The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from everydownload.net and multiple other hosts. For example, you can choose to conditionally install a feature based on the response code received from your server-side validation script; you could have several classes of valid serial numbers and your installation package can deploy differently depending on which serial number the user has entered. For example, a.
INNO setup serial number validating failing?
I am getting ready to go live with an application, and I am trying to figure out how to put a product key into the installer. I see that it is available via the customer information dialog, but that gets me half way there. The way I see it, a key is meaningless if it doesn't have a means to prevent it from being reused a million times, but I don't want to have to connect to a server to see if the key has been used before. I want to do a custom key algorithm based on the date that will let my installer expire keys as time passes. I know that isn't perfect, because someone could change their system time and keep using a key, but it should be enough for my purposes. The thing is that I don't know how to do a custom validation algorithm rather than the sum and divide by seven that I am finding is what the default algorithm does.
So how do you use your own logic for validating a product key? All that is gold does not glitter, Not all those who wander are lost. Hi DannyStaten, If you use Visual Studio Setup and Deployment projects, you might already know that it is not very good for creating really smart setups we often need.
I'd like to share two alternative ways to create installers within Visual Studio IDE: + Lexpa - Inno Setup integration for Visual Studio. Creates small and fast installers. + Votive - WiX toolset integration for Visual Studio.
Creates MSI-based installers. Both add special project type to VS Add New Project dialog and allow you to create setup of any level of difficulty. Or: You can do something like create a record which contains the data you want to authenticate to the application. This could include anything you want - e.g. Program features to enable, expiry date, name of the user (if you want to bind it to a user). Then encrypt that using some crypto algorithm with a fixed key or hash it. Then you just verify it within your program.
One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it). Beware of false sense of security though - sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. It doesn't matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this.
Even if they can't someone will, and will distribute the hacked version. Same applies even if you supply a dongle - if someone wants to, they can patch out the check for that too. Digitally signing your code won't help, they can remove that signature, or resign it. You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof. So you should just make it difficult enough that an honest user will not forget to pay. Also be very careful that your scheme does not become obtrusive to paying users - it's better to have some ripped off copies than for your paying customers not to be able to use what they have paid for.
Another option is to have an online check - just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period. All the same caveats apply though - people can get round anything like this. Consider also the support costs of having to deal with users who have forgotten their key, etc. Or you can try Shareware Starter Kit: Or the Serial Key Maker: There're also several links would be helpful to you: As I mentioned, visual studio built in deployment technical is not suitable for you to request a smart installation package. And the option is according the above information to use others product, rather than research the setup project option. Or if you also want to do this hard work with visual studio setup project or yourself, you can ref the following several articles: And for other deployment solution(exclude the visual studio setup project and ClickOnce), you can go to their special forum for more expert help to help you achieve your goal easier. You can find most of the deployment solution products and their website(forums) form this url: And if you want ORCA, then you can find it following this document: Best wishes, Mike MSFT MSDN Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.
This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. Yeah I have encrypted values in the registry to manage a 30 day trial period as well as product activation. I have done a few other things that are non-obtrusive to the user and should make life harder for someone who wants to crack my app.
That being said, I am painfully aware of the fact that once you install your code on someone else's machine, the right person will always be able to crack it. One friend of mine pointed out however that 'if you are big enough to be hacked then you know you have arrived.'
Perhaps that is right. I believe that I have something in place that is hard enough to bypass that it will keep honest people honest, and discourage 90% of those who would try and break it. That seems to be about as much as you can hope for. All that is gold does not glitter, Not all those who wander are lost.
Ok so this is the first time where I feel like Microsoft has COMPLETELY THROWN DEVELOPERS UNDER THE BUS. I have felt extremely satisfied with how well the development tools anticipate and address developers needs at every turn until it comes to this. From everything I have found, this feels like they are TRYING to make it painful. What should be something as simple as editing the properties on your customer information dialog, and being able to write some custom code by clicking on a property's. Button is the most convoluted and painful thing I have ever had to try to do. After 12 hours of fumbling, fighting and pulling my hair out I am pretty much throwing in the towel and I AM FURIOUS. What I have found is: 1.
You can only add custom validation by creating a dll written in C. It has been almost a decade since I messed with C and it was not a pleasant experience venturing back into it. Once you get a dll that you have some degree of confidence will properly validate it (being that I tested it through all the means I could devise), you have to manually edit the msi after it is built, and it isn't a simple manual edit. This is a complicated and easy to break process. Editing the msi requires you find orca, which I was unable to find via msdn or microsoft anymore. The kb article that talks about how to do it is even flagged as not supported. So please please please someone tell me that Microsoft hasn't just thrown developers under the bus on this?
Please someone tell me that there is a better solution out there somewhere than what I found and had to throw in the towel on: I tried some with the free AdvancedInstaller, but found that it was crashing on some inputs, and it didn't support some of the templates I want. I looked into the instalshield option, but my install of it doesn't even work saying it can't find a template. I also didn't see any indicator that the limited edition that they make available even allows you do do what I am looking to do. I am honestly just completely blown away that MS has left something that should be such an obvious and common thing so TERRIBLY neglected.
All that is gold does not glitter, Not all those who wander are lost. Most likely Microsoft though it would be best if the serial number validation was performed by the application instead of the installer. There is also the validation process which differs from installer to installer. If they provided a built-in validation method, it would be easier to crack and a lot of installers would be affected by that crack. This is why you are encouraged to use your own validation DLL.
Can you please give me more details about the problems you encountered with Advanced Installer? It's serial number validation should work. It even has a if the built-in DLL is not enough. Cosmin Pirvu.
Inno Setup Extractor
Hi DannyStaten, If you use Visual Studio Setup and Deployment projects, you might already know that it is not very good for creating really smart setups we often need. I'd like to share two alternative ways to create installers within Visual Studio IDE: + Lexpa - Inno Setup integration for Visual Studio. Creates small and fast installers. + Votive - WiX toolset integration for Visual Studio. Creates MSI-based installers.
Both add special project type to VS Add New Project dialog and allow you to create setup of any level of difficulty. Or: You can do something like create a record which contains the data you want to authenticate to the application. This could include anything you want - e.g. Program features to enable, expiry date, name of the user (if you want to bind it to a user). Then encrypt that using some crypto algorithm with a fixed key or hash it.
Then you just verify it within your program. One way to distribute the license file (on windows) is to provide it as a file which updates the registry (saves the user having to type it).
Beware of false sense of security though - sooner or later someone will simply patch your program to skip that check, and distribute the patched version. Or, they will work out a key that passes all checks and distribute that, or backdate the clock, etc. It doesn't matter how convoluted you make your scheme, anything you do for this will ultimately be security through obscurity and they will always be able to this. Even if they can't someone will, and will distribute the hacked version. Same applies even if you supply a dongle - if someone wants to, they can patch out the check for that too. Digitally signing your code won't help, they can remove that signature, or resign it. You can complicate matters a bit by using techniques to prevent the program running in a debugger etc, but even this is not bullet proof.
So you should just make it difficult enough that an honest user will not forget to pay. Also be very careful that your scheme does not become obtrusive to paying users - it's better to have some ripped off copies than for your paying customers not to be able to use what they have paid for. Another option is to have an online check - just provide the user with a unique ID, and check online as to what capabilities that ID should have, and cache it for some period.
All the same caveats apply though - people can get round anything like this. Consider also the support costs of having to deal with users who have forgotten their key, etc. Or you can try Shareware Starter Kit: Or the Serial Key Maker: There're also several links would be helpful to you: As I mentioned, visual studio built in deployment technical is not suitable for you to request a smart installation package. And the option is according the above information to use others product, rather than research the setup project option. Or if you also want to do this hard work with visual studio setup project or yourself, you can ref the following several articles: And for other deployment solution(exclude the visual studio setup project and ClickOnce), you can go to their special forum for more expert help to help you achieve your goal easier. You can find most of the deployment solution products and their website(forums) form this url: And if you want ORCA, then you can find it following this document: Best wishes, Mike MSFT MSDN Community Support Please remember to mark the replies as answers if they help and unmark them if they provide no help.
This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. I have opted to go away from product key at install time, and am going to be having them enter it at first launch. That gives me the flexibility to do things like implement a 30 day trial, and it also keeps me happily in the realms of coding where MS has actually done a great job facilitating developers.
Inno Setup Studio
It really does feel incredibly incongruous to me that the installer creation abilities that are in Visual Studio are so sparse. Installers are critical for any desktop application developer, and usually MS is great about addressing and empowering developers to do amazing things.
It honestly does feel strange that they didn't work out a means where you can go into a function straight from visual studio's interfaces, and have MS's installer be smart enough to build that function into a little dll, and then handle all the MSI entries etc. To those who mention things like MS isn't in the business of doing installers, I say that MS is in the business of empowering developers, and so it feels strange that they have left installers so badly out of sync with everything else they do provide. I also ask another question: what isn't MS in the business of doing? 8) To the remark that letting you roll your own DLL is more secure, I disagree. Anyone who knows how to edit an MSI can disconnect that dll, or just create their own and inject it into the installer. Besides if MS does things right, its built installer could do the same thing, but you would just have a great interface that abstracts the things it should abstract. Having Visual studio abstract the dll away doesn't mean it would have to be anny different under the core.
Inno Setup Examples
All that is gold does not glitter, Not all those who wander are lost. Yeah I have encrypted values in the registry to manage a 30 day trial period as well as product activation. I have done a few other things that are non-obtrusive to the user and should make life harder for someone who wants to crack my app. That being said, I am painfully aware of the fact that once you install your code on someone else's machine, the right person will always be able to crack it.
One friend of mine pointed out however that 'if you are big enough to be hacked then you know you have arrived.' Perhaps that is right. I believe that I have something in place that is hard enough to bypass that it will keep honest people honest, and discourage 90% of those who would try and break it. That seems to be about as much as you can hope for.
All that is gold does not glitter, Not all those who wander are lost.