How to protect application copyright information on Symbian
This article explains a method to check at runtime that your application copyright information, as defined in the application PKG file, has not been modified (by hackers etc.).
Article Metadata
Code Example
Tested with
Compatibility
Platform Security
Article
Contents |
Introduction
As a developer / publisher you always worry that your application SIS(X) file will be distributed illegally, and that your copyright information will be removed or modified (this can be done quite easily by unpacking your file using tools like SISContents and then repackaging it).
This article shows how you can query the package file information at runtime and confirm that it matches the values expected. This information can then be used to disable the app or to use other methods to encourage purchase of a legal version.
Prerequisites
Unzip the following files over your SDK: File:SISRregistryClient Libraries.zip
These are obtained from the Symbian^3 open source code (Symbian PDK 3.0.4)
Source code
MMP File - required libraries
LIBRARY sisregistryclient.lib
.h fiile - required headers
#include <sisregistrysession.h>
#include <sisregistryentry.h>
Call the function ValidPkgL() when your application starts to check whether your installed application information found in the PKG file is original or altered.
TBool CAppUi::ValidPkgL()
{
TBool ValidPKG = ETrue;
Swi::RSisRegistrySession iSisRegSession;
if (KErrNone != iSisRegSession.Connect() )
{
return ValidPKG;
}
CleanupClosePushL( iSisRegSession );
RPointerArray< HBufC > packageFiles;
CleanupClosePushL( packageFiles );
//Add here you application UID to access your installed application PKG file.
const TUid packageId = TUid::Uid(0x00000000);
Swi::RSisRegistryEntry packageEntry;
if( KErrNone == packageEntry.Open( iSisRegSession, packageId ) )
{
CleanupClosePushL( packageEntry );
if(packageEntry.PackageNameL()->Alloc()->Des() != _L("Add here your application name as in your project PKG file, to check its validity."))
{
ValidPKG = EFalse;
}
if(packageEntry.UniqueVendorNameL()->Alloc()->Des() != _L("Add here the vendor name as in your project PKG file, to check its validity."))
{
ValidPKG = EFalse;
}
if(packageEntry.LocalizedVendorNameL()->Alloc()->Des() != _L("Add here the localized vendor name as in your project PKG file, to check its validity."))
{
ValidPKG = EFalse;
}
// Add here the application UID as in your project PKG file, to check its validity.
if(packageEntry.UidL() != TUid::Uid(0x00000000))
{
ValidPKG = EFalse;
}
// Add here your application version numbers as in your project PKG file.
if(packageEntry.VersionL().iMajor != 1 || packageEntry.VersionL().iMinor != 0 || packageEntry.VersionL().iBuild != 0)
{
ValidPKG = EFalse;
}
packageEntry.FilesL( packageFiles );
// Add here the number of the files to be installed by your original (*.Sis/x) file, to avoid other hackers adding new files to get installed during the installation process.
// For example (Application.exe - Application.rss - Application_reg.rss - Application_aif.mif - Application.mbm - etc.)
if(packageFiles.Count() != 5)
{
ValidPKG = EFalse;
}
// You can also go through each file name that are being (As it should be ) installed by your application file, and check its validity.
for( TInt pf = 0; pf < packageFiles.Count(); ++pf )
{
// packageFiles[pf]->Alloc()->Des()
}
packageFiles.ResetAndDestroy();
CleanupStack::PopAndDestroy( &packageEntry );
}
CleanupStack::PopAndDestroy( &packageFiles );
CleanupStack::PopAndDestroy( &iSisRegSession );
return ValidPKG;
}
Summary
This code above helps you to guarantee / save your application copyrights information from being altered by others in a very simple and effective way. In addition you can also use the code mentioned above to access other applications information exist in their PKG file, just as when you access these information via the built-in system application (Application Manager - Installations).
Contents
Hamishwillee - Subedited
Hi Ashraf
Great idea, and nice implementation. I have subedited this for wiki style.
In terms of improvement, what platform security capabilities does the use of the SIS registry require, and hence what signing - please add to the ArticleMetaData.
Regards
Hamishhamishwillee 04:32, 2 August 2012 (EEST)
Ashraf fawzy - Added needed Metadata
Hi Hamishwillee,
Thank you for the sub-editing, it's really suits the articles and strengths it.
I added the needed information (Capabilities: No capabilities required. Signing: Self-signed certificate) to the Article Metadata.
Which I think would make the use of this solution much more easier for developers/ publishers when they implement it in their applications.
My best regards,
Ashrafashraf fawzy 09:13, 5 August 2012 (EEST)
Babylongreece -
So all I need do I unzil the library in symbian sdk,add the header files into a project and define all the vendor info as stated in pkg in the header files.Is it that simple.babylongreece 19:26, 14 May 2013 (EEST)
Babylongreece -
Found out that the library is not public sdk in hard way so i already built it into symbian sdk but how to call validpkg() with qml?babylongreece 15:49, 15 May 2013 (EEST)
Babylongreece - Wiki edit
Link to symbian^3 source code is added to wiki.Refer "prerequisites"babylongreece 16:04, 16 May 2013 (EEST)