[Possible bug] OnlineUnlockStatus::MachineIDUtilities::getLocalMachineIDs() and SystemStats::getDeviceIdentifiers() seems to give different values if the plugin is running on 32bit vs 64 bit, which has caused issues in my self-rolled validation system.
[Interesting backstory]. So, I make an ‘anime’ themed plugin. While searching for torrents of my plugin,
I noticed Team R2R made a crack for my plugin (They notoriously make anime themed keygens).
Due to them having similiar interests I guess, they actually left a note on the torrent about how to fix some of my security flaws and also point out this bug mentioned above, as well as a possible fix.
I figured I’d just leave their note and see if any of the JUCE dev’s think its worth noting or not lol.
One of the issues is caused by JUCE lib. There are many developers using that JUCE function and
having exact same issue. Check out the technical note below…
When [my plugin] verifies, you need 2 or more
matches are required to be activated.
- File ID of C:\Windows\System32 - JUCE bug!
- JUCE MachineID generated from file ID of C:\Windows\System32 - JUCE bug!
3, 4 has different values but they are generated from same file id.
Unfortunately, that file id based generation has serious flaw. The value
will be different between 32bit and 64bit. This is a bug of JUCE library but
never fixed yet since the beginning.
To JUCE committers ---------------------------------------------------------
This is because the access to C:\Windows\System32 from 32bit app will be
redirect to WOW64 dir. Before getting machine id, you need to disable the
redirect by using Wow64DisableWow64FsRedirection(). That’s how our 32bit
keygen makes possible to choose activation for 32 and 64bits!