VMProtect Software » Forum

Is this possible to make serial validation with WebLM(blocked or not)?

WebLM doesn't check serial numbers, so it's impossible.

Admin wrote:WebLM doesn't check serial numbers, so it's impossible.

So how to check if serial is not blocked? You offer option to block serial, what's the sense then of blocking it?
I know it's a problem of serials without HWID anyway present.
Do you plan to add checking?

Unfortunately I don't understand what you need. Anyway, VMProtectSetSerialNumber checks serial numbers.

But this routine check validation of key algo only but not online.
I think you should implement function to validate also serial number in weblm (blocked, valid) not only activation code.
From time to time after activation it could be safer to check if serial is still valid.
Now even it it's blocked in WebLM it still can be used.
Or maybe you already allow it?

Please advice.

I think you should implement function to validate also serial number in weblm (blocked, valid) not only activation code.

I think it's a bad idea, because a cracker can change your WebLM to another (via hosts) and will return to your programm a correct result )

It's enough to complicate a little response and calculate it on users computer basing on private key so it will be not easy then.
Please implement sth like that or other idea if you have better?
It's not very difficult new feature+it's compatible with current solution and increases functionality and security.

This is especially step foward for stolen serial keys.
Current blocking of serials in weblm does not make so big sense.

It's enough to complicate a little response and calculate it on users computer basing on private key so it will be not easy then.

It seems you forgot that a cracker already has your valid encrypted response (encrypted by your private key, etc.) and will return this response to your program. Please notice that any communication between your program and result of the serial checking will be patched very easy.

About blocked serials - you have to export your product (with all blocked serials) into VMP file and you have to use this file for new version of your program, so the new version will not accept blocked serials.

Hope this helps.

Ok but this apply only to future versions such 'offline block'
Anyway I think simple remote checking could be still better than no checking at all.
Thank you.

ps. Do you have plan to intrudocue some major improvements soon or this year?
Looks like development is slowed down a little...

Waht major improvements do you mean?

I'm asking you about your potential plans for adding new features or it will be rather fixing only and small improvements of current?

IMHO remote serial checking is good idea, please implement it.

Could you answer some questions?
1. A cracker changes your activation server to another and always send a valid result to your application. How are you going to protect it?
2. A serial number contains many fields that are required by protected application (customer name, email, additional data, etc.). How are you going to return protected (!!!) values of these fields from your activation server to a protected application?

P.S. I have already wrote that the remote serial checking is a very bad idea but you don't hear me.

Admin wrote:Could you answer some questions?
1. A cracker changes your activation server to another and always send a valid result to your application. How are you going to protect it?
2. A serial number contains many fields that are required by protected application (customer name, email, additional data, etc.). How are you going to return protected (!!!) values of these fields from your activation server to a protected application?

P.S. I have already wrote that the remote serial checking is a very bad idea but you don't hear me.

I read your messages exactly and hear.
I do not mean protect from cracker since with HWID serial will be usless when shared so it wasn't the point.
It's could have different purpose, for example User buy product, refund, and vendor want to disabled this serial for him.
It will be not usefull for cracker but for average user Yes.

#2 Not needed - simply such feature could delete - serial - but I see there small problem because developer store serial per his imagination so automatic function could not do that.

So after rethinking I don't know too how this could be done really universal.
Probably you are right and really no good solution.