Registration Systems

1
Registration Systems

• Michael Halls
• Emetrix FileKicker

2
Alternate Titles
Help, the crackers are smart and my users are
stupid!
How can you own a computer and not know how to
cut-and-paste!
Is there a child in the house that could help you?
3
What Makes A Good Registration System

• Secure
• Customer friendly
• Programmer friendly

4
Security

• Un-forgeable
• Resilient
• Unique to the user
• Immutable
• Traceable

5
Customer Friendly

• Easy to use
• Easy to re-issue if lost or stolen
• Cards can be created before they are needed
• Cards arent tied to an individual

6
Programmer Friendly

• Portable (Desktop, Web, Languages)
• Code is simple or widely available

7
Various Registration Systems

• Chris Thorntons Partial Key Verification
• Digital Signatures
• Russian System

8
Partial Key Verification (Generate Keys)

• support_at_filekicker.com

MD5(support_at_filekicker.com my Secret 1)
MD5(support_at_filekicker.com my Secret 2)
MD5(support_at_filekicker.com my Secret 3)
MD5(support_at_filekicker.com my Secret 4)
MD5(35b8)
3ace208f133b43555393a6aaa3f49fb4
54217ad858993955086fb3f7f87843a1
b9081406679fe7436daeb30f07514ea5
866c828b37db641b7e1e2319ad7b550e
2dc840225efd8807849154433150d57c
3
5
b
8
-
2dc8
9
What A Key May Look Like

• support_at_filekicker.com
• 3f41-6e3a-44d1-590d-5667-9ead-46ec-cd54
• or
• cc581c9d98-2de8-d42c-d20d-fb7d-8fba-73d7-c705-2c38
  
• or
• 381f-ed82-b98e-d387

10
Partial Key Verification (Validate Keys)

• support_at_filekicker.com

MD5(support_at_filekicker.com my Secret 1)
MD5(support_at_filekicker.com my Secret 3)
MD5(35b8)
3ace208f133b43555393a6aaa3f49fb4
b9081406679fe7436daeb30f07514ea5
2dc840225efd8807849154433150d57c
3
b
-
2dc8
3 5 b 8 - 2dc8
11
Strengths and Weaknesses

• Variable key length
• Resilience increases with key length
• Simple to implement and very portable
• Traceability, immutability, and uniqueness can be
  designed in (or not)
• But.
• Limited life

12
Digital Signatures (Generate Keys)

• support_at_filekicker.com

MD5(support_at_filekicker.com)
e585a47df1021247d483f690c6a9d441
Encrypt_Private_Key(e585a47df1021247d483f690c6a9d4
41)
4D433043-46496177-32346D4E-59705A52 3254336F-71433
553-2B4F4731-2F38522B 41685542-4865686F-4941514E-5
5343634 6F637336-55456364-6B594251-6433303D
13
Digital Signatures (Validate Keys)

• support_at_filekicker.com

MD5(support_at_filekicker.com)
Decrypt_Public_Key(Big_Long_Registration_Code)
e585a47df1021247d483f690c6a9d441
e585a47df1021247d483f690c6a9d441
14
What A Key May Look Like

• support_at_filekicker.com
• 4D433043-46496177-32346D4E-59705A52
• 3254336F-71433553-2B4F4731-2F38522B
• 41685542-4865686F-4941514E-55343634
• 163 bit elliptic curve (hex encoded)
• support_at_filekicker.com
• MC0CFQEHuUu6Mgm-cDrHy52//smAdUBN
• EAIUKsDIbOs00OCbGhGINhSVTzz1fA
• 163 bit elliptic curve (base64 encoded)

15
Strengths and Weaknesses

• Keys are unbreakable
• Traceability, immutability, and uniqueness can be
  designed in (or not)
• But.
• Keys are long
• Implementation is complex and hard to port

16
Russian System (Generate Keys)

• Generate 10,000 keys randomly
• Generate a single program key
• Using each key, encrypt the program key and hash
  the key
• Compile the encrypted program keys and hashes
  into the program

17
Russian System (Generate Keys)
Registration Codes
Hash
Encrypted Program Key
AABCE38ADB491EE2 DD2418A6346DEA1D 007A75384E3258D3
923EFAFCBDDB782B C6EBD64C959453AC 4007248EFF2B8A2
4 FBDE3AC60F64C23F C535359A6C055C8A A4F9213DE14FEB
9B DBF61267365C0B20 5B7CF0F58E128C67 466AF923CB53E
DBB 8FA60B40699E9B7E 878AC459ED69F666 A2209C9B31A2
0C6A
0816D118E6A8C7EC CCBF520CE7068F77 15900C36BC79B9A1
30C9E9326B579D9B 9C9413CE4BF05090 D106595F14BCA31
2 7B81CE0B3C2D261E 0F361507E165553A 15D040A9E7D7C3
74 CD11C6B0E6374015 DBE46B8C5D2088D0 9B5D067F08DBF
814 04A6D5366F9C2A72 D41D8CD98F00B204 9005F629B291
884C
63F4E780C18252EB 9E837DF5C11A9FF9 C453FA212DAF2703
A22974ACDDAA883D 61A3E9150868E0AD 75FA24068F2E13D
F 3E0CC06AA8201521 36887DA1AB005A97 FE0E09A0CF582C
60 BB062332BDFD7516 2CBB49B7000B20E8 38985B2723AF2
9A6 DC8A892BAB3E4569 FF8B67181F91752F D7D2009EC73C
8E784
18
Russian System (Validate Keys)
Registration Code
Hash
Encrypted Program Key
DBF61267365C0B20
0816D118E6A8C7EC CCBF520CE7068F77 15900C36BC79B9A1
30C9E9326B579D9B 9C9413CE4BF05090 D106595F14BCA31
2 7B81CE0B3C2D261E 0F361507E165553A 15D040A9E7D7C3
74 CD11C6B0E6374015 DBE46B8C5D2088D0 9B5D067F08DBF
814 04A6D5366F9C2A72 D41D8CD98F00B204 9005F629B291
884C
63F4E780C18252EB 9E837DF5C11A9FF9 C453FA212DAF2703
A22974ACDDAA883D 61A3E9150868E0AD 75FA24068F2E13D
F 3E0CC06AA8201521 36887DA1AB005A97 FE0E09A0CF582C
60 BB062332BDFD7516 2CBB49B7000B20E8 38985B2723AF2
9A6 DC8A892BAB3E4569 FF8B67181F91752F D7D2009EC73C
8E784
CD11C6B0E6374015
CD11C6B0E6374015
BB062332BDFD7516
Decrypt_Program_Key(BB062332BDFD7516,
CD11C6B0E6374015)
51CDE6C8FE830FB8
19
Russian System (Validate Keys)
Key Data Structures
Program Key
83D6B1A6E721E77AFA8F89E871C89280 A732A6EF2DC5EB77F
C5F06CC5DBBD4BF 5E03652CF25058D3C7F9C834E3A9F789
Curl (httphttps)//(\w-\.)(/\w-
./?)?") Email ("._at_.\\.a-z")
51CDE6C8FE830FB8
DB68CE6F0439E9C5A2AE043BC4A0C49A 6D5A1576A247D0C07
4EFC6DCC6272758 AE6DBE5F40BBB4BBD9F6FDDA5F80DC31 4
26EE751AD6C350696A009C26FCBA65A
Angia, 9600 ATFC1D2C1 Compudyne, 1442 FX
ATFC1D2S951 Dynalink, 56k ATFC1D2 GVC,
14.4 Fax ATF2D0
MaxConnectionsPerServerDisableImportExportFavorit
es
5961897C7C55BBF8A31A520011B7498D 4B4A5537EA68F9C45
D3B3361FA90FBD9
20
Strengths and Weaknesses

• Keys are unbreakable and short
• Program encryption key can make software it
  impossible to crack
• But.
• Enforcing traceability, immutability, and
  uniqueness requires an external database
• Limits on the number of keys
• Crack protection only works with cripple-ware

21
Questions?

• Michael Halls ltmhalls_at_filekicker.comgt