User Tag List

Results 1 to 9 of 9

Thread: Automated Challenge / Response system - PHP Script?

  1. #1
    Clicker Fusion 2.5 MacFusion 2.5 DeveloperHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,123
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Automated Challenge / Response system - PHP Script?

    I'm not sure if this can be done with a PHP script or not. Jahkri created an interesting challenge / response system which acts as a form of copy protection. As it stands, the user would have to copy/paste their challenge code (their device ID) and email it to me. They would then receive a different code from me which they would copy/paste into the software to unlock it. Can this be automated in some fashion in order to shorten the user's wait time and take the burden off myself?

    Here are the threads which detail the processes involved:
    http://community.clickteam.com/threads/82523-Challenge-Response-System-to-unlock-Game
    http://community.clickteam.com/threads/83068-Custom-software-activation-system

    We can discuss the specifics if anyone is interested. I would love to have this and am willing to pay for the work. I would need it quite soon.

  2. #2
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleSWF Export ModuleUnicode Add-on

    Join Date
    Nov 2010
    Location
    Switzerland
    Posts
    301
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well,
    Not sure though, but perhaps it can be done with the "E-Mail-Object".
    If you' re able to retrieve the E-Mails via the E-Mail-Object and get the
    Serial-Number out of the E-Mail-Object, it could convert the Serial-Number
    into the Unlock-Number and send the New Code (via E-Mail-Object) directly
    to the End-User. Not sure though how You would have to setup the "E-Mail-Object".

    With kind regards,
    jahkri

  3. #3
    Clicker Fusion 2.5 MacFusion 2.5 DeveloperHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,123
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Ive actually been playing with that exact idea. There are two issues I'm aware of (and I'm sure plenty I'm not privy to).

    1. Is the Email Object secure? Since the address sending me the user's info needs to be hard programmed into the software with the email address and it's password. I need to be sure that password doesn't get sniffed out. That could cause all sorts of trouble! If this can be secured, I think it's the method I'll use if nobody takes the job.

    2. I'd have to keep the program that decodes the serial and sends back the unlock code running at all times. That's not really a major issue but it is something to consider.

    All in all, I'd feel more secure knowing someone with more skill than myself is handling the job. I have everything in place for my first two programs except the software security! Purchases, serials being sent out thanks to Easy Digital Downloads, website, printed marketing materials, you name it. The last piece of the puzzle is keeping things secure...

  4. #4
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleUnicode Add-on
    Fanotherpg's Avatar
    Join Date
    Jul 2006
    Location
    High Wycombe, Buckinghamshire, UK
    Posts
    3,665
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Truth is simple - nothing is secure enough not to be broken at some point.

  5. #5
    Clicker Fusion 2.5 MacFusion 2.5 DeveloperHTML5 Export ModuleiOS Export ModuleInstall Creator Pro
    Fusion 2.5 (Steam)Android Export Module (Steam)HTML5 Export Module (Steam)Universal Windows Platform Export Module (Steam)
    ratty's Avatar
    Join Date
    Apr 2012
    Posts
    1,123
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Automated Challenge / Response system - PHP Script?

    Unfortunately that's very true. It can still be worth protecting from the non-pirate software swappers. I also think it can add a value to the software from the buyers side. Rather than just paying for something they get a serial number and at least an attempt to say what they bought from you is worth your attempted protecting. Again, depends on the software.

  6. #6
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    DracisLooby's Avatar
    Join Date
    Jun 2008
    Location
    Washington, United States
    Posts
    169
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could do this pretty easily;

    1. User enters credentials

    2. Program generates a unique key

    3. Program encrypts User Cred + Unique Key using whatever decrypt-able method

    4. Program sends encrypted data to server-side via POST

    5. Server gets data, decrypts with predefines/predictable salt

    6. Server enters Unique Key into database, code associated with User Creds

    7a(if fail) If user has more then 2 associated with user, send failure as server response

    7b(if success). Encrypt unlock code with decrypt-able method

    8. Send the new code as the server response

    9. Program receives code, unencrypted

    10. Program checks validity, then saves key in safe method

    11. Program is now unlocked, all automated.

    Required basic/moderate knowledge of PHP and a database(SQL, probably MySQL), and would work safely, and PHP runs on call with an apache2 request, so its not really "always running", besides the apache2 listen service.

    Alternatively, if you can find a way to use SSL (correctly), you wouldn't need to encrypt sent data on client end, making the whole thing just a bit simpler.

    I'm actually working on a cURL extension for doing things like this, without needing complex client/server side encryption, I got annoyed with the GET objects lack of HTTPS/SSL support.
    Really named Ben Otter, but oh well, eh?

  7. #7
    Clicker Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleUnicode Add-on
    Fanotherpg's Avatar
    Join Date
    Jul 2006
    Location
    High Wycombe, Buckinghamshire, UK
    Posts
    3,665
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    TBH I do not want to pay for anything with serial nowadays, I prefer DRM free stuff. Saves so much hassle after a freaking period of time.

  8. #8
    Fusion 2.5 DeveloperAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export ModuleXNA Export ModuleInstall Creator ProUnicode Add-on

    Join Date
    Jun 2011
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It's to easy to crack this.

  9. #9
    Clicker Fusion 2.5 DeveloperFusion 2.5+ DLCAndroid Export ModuleHTML5 Export ModuleiOS Export ModuleSWF Export Module
    Kimera's Avatar
    Join Date
    Feb 2007
    Location
    Houston, TX
    Posts
    718
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Try this...

    User creates account and provides Email, Password, First Name, Last Name, etc...

    As an example...
    When they log in using the app you create a string... left(Email, 6)+ Password + left(Email, 5)

    When they go to activate the software using their Email and Password you send the string instead only hash it. hash(string)

    On the server end use the email address and the password in the DB to recreate the hash. If it matches then use the First Name, Last Name, Email, and Password to create a new hash. There is your activation key. When you send the New Has back to the client send the First and last name to them as well and save it somewhere.

    Every time they log in you can now check the hash sent to them against the First and Last name, Email, and Password provided or just hash the Email and Password and check it against the server for authentication.

    Hope that helps!

Similar Threads

  1. Challenge/Response-System to unlock Game
    By Jahkri in forum Articles
    Replies: 14
    Last Post: 3rd December 2013, 05:18 AM
  2. Creating an automated keystroke/mouse recorder application...
    By RGBreality in forum Multimedia Fusion 2 - Technical Support
    Replies: 0
    Last Post: 27th October 2011, 08:51 PM
  3. Easy script system
    By Boba Fonts in forum Multimedia Fusion 2 - Technical Support
    Replies: 7
    Last Post: 25th May 2010, 03:52 AM
  4. Having a hard time with an automated task...
    By RGBreality in forum Multimedia Fusion 2 - Technical Support
    Replies: 1
    Last Post: 22nd May 2010, 04:34 AM
  5. "Script System" Type of Thing
    By MajorityCA in forum Multimedia Fusion 2 - Technical Support
    Replies: 9
    Last Post: 17th June 2009, 12:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •