In my question I do not want to know how to implement a license strategy, I want know how to avoid bypassing the license.
Let us say we have the following code to check if a license is valid or not:
if(!erz_is_license_valid(cfg.arguments[CFG_LICENSE_KEY], decryptKey, 2, 0, erz_aes_decrypt))
{
erz_output(red, LOCAL_FUNCTION_NAME, "License not valid.rn");
valid = 0;
}
else
{
erz_output(green, LOCAL_FUNCTION_NAME, "License validrnrn");
valid = 1;
}
This function do was it should, it checks the license and sets a flag for further use (i.e. to exit app or call the licensed functions).
I downloaded a tool named x64dbg.exe
to see the assebmly dump. I never used such tools before, it tooks me only 15 minutes to set the valid
bit to true (license valid) with this. I must only change the xor eax,1
to xor eax,0
to bypass the license.
In this case it was easier because I can search for the string License not valid
but such a text is used from every application I know which have a licensing procedure (a message box will pop up or something else).
So what is the best way to prevent the bypass? If I request the license check on more places I think I can make it harder to bypass but not preventing.