Professional Documents
Culture Documents
Minor Project 6
Minor Project 6
Submitted by:
Sagun Raj Khaniya
Shirish Mahato
Sanjaya Neupane
Sahil Tamang
Biplove Khanal
Submitted To:
Department of Computer Science
2020
ABSTRACT
This paper introduces the main technologies of software code protection for .NET, and analyzes their
advantages and disadvantages. On the basis of analyzing new demands of .NET software protection, we
point out the necessarily and possibility of the trend from code protection to software licensing protection.
Then a cloud licensing protection model for .NET software combining code protection with software
licensing is presented. This paper provides theoretical and practical guidance for the intellectual property
of .NET software’s.
Acknowledgement
We would like to thank our supervisor Er. Sulav Adhikari for his feedback and guidance during the
course of this project. His contribution in simulating suggestions and encouragement helped us to
coordinate our project.
In addition, we would also like to thank Er. Sulav Adhikari Program coordinator for BCS-NT, Forbes
College for his inputs during the course of this project, He also kept us up-to-date with relevant notices
and deadlines, which helped us stay on track to complete this project.
We would also like to acknowledge Respective Supervisor Teachers for guiding us in various technical
aspects throughout the project in additional to this we would like to thank all the teachers who encouraged
us and guided us time to time during the project.
Sincere Thanks
Project Managers
Table of Contents
ABSTRACT...............................................................................................................................................2
Acknowledgement.....................................................................................................................................3
List of Figures............................................................................................................................................5
List of Acronym and Abbreviations.........................................................................................................5
Chapter 1: Introduction............................................................................................................................6
Project Background and Justification..................................................................................................6
Project Objective...................................................................................................................................7
Things used in our project.......................................................................................................................7
Project Beneficiary................................................................................................................................8
Chapter 2: Project Methodology..............................................................................................................9
Use Case Diagram................................................................................................................................10
E-R Diagram........................................................................................................................................11
Database Tables...................................................................................................................................12
Process/Time Plan...............................................................................................................................16
Front End.............................................................................................................................................17
Back End..............................................................................................................................................18
Task Done.............................................................................................................................................21
Steps to use projectchiper / Zchiper.....................................................................................................26
Task Remaining.......................................................................................................................................27
Time Estimation...................................................................................................................................28
Reference..................................................................................................................................................29
List of Figures
Abbreviations Definition
Application security has always been a challenging task for software developer and other different
organization. There are different types of software which provides security to the application but they are
not reliable and not compatible for all software and also some are most expensive which is not affordable
by small software developer and small organization. In traditional licensing system.
With the development of service computing and cloud computing, the software based on the client is
changing into the software based on the server. Software as a service (SaaS) has the same meaning with
on-demand software, application service provider and hosted software. And SaaS is a mode providing
software through Internet. Software vendors deploy application software in servers which they own and
maintain. The vendors provide the online or off-line operation, and local data storage for the software.
End users use the application software services through the network and don't need to maintain the
software. They pay vendors in accordance with the amount of subscription services and using time, and
vendors provide maintenance services through the network.
Cloud computing presents a challenge for software protection as well as the traditional software licensing
model. On one hand, software systems are increasingly complex and large. According to the function or
configuration, software often has multiple versions. End users do not need all functions and can't afford
the cost of entire software. On the other hand, software users have put forward new demands such as
software leasing, on-demand using, electronic distribution, automation process, as well as on-line
maintenance and provide services. The traditional distribution method and authorization model of
software have been unable to meet the new demands. For example, software dog, conventional disposable
permanent authorization model, has apparent disadvantages in cloud computing environment: hardware
has brought the cost of production, initialization, logistics and maintenance, software cannot be
distributed electronically or in trial version and can't purchase on-demand, the additional interface
requirements and the hardware equipment annoy users, as well as hard to upgrade and after sales
management. Vendors need more flexible, future oriented authorization schemes. Based on these existing
technologies and some problems of these schemes, this paper gives a multiple protection scheme that
integrates code protection and software licensing technologies for .NET software
Project Objective
1. Multiple Users: The SaaS model can be used by multiple users at a time, and operates on a
subscription per user per month basis. It is quick to deploy as your only requirement is an internet
connection, and you are ready to use your new software. On the other hand, the conventional
model cannot be deployed immediately as software needs to be installed and user training is
required.
2. Work From anywhere: SaaS can be accessed from any computer or device at any time, the only
requirement is an internet connection. This gives the freedom of working from anywhere and
results in a more productive output. The application is mobile friendly and unlike Traditional
Software Licensing Model applications, the learning curve for SaaS solutions is very low. Also,
online training on SaaS applications can be generated on demand.
3. Latest Updates: One major advantage of using Software as a Service is that at all times you will
be using the most updated version of the software. There is no need of installing and managing
software updates. And unlike on premise, you don’t have to wait for getting hold of the latest
features and upgrades.
4. Reliability & Security: With SaaS, you can obtain guaranteed levels of service and performance.
This model also offers automatic data backups and recovery, which is a meticulous process with
regards to Traditional Software Licensing Model users. Automatic recovery and backup of
information delivers a sense of security while using SaaS data centers and it becomes more
reliable than the data management offered by in-house systems in the organizations.
5. Less Costly: SaaS customers do not have to pay large upfront cost as it is based on a monthly
subscription fee. This results in a better and long-term customer relationship and a focus on
customer satisfaction. Whereas in the case of Traditional Model, the initial costs are very high but
there are no subsequent periodic payments required.
6. Less Investment: In case of on premise the higher costs include the costs of hardware, software
and resources. However, as the SaaS software can be hosted from distant locations, no additional
hardware requirements are there, which further minimizes the costs. This implies that the initial
investment by organizations in Traditional Software Licensing Model is way more than in the
SaaS model.
Chapter 2: Project Methodology
Introduction
During the time of developing a project proposal for a specific project, a model has to be implemented for
the analysis, design, planning, implementation and maintenance of the final output as the output of the
project development phase. This model is considered as a "methodology", which is implemented by a
project manager or a project lead for achieving different goals in order to fulfill the planned objectives
within a pre-defined working schedule and a fixed working budget. The methodology features all of the
procedures to be followed during the project development phase, along with different systematic
diagrams explaining about the working principles of the project and the technologies that are to be used or
implemented throughout the project development phase.
Use Case Diagram
Figure 3 : Database
Figure 4 : Auth
Figure 5 : Banned
Figure 6 : Owners
Figure 7 : Premium
Figure 8 : Programs
Figure 9 : Tokens
Figure 10 : Users
In our project we are using “projectc_3134390a68” named database to store the data and credentials of In
In Figure 3. It is the database structure of the projectchiper(Zchiper). Our project database has total 8
structure i.e., auth, banned, owners, premium, programs, tokens, users, vars. In Fig 4, Auth has three
columns i.e., id. Token, version. Likewise, in Fig 5, banned has also three columns i.e., username, ip,
date. In Fig 6, owners have 6 columns i.e., id, username, password, email, isbanned, premium. In Fig 7,
premium has 4 columns i.e., id, token, used, used_by. In Fig 8, Programs has 16 columns i.e., id, owner,
name, authtoken, version, banned, clients, freemode, enabled, message, downloadlink, hash, filename,
developermode, hwidlock, variablekey. In Fig 9, tokens have 9 columns i.e., id, token, owner, program,
days, used, used_by, level, programtoken. In Fig 10, users have 10 columns i.e., id, username, password,
email, level, expires, hwid, ip, banned, programtoken.
Process/Time Plan
A project plan is a document that defines the project scope and outlines its objectives. No project plan is
the same because no project is the same. Once the project has been designed, it must be implemented.
System implementation involves software development, testing of programs and procedure, development
of documentation and varieties of activities.
Our project development process includes a lot of phases. These phases include ideation, discovery phase,
planning, and many others. So, we have considered time management as our key focus designing our
project plan. S.W.O.T. stands for strengths, weaknesses, opportunities, and threats, and those four things
are exactly what we’ll be identifying to better plan our project. We will try to strengthen the weakness
and also try to make backup plans for the possible threats. We also careful test our project and double
check the efficiency and possible threats. Secured, quality service and accurate reporting is the primary
need of any organization.
Front End
Php
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open-source general-purpose
scripting language that is especially suited for web development and can be embedded into HTML.
We are using PHP in Frontend programing language to design GUI. Zchiper is based on Php framework.
To see the Front-end please visit the Fig 11.
Back End
PHP
For Backend programing language, we are using PHP. PHP is used for API along with MySQL
connection. REST API refers to the interface that allows mobile devices and web browsers (or also other
web servers) to create, read, update and delete resources in the server respecting the REST rules (such as
being stateless). Using REST API, we have built back-end and then build different front-ends for web
browsers because the back-end is decoupled from the front-end--the communication between the client
and the server apps takes place via the REST interface.
Back-end developers are Sagun raj khaniya and Sanjaya Neupane. For backend we create 8 Php
files that are index.php, login.php, program.php, redeemtoken.php, register.php, setting.php,
variables.php, version.txt.
Index.php indicates the default page for the backend. Index.php helps us to check the backend is working
or not
Login.php indicates the login authentication for user in the projectchiper.xyz. In login.php plain text
username and password are encrypted with AES-256-CBC. If there Sql error it indicated SQL error in the
login page likewise, if the incorrect details are provided then it reply “Incorrect username or password”. If
the user account is banned then respond "Your account has been banned!". If incorrect hardware then the
status is failed and it respond "Incorrect machine ID.". Same as if the usertime is expire then it respond
"Your time has expired!". If user provide null entry then it shows "Please fill in all fields before
attempting to login!". If the hardware id is reset then it respond "Your HWID has been reset, please login
again.".
If any of program is banned then it respond "The developer of this program has been banned, therefore
you cannot login or register.".
Login encryption and salting codes are given below
function SaltString($string){
$string = str_replace("z", "?", $string);
$string = str_replace("a", "!", $string);
$string = str_replace("b", "}", $string);
$string = str_replace("c", "{", $string);
$string = str_replace("d", "]", $string);
$string = str_replace("e", "[", $string);
return $string;
}
function DesaltString($string){
$string = str_replace("?", "z", $string);
$string = str_replace("!", "a", $string);
$string = str_replace("}", "b", $string);
$string = str_replace("{", "c", $string);
$string = str_replace("]", "d", $string);
$string = str_replace("[", "e", $string);
return $string;
}
function Encrypt($string)
{
$plaintext = $string;
$password = base64_decode(DesaltString($_POST['session_id']));
$method = 'aes-256-cbc';
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = base64_decode(DesaltString($_POST['session_salt']));
$encrypted = base64_encode(openssl_encrypt($plaintext, $method, $password,
OPENSSL_RAW_DATA, $iv));
return $encrypted;
}
function Decrypt($string)
{
$plaintext = $string;
$password = base64_decode(DesaltString($_POST['session_id']));
$method = 'aes-256-cbc';
$password = substr(hash('sha256', $password, true), 0, 32);
$iv = base64_decode(DesaltString($_POST['session_salt']));
$decrypted = openssl_decrypt(base64_decode($plaintext), $method, $password,
OPENSSL_RAW_DATA, $iv);
return $decrypted;
}
Setting.php include the database connection. The codes are given below
<?php
error_reporting(0);
$myhost = "localhost";
$myuser = "projectchiper";
$mypass = "IKGJfasdkfso@W32.Y";
$mydb = "projectc_3134390a68";
$key = "2147828743";
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
Version.php indicates the version of the dll. If we modify the dll then we have to update the version
number so client knows that the version is older and they have to update it.
Database
A database is an organized collection of structured information, or data, typically stored electronically in
a computer system. For our project, Database is controlled and managed by our team member named
Biplove khanal. All the data entry and implementation for our project is done by biplove khanal. At first
he made the database named “projectc_3134390a68”. After that he made 8 tables named auth, banned,
owners, premium, programs, tokens, users, vars. To know the Database structure please see from Fig 3 to
Fig 10.
All the banned user credentials are stored in banned tables. In Owners table all the registered user data are
saved. All the premium members details are stored in premium tables. Tokens are saved in Tokens table.
All the user program are saved in program tables. User info are saved in user tables. For now we are not
using Vars table.
For the protection of the software we are using VmProtect and ezriz .net reactor for the code
obfuscation. We have protected our dll through virtualization of VMP.
Task Done
Figure 11 : Login Page
To implementation all these features we need at least 3 weeks i.e., 21 days. In 16-18 days, we will add
these features. After that to debug the issue we need 3 days to fix the bugs. For the better Graphic user
interface, we need 2-4 days for better design (responsive back-end, responsive front-end, user friendly).
So, the total required time is 28 days according to our estimation.
Reference
Liu HS, Sun CY, "Software watermark protecting software copyright". Computer
Knowledge and Technology, Vol.7, pp.1701-1703, March2010.
Du L, Yi JJ, Ning Ming Zhi, Zheng Lie Qin, Yu Bin, "The design of a fourth-generation
encryption dog". Measurement Technique, Vol.8, 2007.
Zhang LH, Yang YX, Niu XX, Niu SZ, "A survey on software watermarking". Journal of
Software, Vol. 14, pp.268-277, 2003.
Microsoft .NET Framework. http://msdn.microsoft.com/zh-cn/netframework/default.aspx,
2010-10
TIOBE Programming Community Index. http://www.tiobe.com.2012-01.
Christian Collberg, Jasvir N agra, Surreptitious Software: Obfuscation, Watermarking,
and Tamper proofing for Software Protection. Addison Wesley, 2009.
Shan HB, Wang KF. Li XF, Encryption and decryption of .NET programs. Beijing:
Electronic Industry Press, 2008.
Suprotim Agarwal, Protecting your .NET applications.