Has anyone tried to use the Activation API in the driver(.sys) ?
I read the description in the user manual, and it seems that it only supports http, not https. Is it safe?
Has anyone tried to use the Activation API in the driver(.sys) ?
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
Unfortunately VMProtect doesn't support activation APIs for drivers (APIs will return ACTIVATION_NOT_AVAILABLE).
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
God, I bought both VMProtect Ultimate and WebLM, can I refund the WebLM ?Admin wrote:Unfortunately VMProtect doesn't support activation APIs for drivers (APIs will return ACTIVATION_NOT_AVAILABLE).
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
You can make an user-mode activator for your driver. I don't see any problem here.
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
Does the Offline Activate APIs works in driver ?Admin wrote:You can make an user-mode activator for your driver. I don't see any problem in this.
My idea:
1. Driver generate the "text block" then return to user-mode app via DeviceIoControl.
2. User-mode app sends the "text block" to WebLM offline activation. (I never try WebLM offline activation now, does it return a serial number to user for next step ?)
3. User-mode app sends serial number to driver via DeviceIoControl.
4. Driver check the serial number, if valid then unlock all feature, otherwise return error info to user-mode app.
Is my idea safe and reliable ?
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
Explain further why I insist on checking the serial number in the driver, since I don't know much about the field of software security, if there are any mistakes, please correct them.
1. Because user-mode applications can run without digital signatures, it can be modified and still run. So I think even with powerful virtual machine protection, it's possible to be bypassed or cracked.
2. Benefiting from Windows Driver Signature Enforcement, if a driver is modified and not signed it cannot run. And the driver's EV code signature certificate or Microsoft Authentication (WHQL) is not so easy to get.
3. If you want to force unsigned drivers to run, you need to turn off system-level driver signature verification. I don't think most users will give up the security of the whole system for one of my software.
1. Because user-mode applications can run without digital signatures, it can be modified and still run. So I think even with powerful virtual machine protection, it's possible to be bypassed or cracked.
2. Benefiting from Windows Driver Signature Enforcement, if a driver is modified and not signed it cannot run. And the driver's EV code signature certificate or Microsoft Authentication (WHQL) is not so easy to get.
3. If you want to force unsigned drivers to run, you need to turn off system-level driver signature verification. I don't think most users will give up the security of the whole system for one of my software.
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
Just use activation APIs inside user-mode and send a serial number into your driver or save it into %APPDATA%/registry and read at the start of driver in the future.1. Driver generate the "text block" then return to user-mode app via DeviceIoControl.
2. User-mode app sends the "text block" to WebLM offline activation. (I never try WebLM offline activation now, does it return a serial number to user for next step ?)
You can also check it inside user-mode.4. Driver check the serial number, if valid then unlock all feature, otherwise return error info to user-mode app.
P.S. Don't forget to use the same licensing parameters for driver and user-mode applicaton.
Re: Has anyone tried to use the Activation API in the driver(.sys) ?
Here I have another question:Admin wrote:Just use activation APIs inside user-mode and send a serial number into your driver or save it into %APPDATA%/registry and read at the start of driver in the future.1. Driver generate the "text block" then return to user-mode app via DeviceIoControl.
2. User-mode app sends the "text block" to WebLM offline activation. (I never try WebLM offline activation now, does it return a serial number to user for next step ?)You can also check it inside user-mode.4. Driver check the serial number, if valid then unlock all feature, otherwise return error info to user-mode app.
P.S. Don't forget to use the same licensing parameters for driver and user-mode applicaton.
I intend to allow users to transfer licenses to another device, i.e., one license can only run on one device at the same time.
The actual operation is to deactive the current license, get the hardware ID of the new device, and then generate a new license send to user, right ?
If the cracker intercepts an activated serial number (because it either store in disk as you said or send to driver by DeviceIoControl, maybe DeviceIoControl can be hooked ?) , and my driver is only check serial number is valid, it's unable to check is it active (ActivateAPI not work in driver). So is it means the deactive serial number still valid in my driver ?