Shulou(Shulou.com)06/03 Report--

First launched in: using http.get () to simply implement network verification to prevent customers from giving the final payment _ introduction to computer programming tutorial self-study

Http://jianma123.com/viewthread.aardio?threadid=428

Adding network verification to software is a practical function that often needs to be used. Here is a simple demonstration of how to use http.get () to simply achieve network verification to prevent customers from giving the final payment.

Applicable scenario

1. Internal software used by the group company for a large number of employees to prevent spread

two。 The software customized for customers adds network verification to the trial version to prevent the final payment.

Working process

First, let the user apply for an account, then the administrator adds the account in the background audit, verifies the machine code before each login, and returns the passcode for local verification.

Apply for opening account button: submit "user name / password / machine code" to the http server by http.get () and save it to the application form, and copy it to the access table one by one when the administrator examines it.

Login button: submit the "username / password / machine code / timestamp" with http.get (), and generate the correct passcode locally according to these parameter algorithms

After receiving it, the http server generates the correct response output of the passcode according to the algorithm of these parameters. After obtaining it, the client uses it to compare it with the locally generated passcode. If it is correct, it indicates that the login is successful.

Advantages

Machine code can be verified

You can verify the account

Because of the participation of time stamp, each click of the login button returns a different passcode. If the cracker does not know the verification principle, the packet grab can not be cracked by the way of local host jump, so he can only use od to modify the software logic judgment, which increases the difficulty of cracking.

Shortcoming

Using od to modify the logic judgment of the software can be easily cracked (ordinary users or customers do not have this ability, if you find someone to crack also need to pay a certain cost)

Anti-cracking

1. You can start the clock when you verify that the passcode is wrong, get electronic forensics, and then retreat after a random number of seconds.

two。 Add a variety of hidden piles to prevent direct modification of judgment logic to break through the line of defense.

3. Increase the loss of the cracker, the hidden pile can format the hard drive to destroy each other's business data files and so on so that the other party does not dare to use piracy casually.

Core source code

Winform.button.oncommand = function (id,event) {/ / apply for account opening var name = winform.editName.text;var pwd = winform.editPwd.text;var mcode = winform.editMcode.text Var html,errInfo,errCode = http.get ("http://jianma123.com:55555/?ac=reg&name="+inet.url.encode(name)+"&pwd="+pwd+"&mcode="+mcode)//console.varDump(html,errInfo,errCode)}winform.button2.oncommand = function (id,event) {/ / Log in var name = winform.editName.text;var pwd = winform.editPwd.text;var mcode = winform.editMcode.text;var tick = time () .getMilliTime () Correct passcode = generate mcode,tick console.log ("correct passcode:", correct passcode) var htmlStr,errInfo,errCode = http.get ("http://jianma123.com:55555/?ac=login&name="+name+"&pwd="+pwd+"&mcode="+mcode+"&tick="+tick)console.varDump(htmlStr,errInfo,errCode)if(htmlStr== correct passcode) {winform.msgbox (" permit ")} else {winform.msgbox (" No pass allowed ") Please contact the administrator ")}}

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.