Differences

This shows you the differences between two versions of the page.

--- playground:servers [2025-05-14 16:33] – [Fingerprinting] geek
+++ playground:servers [2026-01-08 03:21] (current) – [Licensing Server] Write about unmanaged keys geek
@@ Line 19: / Line 19: @@
 It is also possible that in some jurisdictions, users of any software you create that bundles the AutoHotkey interpreter may also have the right to enforce the GPL v2.0 license against your software. In California, the ongoing case of SFC v. Vizio argues that any third party who stands to benefit from a GPL license being enforced has the power to enforce the license.
-Keeping all of this in mind, the only legally sound way to distribute closed-source software written in AutoHotkey appears to be to distribute it separately from the AutoHotkey interpreter entirely. This would require your users to first install AutoHotkey on their own before choosing //themselves// to integrate it with your script by running the script with the interpreter.
+Keeping all of this in mind, the only clearly acceptable way to distribute closed-source software written using the official AutoHotkey interpreter appears to be to distribute it separately from the AutoHotkey interpreter entirely. This would require your users to first install AutoHotkey on their own before choosing //themselves// to integrate it with your script by running the script with the interpreter.
 ==== Alternate Interpreters ====
@@ Line 92: / Line 92: @@
 Network card MAC addresses: ''%%Getmac /NH >> info.txt%%''
-===== Oracle Free VPS =====
+Computer System Product UUID (This is used to identify an OEM PC, it may be generic for custom built PCs or VMs):
+<code autohotkey>
+MsgBox ComObjGet("winmgmts:").ExecQuery("Select UUID from Win32_ComputerSystemProduct").ItemIndex(0).UUID
+</code>
+MachineGuid (This is used to identify a Windows installation, but can be spoofed or cloned sometimes even by accident using tools like CloneZilla):
+<code autohotkey>
+MsgBox RegRead("HKLM\SOFTWARE\Microsoft\Cryptography", "MachineGuid")
+</code>
+===== Licensing Server =====
+To effectively manage license keys, you generally need to run a server of some type. This server will hold the database and check that any presented licensing information is valid. There are free options for running servers online.
+As an alternative, you could instead build your script to use unmanaged keys. These are keys that are only checked locally using cryptography instead of getting checked against the server. These types of keys can either be generic, meaning that they can be used on any PC, or they can be derived from the fingerprint, meaning that they can only be used on the PC that they were generated for.
+Without a server, it is impossible to track whether a generic key is being shared between users. A derived key is harder for users to share because it must match the system fingerprint, but it does require you to collect the fingerprint //before// you can issue the key which makes key generation harder. With both types of unmanaged keys, if the key does get abused (for example, someone shares their key on a forum) it is not possible to revoke the key.
+==== Oracle Free VPS ===
 You must register with your legal name, address, phone number, and link a valid credit card (you shouldn't be charged).
@@ Line 100: / Line 117: @@
 Create an ingress rule, CIDR 0.0.0.0/0 destination port range 80 https://dev.to/armiedema/opening-up-port-80-and-443-for-oracle-cloud-servers-j35
-==== Pay as You Go ====
+=== Pay as You Go ===
 Instance creation is subject to availability at the time you're creating the instance. Priority is given to "pay as you go" accounts, which you can upgrade to under "Bill & Cost Management > Billing > Upgrade and Manage Payment". After upgrading, you can still use "always free" resources as long as you keep them under the free limits. Any usage in excess of the limits will be billed to you. Upgrading requires you have at least $100 free on the linked credit card for a temporary hold, which will be refunded immediately.
@@ Line 108: / Line 125: @@
 Account upgrades can take some time, so please be patient! For me, it took a little over six hours to complete.
+==== Authentication Strategies ====
+Once you have installed a suitable VPS to act as your authentication server, you will need to consider what authentication strategy you will use. The two main strategies are HTTP Basic Authentication, and custom authentication built using a server-side program like PHP.
+=== HTTP Basic Authentication ===
+Basic authentication from the HTTP protocol allows you to require a username and password to be given in order to access resources from the web server. By assigning each user a username and password, your script can provide those credentials when trying to request a validation file from the server.
+Fingerprinting information can be used with this authentication scheme. However, the fingerprint will be merely concatenated onto the password such that if any part of the fingerprint changes, the credentials will be invalid. This is less useful than custom authentication.
+=== Custom Authentication ===
+Custom authentication requires installing server-side software like PHP that can listen to requests made by your script and respond depending on the information your script provides in the request. Your script will make a request to the server providing the username and password, as well as each individual fingerprint component. The server can allow individual components of the fingerprint to change according to rules you decide, and keep track of those changes over time in a database.