- Write these two encryption strings to disk. To see a complete program listing that will create two "random" encryption-code strings, and then write them to disk, take a look at the sample program called "RANDCODE.PAS". 3- Use the standard Turbo Pascal "BINOBJ.EXE" utility, to convert the encryption-code string data from "binary" file format to "object" file format. For example here is a sample DOS command line to use this utility: (A) (B) (C) (D) BINOBJ ECODE1.DAT ECODE1.OBJ Ecode1Data A : This is the name of the Turbo Pascal utility. B : This is the name of the "binary" file we want to convert. C : This is the name of the "object" file we want to create. D : This is the "public" name for the "fake" procedure that we want to create. Take a look at the sample "batch" file called "DAT2OBJ.BAT", for an example of how to use the Turbo Pascal "BINOBJ.EXE" utility. 4- Declare two encryption-string pointer variables. (* Declare a 20 character string-type. *) type st20 = string[20]; (* Declare a 20 character string pointer-type. *) st20Ptr = ^st20; (* Declare two encryption-code string pointer variables.*) var Ecode1ptr, Ecode2ptr : st20Ptr; 5- Link the encryption-code string data (in "object" file format) into your program, as a "fake" procedure. For example: (* Declare the following two procedures as "FAR". *) {$F+} (* "Fake" procedure that contains first encryption-code *) (* string. *) procedure Ecode1Data; external; {$L ECODE1.OBJ} Page 9 (* "Fake" procedure that contains second encryption-code*) (* string. *) procedure Ecode2Data; external; {$L ECODE2.OBJ} (* Turn off "FAR" declaration. *) {$F-} 6- Assign the encryption-string pointers to the two "fake" procedures. For example: (* Assign the encryption-code string pointers to their *) (* data. *) Ecode1ptr := addr(Ecode1Data); Ecode2ptr := addr(Ecode2Data); 7- Call the FlxKey routine by "de-refferencing" ( ^ ) the two encryption-code string pointers. CreateFlxKey(TempKeyRec, Ecode1Ptr^, Ecode2Ptr^, RegKeyName, ErrorCode); ReadFlxKey(Ecode1Ptr^, Ecode2Ptr^, RegKeyName, TempKeyRec, DaysOld, ErrorCode); To demonstrate this whole "embedded" encryption-code process, try out the sample programs in the following order: 1- Compile and run the "RANDCODE.PAS" sample program to create the two "random" encryption-code strings, and save them in "binary" file format. (ie: ECODE1.DAT, ECODE2.DAT) 2- Run the "DAT2OBJ.BAT" batch-file to convert the encryption-code data from "binary" file format to "object" file format. (ie: ECODE1.OBJ, ECODE2.OBJ) *** NOTE: The "BINOBJ.EXE" utility must either be in the same directory, or be in a "pathed" directory. 3- Compile and run the "MAKEKEY2.PAS" sample program to create a sample encrypted registration-key file called "DEMO2.KEY". 4- Compile and run the "READKEY2.PAS" sample program to read the sample encrypted registration-key file called "DEMO2.KEY". Page 10 CREATING A "PASSWORD" REGISTRATION-KEY ====================================== Another way to use the FlxKey unit is to create encrypted "password" registration-keys. With this sort of registration-key, the end-user has to enter a "password" to be able to use your program. The process to create an encrypted "password" registration- key is very similar to creating a standard encrypted registration-key. The only difference is that ONLY one of the encryption-code strings is "embedded" in your compiled program. The second encryption-code string is the "password" string that the user must enter, to use your program. ...To demonstrate how the whole "password" encryption-key process works, try out the two sample programs: MAKEKEY3.PAS - Create an encrypted "password" registration- key. (ie: DEMO3.KEY) READKEY3.PAS - Read an encrypted "password" registration-key. (ie: DEMO3.KEY) NOTES ON USING THE FLXKEY UNIT ============================== ...One of the main design features of the FlxKey unit is that it will rarely ever produce the same encrypted registration- key twice. Even when using the identical user-data. For example: If you run one of the sample "MakeKey" programs several times using the same user-data, a unique encrypted registration-key will be produced each time. Yet each of these unique registration-keys will still produce the identical user- data when read using the ReadFlxKey routine. ...Remember to always keep a secure copy of the encryption-code strings that your program passes to the FlxKey routines. ...If you lose these encryption-code strings, there is NO alternative method of creating/reading compatible encrypted registration-keys. ...The source-code to the FlxKey unit is NOT available. I feel that it would compromise the security of the registration-keys that the FlxKey unit generates if I released the source-code. Page 11 SUPPORT FOR REGISTERED FLXKEY USERS =================================== Registered users may contact me through one of the following Networks: DEVNET Pascal Conference ILINK Pascal Conference NANET Pascal Conference RIME Pascal Conference UN'INET Pascal Conference ...Or by writing me using "snail" mail: Guy McLoughlin, P.O. Box 519, Station A, Toronto, Ontario, Canada M5W 1E4 HOW TO REGISTER THE FLXKEY UNIT =============================== FlxKey is distributed as a "shareware" unit, which enables you to try it out before you decide if you want to purchase the registered version of it. The registered version of the FlxKey unit will perform identically to the "shareware" version, but will NOT contain the FlxKey message with the ten second delay. (It will also use up 3.5K less space in your programs.) To register the FlxKey unit, send $15.00 in the form of check or money-order to: Guy McLoughlin, P.O. Box 519, Station A, Toronto, Ontario, Canada M5W 1E4 Registered FlxKey users will be able to purchase future upgrades of the FlxKey unit for 1/3 the cost of the initial registration fee. LEGAL DETAILS ============= The "shareware" version of the FlxKey unit may be freely distributed ONLY in it's original un-modified format. This would include the full documentation, compiled "shareware" .TPUs, and sample programs. These files are Copyright 1992 by Guy McLoughlin, All Rights Reserved. Page 12 The author assumes no responsibility for any damage or loss caused by the use of the FlxKey unit, or the support files that accompany it. Turbo Pascal is registered trademark of Borland International. Page 13