VB6 - Creating Serial Number Code

[Digitalfox]

Hi guys, I'm back with a new question in continuation of my project ;)

  Quote

I'm creating a small project in Visual Basic 6 for a class I'm taking (Yes we have to create the project in VB6, teacher orders :) )

And so I'm creating a small VB6 Setup program to install a future program I might create...

I'm creating a form for a Serial Number, and it's basically done.

On user Serial number error:

So I have all fields set to setfocus when 5 characters are entered it jumps to the next text box, when 25 characters are inserted it unlocks the next button and runs an if to check the serial.

If the 25 characters don't match the serial, it gives the error msg..

Private Sub CMDNEXT_Click()

If TXTSERIAL1 = 11111 And TXTSERIAL2 = 11111 And TXTSERIAL3 = 11111 And TXTSERIAL4 = 11111 And TXTSERIAL5 = 11111 Then

    MsgBox "Test"
    Unload Me
    FRM04.Show

Else

     IMGWARNING.Visible = True
     LBLERROR.Visible = True
     CMDNEXT.Enabled = False

End If

End Sub

Now as you can see the Serial validation I made is fairly basic (I'm a VB6 noob :blush: ) and If I had to sell (remember this is just a personal project for a course) the program to 5 people, I have to enter 5 serials in the If cycle...

So I was wondering without creating too much complex code, is there a way of creating a random serial code creator ( In vb6, just another exe that creates basic 25 characters serial) , and use it in my project, like each field if it the combination of numbers makes 15 in a text box is valid or something ( did I make sense? :laugh: ) ?

Thanks guys :)

[username();]

Wait - you are using VB6? Why??

[Subject Delta]

If you really want to make your serial code potentially secure, wouldn't it be safer to base it on a serial algorithm, rather than a single set serial code?

[Digitalfox]

  On 26/02/2011 at 00:24, username(); said:

Wait - you are using VB6? Why??

I'm creating a small project in Visual Basic 6 for a class I'm taking (Yes we have to create the project in VB6, teacher orders :) )

And so I'm creating a small VB6 Setup program to install a future program I might create...

  On 26/02/2011 at 00:29, Subject Delta said:

If you really want to make your serial code potentially secure, wouldn't it be safer to base it on a serial algorithm, rather than a single set serial code?

I really don't have much free time to create any complex serial number generator, I have to deliver the project in some days. Remember this just a small project for a course :)

[georgevella]

  On 26/02/2011 at 00:32, Digitalfox said:

I'm creating a small project in Visual Basic 6 for a class I'm taking (Yes we have to create the project in VB6, teacher orders :) )

And so I'm creating a small VB6 Setup program to install a future program I might create...

I really don't have much free time to create any complex serial number generator, I have to deliver the project in some days. Remember this just a small project for a course :)

You need to come up with something to generate the serial numbers. I would do this if I was doing a class project: add up all the numbers/letters entered by the user, do some mathematical work. The serial is valid if the result is a predefined number. You can easily generate you 25-number serial keys, as long as the result is the number you want.

I hope this is clear as its 2am here and I am kinda tired :)

PS: don't use vb6 to write your setup program, learn something like WIX (Windows Installer Toolkit) or NSIS (Nullsoft's Installer). They can come in handy when distributing your software.

[Gone]

Why don't you just use "key". You take that key and use a random number generator based off the work or value in the key. Then using the value generated, you can then use that value that was generated as part of your serial number, and you would include the random number that was chosen to do a mathmatical operation to generate you the value. I don't know how to explain this in sentences so here it is simply:

(with PHP variables lol)

$key = "ILikeCake"

$random_number = random_number_function();

(convert $key to a number value somehow here. Its been years since I've coded anything at all, let alone write a "hello world" application, so bear with me);

$serial= $key * $random_number; (Muliply your key by the random number generated)

$serial = $serial +$random_number (Add the random number that was generated to the beginning, middle, or end of your previous serial number generated the step above, or even mix it into your serial number somehow)

Now at the end, when you verify a serial number, the only constant variable to check for is, when you reverse your math equation used to create the serial number, you make sure it equals the original key "ILikeCake". If somebody tries to change a value of the serial number, eg enter a wrong one, when you perform the decrypt operation you could write, it would not find the original word of "ILikeCake".

So reverse:

Now you need to get the random number from the serial number entered. Wherever you decide will be the random number spot, locate it and read the number into a variable.

Divide serial by random number (the remaining portion of the serial number, NOT THE RANDOM NUMBER PART OF IT!!)

Now you will compare the value of the serial devided by the random number portion, and see if it equals ILikeCake.

I'm sorry to explain this bad, I could make a PHP version in about an hour, however it would be of no use to you. I'm not good at explaining, just doing.

[boogerjones]

This kind of thing is typically done with 3 components: a random component, an optional flagged (feature) component, and a checksum component. The random part is, as the name implies, just some random bytes. The flagged feature component is a set of flags (enums) that map to a particular set of features in your application (for example, the hex value 0x01 might map to ENTERPRISE_EDITION, and 0x02 might map to PERSONAL_EDITION), and are then optionally transformed with the random bytes (by XOR them, for example, though this isn't necessary). The flagged feature component, of course, is entirely optional. The checksum component simply validates the rest of the serial number. For example, if my serial number is 1234-10, the "1234" might be the serial portion, and the "10" is the checksum (in this case, the sum of the individual serial components). So the serial "2345-14" would be another valid serial number. "3456-11" would be invalid. That's how the Post Office validates delivery-point bar codes; the last digit is the sum of the rest of the bar codes digits modulo 10. The random component makes it so that the same feature set creates different checksums.

DON'T LISTEN TO ANYBODY WHO TELLS YOU THAT SIMPLE CHECKSUMMING ISN'T SECURE. Of course it's not, nor is it meant to be! You CANNOT secure a serial number. Microsoft, Adobe, Autodesk, and everybody else cannot do it, so neither can you.

If you want to force somebody to have to patch your application in order to generate serial numbers, you have to digitally sign each serial with a private encryption key, embed the public encryption key in the application, and validate the digital signature of the serial number on each startup. This is what companies like Jetbrains, Atlassian, PGP, etc, do with their serial numbers. In order to crack them, you have to either A) deduce the private key (which is possible with JetBrains since they only use 512-bit RSA keys), B) replace the embedded public key with your own so that you can use your rogue private key to digitally sign serial numbers, or C) patch the program to skip the digital signature validation step. Here is an example of how the Qt configure script checks license keys for various features (it's written in C, but the idea is the same). You can see from line 133 that if the 4th part of the serial number contains "F4M" and the first character of the serial is "F", then you have the COMMERCIAL type and the UNIVERSAL edition.

I hope this provides enough info for you to complete your task. Your first 5 characters could be random, the middle 15 characters could be whatever you want them to be (even more random ones if you want), and the last 5 characters could be a checksum of the other 20. Keep things simple and remember that you cannot prevent somebody from deducing your serial generation algorithm; it's not possible.

[Digitalfox]

Thanks guys :)

Here's what I been abbe to do, a small key-gen for creating serials to use on my little project...

But I'm obviously screwing this up, cause Serial any Serial5 should never have less that 5 characters or more than 5 characters...

But sometimes the program just locks after working for 7 or 8 Serials been generated.... :\

I feel such a noob on this.... :(

Dim varSerial1 As Integer
Dim varSerial2 As Double
Dim varSerial3 As Double
Dim varSerial4 As Double
Dim varSerial5 As Double

Private Sub CMDGENERATE_Click()

TXT1.Text = ""
TXT2.Text = ""
TXT3.Text = ""
TXT4.Text = ""
TXT5.Text = ""

varSerial1 = 0
varSerial2 = 0
varSerial3 = 0
varSerial4 = 0
varSerial5 = 0

Randomize

Do While varSerial5 < 10000 And varSerial5 > 99998

  'Serial 1
  Do While varSerial1 < 10000
    varSerial1 = Int(Rnd * 63000) / 2
  Loop

  'Serial 2
  Do While varSerial2 < 10000
    varSerial2 = Int(Rnd * 99998) 
  Loop

  'Serial 3
  Do While varSerial3 < 10000
    varSerial3 = Int(Rnd * 99998) 
  Loop

  'Serial 4
  Do While varSerial4 < 10000
    varSerial4 = Int(Rnd * 99998) 
  Loop

  'Serial 5
  varSerial5 = varSerial3 + varSerial2 + varSerial1 - varSerial4

Loop

TXT1.Text = varSerial1
TXT2.Text = varSerial2
TXT3.Text = varSerial3
TXT4.Text = varSerial4
TXT5.Text = varSerial5

End Sub

[hdood]

If the goal is just to create a setup program, I would leave out all the key verification code. Simply have stubs that always return true for the various functions if you want to have it in there at all. That code would generally be application-specific anyway and not part of the generic setup program itself anyway.

If you can manage, I would also make a very basic script file that tells the installer what to do instead of hard-coding it. Basically a file that contains the content of the various setup screens and what the program does in response to actions (ie copy a list of files or whatever.)

I do understand that this might be more complicated than you have time for, but I would rather spend my time on this than key generation/validation stuff, and I'd wager that whoever has to grade the project would think the same. It doesn't have to be advanced, just the bare minimum you can get away with to make the setup program somewhat "generic." It doesn't make much sense to be missing basic parts like that but have advanced features like key validation.

If you really do need the key stuff, you have to remember that you can't just arbitrarily decide to have a key made up of 5x5 characters. They have to actually mean something, not just be random numbers. You can't copy the format of a Microsoft (or whoever) key without understanding why it has that format. Start from scratch with something basic.

[acnpt]

Can't see what country your in, but is this for A-Level Computing?

[iamawesomewicked]

I'm no expert.. but why not have it so that you can generate codes that get added to a database within the program and then when someone goes into add a code it'll check within the program.

[Digitalfox]

Well after a bunch of hours the Serial part (The Serial Generator I created and the code on the Setup to accept the Serials ) It's working, even better than I expect it ;)

Thanks everyone for your help :)