Academic Year 2020

A MINOR PROJECT PROGRESS REPORT ON

“Cloud based licensing system .Net Software Protection”

Submitted in Partial Fulfillment of the Requirements for the Bachelor of

Computer Science (Hons.) in Network Technology and Cyber Security

Submitted by:
Sagun Raj Khaniya
Shirish Mahato
Sanjaya Neupane
Sahil Tamang
Biplove Khanal

Submitted To:
Department of Computer Science
2020
 ABSTRACT

This paper introduces the main technologies of software code protection for .NET, and analyzes their
advantages and disadvantages. On the basis of analyzing new demands of .NET software protection, we
point out the necessarily and possibility of the trend from code protection to software licensing protection.
Then a cloud licensing protection model for .NET software combining code protection with software
licensing is presented. This paper provides theoretical and practical guidance for the intellectual property
of .NET software’s.
 Acknowledgement

We would like to thank our supervisor Er. Sulav Adhikari for his feedback and guidance during the
course of this project. His contribution in simulating suggestions and encouragement helped us to
coordinate our project.
In addition, we would also like to thank Er. Sulav Adhikari Program coordinator for BCS-NT, Forbes
College for his inputs during the course of this project, He also kept us up-to-date with relevant notices
and deadlines, which helped us stay on track to complete this project.
We would also like to acknowledge Respective Supervisor Teachers for guiding us in various technical
aspects throughout the project in additional to this we would like to thank all the teachers who encouraged
us and guided us time to time during the project.

Sincere Thanks
Project Managers
 Table of Contents
ABSTRACT...............................................................................................................................................2
Acknowledgement.....................................................................................................................................3
List of Figures............................................................................................................................................5
List of Acronym and Abbreviations.........................................................................................................5
Chapter 1: Introduction............................................................................................................................6
Project Background and Justification..................................................................................................6
Project Objective...................................................................................................................................7
Things used in our project.......................................................................................................................7
Project Beneficiary................................................................................................................................8
Chapter 2: Project Methodology..............................................................................................................9
Use Case Diagram................................................................................................................................10
E-R Diagram........................................................................................................................................11
Database Tables...................................................................................................................................12
Process/Time Plan...............................................................................................................................16
Front End.............................................................................................................................................17
Back End..............................................................................................................................................18
Task Done.............................................................................................................................................21
Steps to use projectchiper / Zchiper.....................................................................................................26
Task Remaining.......................................................................................................................................27
Time Estimation...................................................................................................................................28
Reference..................................................................................................................................................29
 List of Figures

Figure 1 : Use Case Diagram......................................................................................................................11

Figure 2 : E-R diagram..............................................................................................................................13
Figure 3 : Database....................................................................................................................................14
Figure 4 : Auth...........................................................................................................................................14
Figure 5 : Banned.......................................................................................................................................14
Figure 6 : Owners.......................................................................................................................................14
Figure 7 : Premium....................................................................................................................................15
Figure 8 : Programs....................................................................................................................................15
Figure 9 : Tokens.......................................................................................................................................15
Figure 10 : Users........................................................................................................................................16
Figure 11 : Login Page................................................................................................................................22
Figure 12 : Register page...........................................................................................................................22
Figure 13 : Incorrect username and password..........................................................................................23
Figure 14 : Login Dashboard Page without any program...........................................................................23
Figure 15 : Dashboard with program.........................................................................................................24
Figure 16 : Program panel / Generating Token..........................................................................................24
Figure 17 : Token Generated.....................................................................................................................24
Figure 18 : Raw/ Unused Tokens...............................................................................................................25
Figure 19 : Deactivation of program..........................................................................................................25
Figure 20 : Integrating cloud API to .net application successfully registered response.............................26
Figure 21 : Integrating cloud API to .net application successfully login response......................................26
Figure 22 : Unsuccessful login response in different pc with same username and password...................27
 List of Acronym and Abbreviations

Abbreviations Definition

AES Advanced Encryption Standard

SQL Structured Query Language

DBMS Database Management System

PHP PHP: Hypertext Preprocessor

IOT Internet Of Things

SAAS Software As A Service

CBC Cipher Block Chaining

 Chapter 1: Introduction

Project Background and Justification

Application security has always been a challenging task for software developer and other different
organization. There are different types of software which provides security to the application but they are
not reliable and not compatible for all software and also some are most expensive which is not affordable
by small software developer and small organization. In traditional licensing system.
With the development of service computing and cloud computing, the software based on the client is
changing into the software based on the server. Software as a service (SaaS) has the same meaning with
on-demand software, application service provider and hosted software. And SaaS is a mode providing
software through Internet. Software vendors deploy application software in servers which they own and
maintain. The vendors provide the online or off-line operation, and local data storage for the software.
End users use the application software services through the network and don't need to maintain the
software. They pay vendors in accordance with the amount of subscription services and using time, and
vendors provide maintenance services through the network.
Cloud computing presents a challenge for software protection as well as the traditional software licensing
model. On one hand, software systems are increasingly complex and large. According to the function or
configuration, software often has multiple versions. End users do not need all functions and can't afford
the cost of entire software. On the other hand, software users have put forward new demands such as
software leasing, on-demand using, electronic distribution, automation process, as well as on-line
maintenance and provide services. The traditional distribution method and authorization model of
software have been unable to meet the new demands. For example, software dog, conventional disposable
permanent authorization model, has apparent disadvantages in cloud computing environment: hardware
has brought the cost of production, initialization, logistics and maintenance, software cannot be
distributed electronically or in trial version and can't purchase on-demand, the additional interface
requirements and the hardware equipment annoy users, as well as hard to upgrade and after sales
management. Vendors need more flexible, future oriented authorization schemes. Based on these existing
technologies and some problems of these schemes, this paper gives a multiple protection scheme that
integrates code protection and software licensing technologies for .NET software
 Project Objective

 To provide security and encryption for application software.

 It is usually simple to build and adapt.
 Establish trusted identities and then control access to services and resources by using tokens
assigned to those identities.
 API gateways act as the major point of enforcement for API traffic. A good gateway will allow
you to authenticate traffic as well as control and analyze how your APIs are used.

Things used in our project

1. Cloud Service (LiteSpeed V7.8 CloudLinux 1.2)

2. Php Version 5.6.40
3. Visual Studio 2019
4. .NET Framework 4.7.2
5. Vmprotect obfuscation
Project Beneficiary

1. Multiple Users: The SaaS model can be used by multiple users at a time, and operates on a
subscription per user per month basis. It is quick to deploy as your only requirement is an internet
connection, and you are ready to use your new software. On the other hand, the conventional
model cannot be deployed immediately as software needs to be installed and user training is
required.

2. Work From anywhere: SaaS can be accessed from any computer or device at any time, the only
requirement is an internet connection. This gives the freedom of working from anywhere and
results in a more productive output. The application is mobile friendly and unlike Traditional
Software Licensing Model applications, the learning curve for SaaS solutions is very low. Also,
online training on SaaS applications can be generated on demand.

3. Latest Updates: One major advantage of using Software as a Service is that at all times you will
be using the most updated version of the software. There is no need of installing and managing
software updates. And unlike on premise, you don’t have to wait for getting hold of the latest
features and upgrades.

4. Reliability & Security: With SaaS, you can obtain guaranteed levels of service and performance.
This model also offers automatic data backups and recovery, which is a meticulous process with
regards to Traditional Software Licensing Model users. Automatic recovery and backup of
information delivers a sense of security while using SaaS data centers and it becomes more
reliable than the data management offered by in-house systems in the organizations.

5. Less Costly: SaaS customers do not have to pay large upfront cost as it is based on a monthly
subscription fee. This results in a better and long-term customer relationship and a focus on
customer satisfaction. Whereas in the case of Traditional Model, the initial costs are very high but
there are no subsequent periodic payments required.

6. Less Investment: In case of on premise the higher costs include the costs of hardware, software
and resources. However, as the SaaS software can be hosted from distant locations, no additional
hardware requirements are there, which further minimizes the costs. This implies that the initial
investment by organizations in Traditional Software Licensing Model is way more than in the
SaaS model.
 Chapter 2: Project Methodology

Introduction
During the time of developing a project proposal for a specific project, a model has to be implemented for
the analysis, design, planning, implementation and maintenance of the final output as the output of the
project development phase. This model is considered as a "methodology", which is implemented by a
project manager or a project lead for achieving different goals in order to fulfill the planned objectives
within a pre-defined working schedule and a fixed working budget. The methodology features all of the
procedures to be followed during the project development phase, along with different systematic
diagrams explaining about the working principles of the project and the technologies that are to be used or
implemented throughout the project development phase.
Use Case Diagram

Figure 1 : Use Case Diagram

 E-R Diagram

Figure 2 : E-R diagram

Database Tables

Figure 3 : Database

Figure 4 : Auth

Figure 5 : Banned

Figure 6 : Owners
Figure 7 : Premium

Figure 8 : Programs

Figure 9 : Tokens
 Figure 10 : Users

In our project we are using “projectc_3134390a68” named database to store the data and credentials of In
In Figure 3. It is the database structure of the projectchiper(Zchiper). Our project database has total 8
structure i.e., auth, banned, owners, premium, programs, tokens, users, vars. In Fig 4, Auth has three
columns i.e., id. Token, version. Likewise, in Fig 5, banned has also three columns i.e., username, ip,
date. In Fig 6, owners have 6 columns i.e., id, username, password, email, isbanned, premium. In Fig 7,
premium has 4 columns i.e., id, token, used, used_by. In Fig 8, Programs has 16 columns i.e., id, owner,
name, authtoken, version, banned, clients, freemode, enabled, message, downloadlink, hash, filename,
developermode, hwidlock, variablekey. In Fig 9, tokens have 9 columns i.e., id, token, owner, program,
days, used, used_by, level, programtoken. In Fig 10, users have 10 columns i.e., id, username, password,
email, level, expires, hwid, ip, banned, programtoken.

Process/Time Plan

A project plan is a document that defines the project scope and outlines its objectives. No project plan is
the same because no project is the same. Once the project has been designed, it must be implemented.
System implementation involves software development, testing of programs and procedure, development
of documentation and varieties of activities.
Our project development process includes a lot of phases. These phases include ideation, discovery phase,
planning, and many others. So, we have considered time management as our key focus designing our
project plan. S.W.O.T. stands for strengths, weaknesses, opportunities, and threats, and those four things
are exactly what we’ll be identifying to better plan our project. We will try to strengthen the weakness
and also try to make backup plans for the possible threats. We also careful test our project and double
check the efficiency and possible threats. Secured, quality service and accurate reporting is the primary
need of any organization.
 Front End

Php
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open-source general-purpose
scripting language that is especially suited for web development and can be embedded into HTML.
We are using PHP in Frontend programing language to design GUI. Zchiper is based on Php framework.
To see the Front-end please visit the Fig 11.

.Net programming language

NET is a free, cross-platform, open-source developer platform for building many different types of
applications. With .NET, you can use multiple languages, editors, and libraries to build for web, mobile,
desktop, games, and IoT. .NET Framework is a highly versatile software framework developed by
Microsoft and developed for Microsoft Windows. As against the misconception that .NET is a
programming language, it is asserted that .NET is rather a framework that supports many programming
languages such as C#, vb.net, C++, J#, so on and so forth. It is this versatility and flexibility of the .NET
framework that accounts for its popularity.
Our project is based on .Net programming language as our main programming language because we are
providing security, encryption and license system to the .Net programs (Software).

Back End
PHP
For Backend programing language, we are using PHP. PHP is used for API along with MySQL
connection. REST API refers to the interface that allows mobile devices and web browsers (or also other
web servers) to create, read, update and delete resources in the server respecting the REST rules (such as
being stateless). Using REST API, we have built back-end and then build different front-ends for web
browsers because the back-end is decoupled from the front-end--the communication between the client
and the server apps takes place via the REST interface.
Back-end developers are Sagun raj khaniya and Sanjaya Neupane. For backend we create 8 Php
files that are index.php, login.php, program.php, redeemtoken.php, register.php, setting.php,
variables.php, version.txt.
Index.php indicates the default page for the backend. Index.php helps us to check the backend is working
or not
Login.php indicates the login authentication for user in the projectchiper.xyz. In login.php plain text
username and password are encrypted with AES-256-CBC. If there Sql error it indicated SQL error in the
login page likewise, if the incorrect details are provided then it reply “Incorrect username or password”. If
the user account is banned then respond "Your account has been banned!". If incorrect hardware then the
status is failed and it respond "Incorrect machine ID.". Same as if the usertime is expire then it respond
"Your time has expired!". If user provide null entry then it shows "Please fill in all fields before
attempting to login!". If the hardware id is reset then it respond "Your HWID has been reset, please login
again.".
If any of program is banned then it respond "The developer of this program has been banned, therefore
you cannot login or register.".
Login encryption and salting codes are given below
function SaltString($string){
$string = str_replace("z", "?", $string);
$string = str_replace("a", "!", $string);
$string = str_replace("b", "}", $string);
$string = str_replace("c", "{", $string);
$string = str_replace("d", "]", $string);
$string = str_replace("e", "[", $string);
return $string;
}

function DesaltString($string){
$string = str_replace("?", "z", $string);
$string = str_replace("!", "a", $string);
$string = str_replace("}", "b", $string);
$string = str_replace("{", "c", $string);
$string = str_replace("]", "d", $string);
$string = str_replace("[", "e", $string);
return $string;
}

function Encrypt($string)
{
$plaintext = $string;
$password = base64_decode(DesaltString($_POST['session_id']));
$method = 'aes-256-cbc';
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = base64_decode(DesaltString($_POST['session_salt']));
$encrypted = base64_encode(openssl_encrypt($plaintext, $method, $password,
OPENSSL_RAW_DATA, $iv));
return $encrypted;
}
function Decrypt($string)
 {
$plaintext = $string;
$password = base64_decode(DesaltString($_POST['session_id']));
$method = 'aes-256-cbc';
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = base64_decode(DesaltString($_POST['session_salt']));
$decrypted = openssl_decrypt(base64_decode($plaintext), $method, $password,
OPENSSL_RAW_DATA, $iv);
return $decrypted;
}

Setting.php include the database connection. The codes are given below

<?php
error_reporting(0);
$myhost = "localhost";
$myuser = "projectchiper";
$mypass = "IKGJfasdkfso@W32.Y";
$mydb = "projectc_3134390a68";
$key = "2147828743";

$con = mysqli_connect($myhost, $myuser, $mypass, $mydb);

setlocale(LC_TIME, 'NP');
date_default_timezone_set('Asia/Kathmandu');
error_reporting(E_ALL);

if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

?>

Version.php indicates the version of the dll. If we modify the dll then we have to update the version
number so client knows that the version is older and they have to update it.

Database
A database is an organized collection of structured information, or data, typically stored electronically in
a computer system. For our project, Database is controlled and managed by our team member named
Biplove khanal. All the data entry and implementation for our project is done by biplove khanal. At first
he made the database named “projectc_3134390a68”. After that he made 8 tables named auth, banned,
owners, premium, programs, tokens, users, vars. To know the Database structure please see from Fig 3 to
Fig 10.
All the banned user credentials are stored in banned tables. In Owners table all the registered user data are
saved. All the premium members details are stored in premium tables. Tokens are saved in Tokens table.
All the user program are saved in program tables. User info are saved in user tables. For now we are not
using Vars table.
For the protection of the software we are using VmProtect and ezriz .net reactor for the code
obfuscation. We have protected our dll through virtualization of VMP.

Task Done
 Figure 11 : Login Page

Figure 12 : Register page

 Figure 13 : Incorrect username and password

Figure 14 : Login Dashboard Page without any program

 Figure 15 : Dashboard with program

Figure 16 : Program panel / Generating Token

Figure 17 : Token Generated

 Figure 18 : Raw/ Unused Tokens

Figure 19 : Deactivation of program

Figure 20 : Integrating cloud API to .net application successfully registered response

Figure 21 : Integrating cloud API to .net application successfully login response

 Figure 22 : Unsuccessful login response in different pc with same username and password

Steps to use projectchiper / Zchiper

Step 1: Need to register account in projectchiper.xyz

Step 2 : Login with the registered credential’s
Step 3: Create the program as shown in Fig: 15
Step 4: Download the example project from projectchiper.com/Example.rar
Sterp 5: If you want to use your own login panel for c# application then download the required files from
projectchiper.xyz/dll.zp
Step 6: If you are using example project file then extract the rar file with winrar or with any extractor that
uncompress the rar file
Step 6: Copy your application secret key from projectchiper.xyz/dashboard and paste in project file (sln)
in this code Demon.Seal.Secret=”paste your application secrete key here”;
Step 7: Press keyboard shift + b to build you application after that open your build application and
register a new account in your application. You need token to register in your build application which can
be found in projectchiper.xyz/dashboard/programs/tokens.php from that you can generate the token.
Step 8: After successfully generated token copy and paste in the application token filed and press register.
Step 9: After the successfully register login with the register account and press login and you will see the
expiry date you’re your license key.
 Task Remaining

 Ban the clients though cloud

 Debugger detection system
 Security challenges checking system (prevent from offline cracking)
 Proxy detection system
 VM detection system
 Background process checking system (If packet snipper, dumper or hacking tools detects program
automatically close)
 Hardware authentication, validation system
 Remote program Version option (for the update notice)
 Free mode option
 Program enable and disable option
 Remote message to all client’s option
 Update link or the download link of the new software through cloud
 Checking the program hash (User modification the application)
 Premium and free features for users (premium can create many programs but free cannot make
few number of programs)
 Time Estimation

To Add features Days needed

Ban the clients though cloud 1 day
Debugger detection system 1-2 days
Security challenges checking system 2-3 days
Proxy detection system 2-3days
1st Week End 1st Week End
VM detection system 2-3 days
Background process checking system 1 day
Hardware authentication, validation system 2-3 days
Remote program Version option 1 day
Free mode option 1 day
2nd week End 2nd week End
Program enable and disable option 1 day
Remote message to all client’s option 1 day
Update link or the download link of the new 1 day
software through cloud
Checking the program hash 2-3 days
Premium and free features for users 1 day
3rd week End 3rd week End

To implementation all these features we need at least 3 weeks i.e., 21 days. In 16-18 days, we will add
these features. After that to debug the issue we need 3 days to fix the bugs. For the better Graphic user
interface, we need 2-4 days for better design (responsive back-end, responsive front-end, user friendly).
So, the total required time is 28 days according to our estimation.
 Reference

 Liu HS, Sun CY, "Software watermark protecting software copyright". Computer
Knowledge and Technology, Vol.7, pp.1701-1703, March2010.
 Du L, Yi JJ, Ning Ming Zhi, Zheng Lie Qin, Yu Bin, "The design of a fourth-generation
encryption dog". Measurement Technique, Vol.8, 2007.
 Zhang LH, Yang YX, Niu XX, Niu SZ, "A survey on software watermarking". Journal of
Software, Vol. 14, pp.268-277, 2003.
 Microsoft .NET Framework. http://msdn.microsoft.com/zh-cn/netframework/default.aspx,
2010-10
 TIOBE Programming Community Index. http://www.tiobe.com.2012-01.
 Christian Collberg, Jasvir N agra, Surreptitious Software: Obfuscation, Watermarking,
and Tamper proofing for Software Protection. Addison Wesley, 2009.
 Shan HB, Wang KF. Li XF, Encryption and decryption of .NET programs. Beijing:
Electronic Industry Press, 2008.
 Suprotim Agarwal, Protecting your .NET applications.