Serial checking
Serial checking
Is this possible to make serial validation with WebLM(blocked or not)?
Re: Serial checking
WebLM doesn't check serial numbers, so it's impossible.
Re: Serial checking
So how to check if serial is not blocked? You offer option to block serial, what's the sense then of blocking it?Admin wrote:WebLM doesn't check serial numbers, so it's impossible.
I know it's a problem of serials without HWID anyway present.
Do you plan to add checking?
Re: Serial checking
Unfortunately I don't understand what you need. Anyway, VMProtectSetSerialNumber checks serial numbers.
Re: Serial checking
But this routine check validation of key algo only but not online.
I think you should implement function to validate also serial number in weblm (blocked, valid) not only activation code.
From time to time after activation it could be safer to check if serial is still valid.
Now even it it's blocked in WebLM it still can be used.
Or maybe you already allow it?
Please advice.
I think you should implement function to validate also serial number in weblm (blocked, valid) not only activation code.
From time to time after activation it could be safer to check if serial is still valid.
Now even it it's blocked in WebLM it still can be used.
Or maybe you already allow it?
Please advice.
Re: Serial checking
I think it's a bad idea, because a cracker can change your WebLM to another (via hosts) and will return to your programm a correct resultI think you should implement function to validate also serial number in weblm (blocked, valid) not only activation code.
)Re: Serial checking
It's enough to complicate a little response and calculate it on users computer basing on private key so it will be not easy then.
Please implement sth like that or other idea if you have better?
It's not very difficult new feature+it's compatible with current solution and increases functionality and security.
This is especially step foward for stolen serial keys.
Current blocking of serials in weblm does not make so big sense.
Please implement sth like that or other idea if you have better?
It's not very difficult new feature+it's compatible with current solution and increases functionality and security.
This is especially step foward for stolen serial keys.
Current blocking of serials in weblm does not make so big sense.
Re: Serial checking
It seems you forgot that a cracker already has your valid encrypted response (encrypted by your private key, etc.) and will return this response to your program. Please notice that any communication between your program and result of the serial checking will be patched very easy.It's enough to complicate a little response and calculate it on users computer basing on private key so it will be not easy then.
About blocked serials - you have to export your product (with all blocked serials) into VMP file and you have to use this file for new version of your program, so the new version will not accept blocked serials.
Hope this helps.
Re: Serial checking
Ok but this apply only to future versions such 'offline block'
Anyway I think simple remote checking could be still better than no checking at all.
Thank you.
ps. Do you have plan to intrudocue some major improvements soon or this year?
Looks like development is slowed down a little...
Anyway I think simple remote checking could be still better than no checking at all.
Thank you.
ps. Do you have plan to intrudocue some major improvements soon or this year?
Looks like development is slowed down a little...
Re: Serial checking
Waht major improvements do you mean?
Re: Serial checking
I'm asking you about your potential plans for adding new features or it will be rather fixing only and small improvements of current?
Re: Serial checking
IMHO remote serial checking is good idea, please implement it.
Re: Serial checking
Could you answer some questions?
1. A cracker changes your activation server to another and always send a valid result to your application. How are you going to protect it?
2. A serial number contains many fields that are required by protected application (customer name, email, additional data, etc.). How are you going to return protected (!!!) values of these fields from your activation server to a protected application?
P.S. I have already wrote that the remote serial checking is a very bad idea but you don't hear me.
1. A cracker changes your activation server to another and always send a valid result to your application. How are you going to protect it?
2. A serial number contains many fields that are required by protected application (customer name, email, additional data, etc.). How are you going to return protected (!!!) values of these fields from your activation server to a protected application?
P.S. I have already wrote that the remote serial checking is a very bad idea but you don't hear me.
Re: Serial checking
I read your messages exactly and hear.Admin wrote:Could you answer some questions?
1. A cracker changes your activation server to another and always send a valid result to your application. How are you going to protect it?
2. A serial number contains many fields that are required by protected application (customer name, email, additional data, etc.). How are you going to return protected (!!!) values of these fields from your activation server to a protected application?
P.S. I have already wrote that the remote serial checking is a very bad idea but you don't hear me.
I do not mean protect from cracker since with HWID serial will be usless when shared so it wasn't the point.
It's could have different purpose, for example User buy product, refund, and vendor want to disabled this serial for him.
It will be not usefull for cracker but for average user Yes.
#2 Not needed - simply such feature could delete - serial - but I see there small problem because developer store serial per his imagination so automatic function could not do that.
So after rethinking I don't know too how this could be done really universal.
Probably you are right and really no good solution.