Protect Source Code

[Chlaris]

Dear all,

How do I protect source code from MDE Unlocker ?
Thanks.

Chlaris

 

[Stefan Hoffmann]

hi Chlaris,

How do I protect source code from MDE Unlocker ?

I never used it, but as far as I can see from testing the demo, your
source code is not available after unlocking it.


mfG
--> stefan <--

 

[Chlaris]

Hello,

I also want to protect the form and report design.
Thx.

Chlaris

 

[Stefan Hoffmann]

hi Chlaris,

I also want to protect the form and report design.

You can calculate a hash from the number and positions of your controls
and compare it against a stored value in a VBA constant, but this seems
to be too much overhead to me.


mfG
--> stefan <--

 

[Tony Toews [MVP]]

I also want to protect the form and report design.

Not worth protecting. After all anyone using your software can just
to screen captures to give to someone else.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Chlaris]

Ok,one more thing, I have disabled the shift button, but the Unlocker can
enable the shift button.
Is there any way to prevent this ?
Thx.

You can't, not without handcuffing yourself to your original design when
you
want to make changes later. Why do you want to go to so much trouble to
prevent changes?

Chris
Microsoft MVP

Hello,

I also want to protect the form and report design.
Thx.

Chlaris

hi Chlaris,

[quoted text clipped - 4 lines]

mfG
--> stefan <--

 

[Chlaris]

Tony,

How do I protect my serial number from fishing cracking ?
Thx.

 

[Chlaris]

Hello Chris,

I have implemented this technique, but the MDE Unlocker can still enable the
Shift key.
Thanks.

Chlaris

Apply user level security, but allow the user group to open the db when
you're removing permissions. The default admin user will be a member of
the
users group, but not the admins group.

Then run the code on this web page to disable the shift bypass key:

http://www.mvps.org/access/general/gen0040.htm

Make sure you set the 4th argument (DDL) to true. Don't distribute the
secure mdw file with your app. Users will be able to open the db as the
default admin user with the standard system.mdw file, but will get an
error
message when they try to disable the shift bypass key because they aren't
members of the admins group in your secure workgroup.

Chris
Microsoft MVP

Ok,one more thing, I have disabled the shift button, but the Unlocker can
enable the shift button.
Is there any way to prevent this ?
Thx.

You can't, not without handcuffing yourself to your original design when
you

[quoted text clipped - 16 lines]

mfG
--> stefan <--

 

[Chlaris]

Hello Chris,

I'm also concerned about fishing cracking.
Is there any way to protect my serial number ?
Thx.

Apply user level security, but allow the user group to open the db when
you're removing permissions. The default admin user will be a member of
the
users group, but not the admins group.

Then run the code on this web page to disable the shift bypass key:

http://www.mvps.org/access/general/gen0040.htm

Make sure you set the 4th argument (DDL) to true. Don't distribute the
secure mdw file with your app. Users will be able to open the db as the
default admin user with the standard system.mdw file, but will get an
error
message when they try to disable the shift bypass key because they aren't
members of the admins group in your secure workgroup.

Chris
Microsoft MVP

Ok,one more thing, I have disabled the shift button, but the Unlocker can
enable the shift button.
Is there any way to prevent this ?
Thx.

You can't, not without handcuffing yourself to your original design when
you

[quoted text clipped - 16 lines]

mfG
--> stefan <--

 

[Chlaris]

Hello Chris,

The serial number is created based on company name and stored in a table.
How do I protect from phishing tools like Ollydbg ?
Thx.

Chlaris

 

[Chlaris]

Every user with different company name will have different serial number.
I use a function to return a valid serial number and compare it with the
serial number which stored in table.
Illegal users use phishing tools to find the serial number which returned by
this function.
Thanks.

Chlaris

If you store the data in a Jet or ACE table, someone doesn't even need
phishing tools to retrieve that data. A query will retrieve it.

The serial number would have to be encrypted with a strong algorithm.

Chris
Microsoft MVP

Hello Chris,

The serial number is created based on company name and stored in a table.
How do I protect from phishing tools like Ollydbg ?
Thx.

Chlaris

How are you planning to store the individual serial number in each copy
of
the MDE?

[quoted text clipped - 7 lines]

Is there any way to protect my serial number ?
Thx.

 

[Tony Toews [MVP]]

How do I protect my serial number from fishing cracking ?

Tools available from sites such as sysinternals.com can crack any
method you use to store a future date anywhere on a system such as in
the registry or a file. Unless it's encrypted. But even then if you
delete the date from wherever it's stored your app may think it's just
installed.

Thus I prefer to limit the number of records in one key table such as
5 units or 50 volunteers but allow unlimited access for everything
else. Once I get paid then I email them an encrypted file containing
the number of records they are licensed for as well as their company
name which goes on the bottom of every page of every report and
frequently used forms.

For more of my thoughts on this topic see the "Copy protection or how
to safely distribute a demo Microsoft Access Application" page at
http://www.granite.ab.ca/access/demo.htm

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Chlaris]

Tony,

Thanks for you response.
I will visit your link and will ask later if needed.

Chlaris

 

[Chlaris]

Tony,

Can you give me the example of your licence key file ?
How do you check the license key is valid or not ?
Thx.

Chlaris

 

[Tony Toews [MVP]]

Every user with different company name will have different serial number.
I use a function to return a valid serial number and compare it with the
serial number which stored in table.
Illegal users use phishing tools to find the serial number which returned by
this function.

Rather than using a serial number I email users with a small file
containing their encrypted company name. I will shortly be making
that file available for download by the app to make life even easier
for them.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Tony Toews [MVP]]

Can you give me the example of your licence key file ?
How do you check the license key is valid or not ?

The first 50 characters of my company name are in the beginning of the
file in unencrypted text. Then I have their company name encrypted
along with other data such as number of licensed units.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Chlaris]

Hello Tony,

I use encrypt function which referenced from your page, for several
conditions, when I encrypt the compane name, the encrypt function returns 2
lines.

?RC4("Company Name","123ab45")
Ç
O7>SZÂ@O%ê

?RC4("Company Name","123ab")
smÖYþêìq#ËP

Can you provide encrypt function ?
Thx.

Chlaris

 

[Tony Toews [MVP]]

I use encrypt function which referenced from your page, for several
conditions, when I encrypt the compane name, the encrypt function returns 2
lines.

?RC4("Company Name","123ab45")
Ç
O7>SZÂ@O%ê

?RC4("Company Name","123ab")
smÖYþêìq#ËP

The two lines are misleading. If you count the characters returned
in the first example it's 11 and in the second 12. Therefore there
is either the vbCr or vbLf character as the second character in the
first string.

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/