This happens, and canwill happen to even Microsoft some day. The product comes with a unique key, and the installation file generates a second unique key (based off your hardware).īoth of these keys must be entered into an online form with your name and registration information, and then they send you the real key based off those two keys which actually unlocks the software, but only for that specific product key and on your specific hardware. Then, when someone enters a playtime-card number, check if its in the database, and if it is, associate that number with the current user so it can never be used again. The CD-key algorithm for World of Warcraft - used, for instance, when buying playtime cards - probably looks something like this. The full algorithm is rather complex, but outlined nicely in this (completely legal) paper, published in Germany. This allowed MS to both verify your key and obtain the product-type (Home, Professional, etc.) at the same time. Thus, you could enter anything for the first 12 digits, and guess the 13th (theres only 10 possibilities), leading to the infamous 1234-56789-1234. There are several ways to build them, but all necessarily rely on embedding some secret in the program that is required to verify the key. The scheme can be made arbitrarily obfuscated to make patching difficult, but its a certainty that the code can be patched to avoid any check.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |