Hey all,
I’ve put together a test script that i’m hoping to use as licensing for a commercial script. Basically it is supposed to work like this:
-customer gives me their MAC address
-i insert there MAC address into the script that i will be launching the commercial scripts from
-so when i go to check the MAC address that maxscript looks for and finds against the one they have provided i can either launch the script or throw up a messagebox saying that it isn’t licensed for that machine.
I know all about all the ways in which maxscript isn’t safe from piracy and all that…this is a very small market of people and i’m not trying to make it perfectly bulletproof…just somewhat safe. So here is what i have:
( --Beginning
global MACget_Dialog
try(destroyDialog MACget_Dialog)catch() --builds the dialogue box and tests to see if there is one open already
rollout MACget_Dialog "Get MAC Address V.1" --builds the rollout
( --begin rollout
group "MAC Address:" --builds a group
( --Beginning group1
button b_getmac " GET and Compare! " width:140 height:36 align:#center toolTip: "Gets and compares the MAC address to one provided." --Button to execute the creation of all the materials.
on b_getmac pressed do
(
NWIF = dotnetClass "System.Net.NetworkInformation.NetworkInterface"
the_Mac_array = NWIF.GetAllNetworkInterfaces() -- this is an array of all the Networks
the_PhysicalAddress_Array = #()
for net in the_Mac_array where (net.NetworkInterfaceType.toString()) == "Ethernet" do append the_PhysicalAddress_Array ((net.GetPhysicalAddress()).toString())
the_MAC=the_PhysicalAddress_Array[1] as string --saves out the MAC address as a string
test_mac2="11111111111111" --variable holding the provided MAC address
if the_MAC_array == test_mac2 then messagebox "This license is valid for this machine! " Title: "License:" beep: true else messagebox "This license is invalid for this machine." Title: "License:" --comparison and error message reporting based on the results of the comparison
)
on b_getmac rightclick do
(
messageBox "Must left click the button to execute script." title: "ERROR:" beep: true
)
) --end group1
) --end rollout
createDialog MACget_Dialog width:180 style:#(#style_SysMenu, #style_ToolWindow)
) --End
It seems like everything should work fine…oh and assume that test_mac2 is the MAC address provided by the customer. Thanks for the help!!!
The more relevant question is how you will use this check to protect your script. That will most likely be the weakest link of your protection.
Basically the people interested would send me the MAC address from the machine they want to Install it on, then I would place it in the encrypted script as a string. I compare the MAC address when the script is run to the address they gave me for that machine. If it matches I start the script…if it doesn’t I throw up a messagebox.
At least that was my thinking. I want to have some control over multiple installations. At least as much as is possible without a crazy amount of time or effort.
Short of breaking the .mse encryption (which is quite possible), this sounds like a decent plan, provided you:
[ul]
[li]Do not define or initialize any ‘protected’ struct or rollout before the check
[/li][li]Do not define any global variables as part of the check, or alternatively undefine any globals you absolutely had to define before the command returns to the user.
[/li][/ul]
Technical aspects aside, be prepared that node-locked licensing:
[ul]
[li]Would require extra work from you every time your users wants to switch machines.
[/li][li]For this reason, might be a turnoff for your users.
[/li][li]Specifically this implementation of hard-coding the MAC address, while somewhat safer, might also be confusing because the user over time might not be sure which version of YourTool.mse fits which machine.
[/li][/ul]
To be clear, I’m not saying node-locked licensing is a bad idea or trying to deter you from implementing it; there are obvious benefits. I just think you should be prepared for the above issues.
And having said that, be sure that if your product is useful and popular, it will be cracked.
which is true. and it will be cracked for free (just for fun), and put in some free resource.
Haha…useful yes…don’t think they’ll be popular! I really appreciate the info…and the help. I’m certainly not great at maxscript but this was about the only way that I could think of to somewhat protect it and a avoid one license purchased for an office full of people. The scripts that I want to offer have a fairly small market. So I don’t expect administering it this way will be too much of a problem.
I’m sort of stuck on the comparing of the MAC address variable and the supplied one…mostly as it relates to having maxscript do something for me. The code as I have it seems to choose the “else” even when it should be doing the “then” part. Not really sure where I’m going wrong…it looks fine to me…it just doesn’t work!
if the_MAC_array == test_mac2 then
you are checking the_MAC_array instead of the_MAC
i would do something like this:
fn getMACAddress all:off firstOnly:on asInt64:on =
(
address = for i in (dotnetclass "System.Net.NetworkInformation.NetworkInterface").GetAllNetworkInterfaces()
where all or i.NetworkInterfaceType == i.NetworkInterfaceType.Ethernet collect
(
a = (i.GetPhysicalAddress()).ToString()
if not asInt64 then a
else (dotnetclass "System.Int64").Parse a (dotnetclass "System.Globalization.NumberStyles").HexNumber
)
if firstOnly then address[1] else address
)
fn isValidMACAddress address =
(
case (classof address) of
(
String: stricmp address (getMACAddress asInt64:off) == 0
Integer64: address == (getMACAddress asInt64:on)
default: off
)
)
Just wanted to say thanks again to you guys…really appreciate the help!!!
Here is a tool that does just want you are after.
http://www.penproductions.ca/products/penLicensingSystem/
I have run into issues with it how ever in that some clients where getting constant errors. Turns out they are on a system that is constantly changing their MAC address for security reasons. I had to update the script to allow a simpler method for dealing with those specific clients.
the interesting concept. but the question is… how can i trust anyone else’s encrypted code making my own secure code protection?