Authentication codes (such as, for example, license codes (also referred to herein as serial numbers), voucher numbers, etc.) are commonly used for software and hardware activation. Fundamentally, the function of such code is as an authenticator, confirming that the user who enters the code has legitimate rights of access to the protected resource. An analogous use of such code can include functionality as a confirmation code, wherein a user purchases a product or service and enters the code, which confirms the purchase and/or the authority to access the product or service in question.
By way of example, traditional software activation licenses utilize a single algorithm which verifies that the license code is in the correct format. However, attackers wishing to facilitate unauthorized software use can reverse engineer this algorithm from the hardware or software implementation which embodies the algorithm, and produce an illegitimate license code generator (also referred to colloquially and herein as a “keygen”) which can produce keys that are in the correct format.
Accordingly, keygens represent a significant problem for the use of software activation codes. Multiple existing approaches attempt to target this challenge. For example, one such approach includes online verification. In this approach, the vendor keeps a database of legitimately issued serial numbers, and the number entered for authentication and/or confirmation is checked against that database. However, this approach requires connectivity, which may not be available. Scenarios wherein connectivity may be at issue might include, for example, if the given software is designed to run in an offline environment, if the given software is intended to run in secure/air-gapped environments (such as in government classified networks), and/or the item being authenticated has to be done so early in the boot process that the network stack is not yet available.
Another existing approach includes the use of blacklists of serial numbers to curb serial number sharing. However, keygens can typically produce a multiplicity of serials which will not appear on a blacklist. Other existing approaches include the use of hardware authenticators. However, hardware authenticators, colloquially referred to as “dongles,” pose high costs, both directly and operationally. In addition, many users resent the inconvenience of hardware authentications for software license verification.
Additionally, another existing approach includes the use of asymmetrical cryptographic algorithms, thus separating key generation (that is, using private keys) from key verification (that is, using public keys). However, with such an approach, the size of the resultant serial number is typically 50-100 characters long or more. Users have to be able to manually type and/or enter the resultant serial number, creating practicality and ease of use issues with such larger serial numbers. Further, an attacker may respond to an asymmetrical cryptographic algorithm by using a (version-specific) software patch to remove the algorithm (a technique that is also colloquially referred to as “cracking”).
Accordingly, a need exists for effectively detecting keygens.