To protect my code
Show older comments
Dear Sirs,
I built an executable file without GUI because I can not find Italian documentation and now I would like to protect my software. I used pcode and deploytool with this order but I would like:
1.to write the password into windows command prompt too (In this time I use logindlg but I don’t like it very much)
2.to create an executable file that work on one computer only too (I would like to use a code that to read IP of my pc)
Are they possible?
Thanks M. Peruzzo
Accepted Answer
While it is easy to create a password input dialog in a few lines, restricting the usage to a single computer is actually impossible, when you want a serious protection level. On one hand the TCP/IP can change, on the other hand it is not trivial to obtain it in a trustworthy way. Usually the MAC-address of the network card is used, but this can be modified by a user also. Finally a user can install your program in a virtual machine, such that running it on several real computers is trivial also.
I suggest to read http://undocumentedmatlab.com/blog/unique-computer-id/. Finally it is more helpful to let a customer sign a non-disclosure agreement and ship the program as source code. All big software manufacturers have been victims of pirated software, therefore I do not think that a reliable copy-protection is possible except for the cruel online activation.
[EDITED] Password dialogs from the FileExchange:
- http://www.mathworks.com/matlabcentral/fileexchange/37292-login
- http://www.mathworks.com/matlabcentral/fileexchange/29616-passwordui
- http://www.mathworks.com/matlabcentral/fileexchange/26624-password-gui
- http://www.mathworks.com/matlabcentral/fileexchange/24861-41-complete-gui-examples/content/GUI_37.m
- http://www.mathworks.com/matlabcentral/fileexchange/23045-getauthentication
- http://www.mathworks.com/matlabcentral/fileexchange/19729-passwordentrydialog
- http://www.mathworks.com/matlabcentral/fileexchange/6590-passcode
I expect that these programs contain enough example code. When you want to solve a standard problem, searching in the FileExchange is a good idea.
5 Comments
Jan
on 25 Sep 2012
What is the "command prompt of Windows"? Do you really mean cmd.com? If so, you cannot influence the appearence of the characters as simple as in a GUI. And if you could do it, this would be a big security hole again, because the transport of the password from the external console to the function which compares the password cannot be secured.
Btw. Do not store the password in clear text in the function, because it is trivial to extract. Store a "salted hash" instead. WikiPedia knows the details.
Mario
on 25 Sep 2012
Yes, Mario, I can try to formulate it in a different way: Storing the correct password in clear text inside the function allows to reveal the seceret easily. Therefore a hash value of the password is stored and compared with the hash of the password typed in by the user. But passwords have usually 6 characters, to be exact, they contain the characters '1' to '6' in sorted order. Therefore it is very cheap to use a lookup table to search in your program for the hash-values of the most frequently used 1e6 passwords. Tools, which perform this automatically, can be downloaded freely from the net. To avoid such attacks, the hash value is not calculated directly, but a so called "salt" is added by the function, which checks the password, e.g. 'a98D8szd*=)+&R'. Now the user types in the dull '123456', but the hash is created for 'a98D8szd*=)+&R123456'. Although the hash must be store in clear text, this increases the costs of a brute force attack or the create of a lookuptable dramatically. As mentioned already, this method is explained exhaustively in WikiPedia - simply ask Google: https://www.google.de/search?q=Wiki+salted+hash. This was meant by "WikiPedia knows the details."
But the corresponding WikiPedia articles contain a meta-message: Creating secure login procedures is an extremly complicated task. Even international credit card companies repeatedly fail to implement this reliably.
More Answers (2)
Categories
Find more on Entering Commands in Help Center and File Exchange
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
