-3

I have a class ProductKeyLib that is part of project MyProgram-Web, which itself is a part of solution MyProgram. As of now, this lib only checks whether the key is valid, but does not generate one. The interface for key generation will be in project MyProgram-KeyGen, which also is part of solution MyProgram.

Now, the tricky part: I would like to have both functions (generation and check) in one class, because, as you may guess, 100% compatibility between key generation and key check is better achieved when everything is in one file, and also my unit tests will be easier then.

But: both programs should include that part in their program, I don't want to have a special dll. Furthermore, MyProgram-Web should only include the checking part, not the key generation.

Can I do that in VisualStudio? If so, how?

Alexander
  • 19,906
  • 19
  • 75
  • 162
  • Keep them as they are. Write an integration test to make sure they stay in step... – Tony Hopkinson Jul 11 '14 at 11:47
  • You can include source code file into project as a link. This will be two different classes, but you'll have a single access point to both of them. Just press an arrow on the "Add" button in the "Add existing item" dialog and choose "Add as a link" – mazharenko Jul 11 '14 at 11:47
  • Don't think that is a good idea, but as @mazharenko mentioned, you can do it this way.. – brainless coder Jul 11 '14 at 11:49

1 Answers1

1

Well, it's probably not a good idea, but you can use a combination of compiler defines and linked source files.

So you'd have a single cs file containing all the code linked to both projects (no common library - just the single code file). In it, you'd have all your code:

#if KeyGen
public string GenerateKey(...)
{
  ...
}
#endif

public bool CheckKey(...)
{
  ...
}

Then, in your keygen project, you'd put a compiler define named KeyGen, and the generation code will only be compiled in the keygen part, and not the client application.

However, this still reeks of "security by obscurity". If the key generation and checking is actually important, this would be insufficient. For example, just through knowing how the key is checked, you can in many cases easily find ways to construct the keys (and even brute-force algorithms are very reliable nowadays, even without utilizing the GPU).

Luaan
  • 62,244
  • 7
  • 97
  • 116
  • Every kind of license key or keycheck can be reverse engineered and/or removed from a program. So every program can be made to work without requirement of key or anything. There is no "working" DRM - except keeping the program safe on my own server, only providing API to customers. (Which will not work with our customers because some need to be independent from the internet). So, yes, this _is_ "security by obscurity", like every license key. If you have an idea how to do an 100% secure offline check, better don't let me know - go sell it to RIAA, they'll pay you millions. – Alexander Jul 11 '14 at 12:47
  • PS: Do I need to mention that the program is 50% compiled C# and 50% "compiled" (obfuscated/minified) JS? PPS: I was careful enough to not include the license check in JS :p – Alexander Jul 11 '14 at 12:50
  • Yeah, you're preaching to the choir. If only the people responsible for DRM understood how incredibly easy it is to get around any check... I've actually had to implement DRM once too. You had to activate the application by sending an SMS. The validation process was extremely robust. The check on the client side? Just add one little jump here, and yay, no check! :D – Luaan Jul 11 '14 at 13:09