Auth Key System

#1 I could have sworn i answered this the other day, my mind must be going...


I wrote a keygenerating app that created x number of keys and stored then in an sqlite database, the keys were created using a pattern template and some checksums, i'm pretty sure its a similar system to the one microsoft uses, so much so in fact that i kept the format of my keys similar to MS just so people would hopefully be part confused and try to use MS keygens and not reverse engineer the algorithm :p

anyway..

you can do one of two things really.

1) simply add a key verification function to check that the entered key is valid by using the same algorithm you used to generate the key

2) store an appropriate amount of keys and either allocate them at point of registration or make users authenticate the key via online interaction/registration.

I'm assuming you want auth keys for online play rather than standard installation protection etc etc

I don't believe there's a ready made resource for this, however there are resources around for integrating the various engines with secure comms to online websites or servers, combining the two shouldn't be a huge task.

not sure if this is really useful or what you wanted, but i hope it gives you some ideas at least.

#2 Crap, if you could send me the app at block8437@gmail.com, that'd be awesome.
I guess ill ahve to write something that verifies it with the server.
Thats not hard.
Just a question, how do you use POST/Get Method in T3D, i am mostly used to TGE 1.4.
(HTTPObjects)
Thanks a bunch.

#3 I looked at the code again and its not half as clever as i made it out to be. The construction of the key is as described, if you take a look at the template an how it works, you can kind of reverse engineer the template to make sure the keys are validated (i didnt actually do that i stopped when my curiosity passed).

The original code (you will see it commented out) wrote directly to the sqlite database, but i was clearly doing something wrong as it took forever to make the database so i switched to making an SQL file which then write to the database a lot faster just execute the file using the sqlite executable or a gui app if you have one.

I didnt write a reverse engineer function simply because the system was to use an online database to validate the key directly. While making a reverse engineered keygen doesnt seem to be that hard these days (i dont even claim to know how they do it, the limit of my reverse engineering skills were 2 hours of university lecture) youd have to get fairly lucky to generate a key the same as one already in the database, on top of that theer should be secondary data to verify not just the key, username, email etc etc.

Anyway, my crappy code can be found below, use whatever svn tools you use and thats the url, its freely accessable, or should be, theres no commit ability though, if this code helps you make millions, do the decent thing, and buy me a beer, if it kills your computer, i dont know you i never saw you, i no comprende ingrish. But seriously if it helps at all thats cool, its just some iffy code i was playing with one weekend for a guy whos project never took off.

https://subversion.assembla.com/svn/bksprojects/

its a codeblocks project, either get codeblocks or make your own VS project, its only like 3 code files :p

#4 This is a bit of an old post, but just in case anyone else is interested in this sort of thing.. GMMS with Torque Support can assign available licence keys to user accounts on purchasing products from the web based shopping cart in version 1.0, you can import keys from a csv/excel spreadsheet/xml file. It can also manage your game servers, users authenticating with your game servers and more. In the next version I'm creating key activation via a Torque GUI and script that then saves the key on the users machine so it will not need to be done twice. In the examples that will be provided you can then make it so that an activation key is required before it will allow your users to proceed any further. Alternatively, keys can be linked to a specified number of days trial memberships with login authentication before restricting or reducing their access level. Also support for micro and credit payment systems.

edit: also forgot to add, our next version of our product also supports various encryption methods (requires Torque source), or non-source ssl support and key/lock negotiation as standard. Why use a partial solution when you can have a complete solution for handling all of your MMO game requirements, or use our stand-alone version for non online game support. Just manage your users, sales, downloads and product keys.

For more info, visit our website

#5 Hello, I'd suggest taking into account a more secure route to handling key generation/validation.

Consider the following:

* Server stores a RSA-2048 or RSA-4092 key, which we will denote R, the public exponent of R is stored on the game's executable file.

* Player buys and downloads game.
* Server Generates Random String Keypair, which we will denote as K.
* Server prints out to the bought webpage plaintext K.
* Server stores user information and takes the SHA1 hash of K (STORED K).
* Player enters information into the game register window.
* Game hashes K(on the client), and then uses R (in the .exe) to Sign K. The data is as follows:
R(SIGN:SHA1(K))
* Client transmits data to the auth. server (web server).
* Server checks database for matching user email (we use this for info).
* Server performs: R(VERIFY(STORED K)), if it matches the info is validated (create account), if not (send error to client).

This is the route I take for my clients, and it works nicely. You can easily go this route (provided you have source access) by implementing my XXZ568 Auth. Package, which will grant you access to the necessary RSA/Hashing functions.

#6 sorry, double post on edit.. added above.