how do i verify that a php web app received correct response from java?

Generally DRM is difficult, like VEEERY difficult, like not ultimately possible, every game gets cracked at some point and the DRM protection gets removed. E.g. if someone can “override curl functions” he surely can just change one of the php files to not call the API at all and remove any further check that would rely on the API having been called.

Removing the java and php terminology and instead using just “client” and “server”, you want to ensure the client has a valid license to fully operate. You do that by calling a server. One of the golden rules is: never trust the client. Because the client can always be tampered with.

Now there are two kinds of applications you can think about: online vs. offline applications. Online applications need server communication to work, e.g. in a multiplayer game.
Offline application do not need server communication to work but only to authenticate. In the offline application environment you are generally out of luck because the client can just be changed to not call and not care about the licensing checks. Yes you can add some tools that obfuscate the code, or do some fancy stuff with it but at the end of the day it will still be code, some of the steps will be reversible and the result will be changeable. See. e.g. ioncube decryption in seconds 😀
In the online application environment you can rely on completely normal login procedures: in the most basic sense for every regular interaction the client wants to make with the server the license token has to be sent along. If the token is invalid the server responds with an error code, end of story.

CLICK HERE to find out more related problems solutions.

Leave a Comment

Your email address will not be published.

Scroll to Top