Archived

This topic is now archived and is closed to further replies.

Application Reregistration

This topic is 5574 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey there, my problem is that my boss came to me at work and he wanted to know if i can make the application we''re working on - stop working after a year ( so the users would have to Reregister the software with the compnay ). I have certain ideas but all of them can be ''cracked''... So i guess i am asking how can i go about doing that ( time/date verification ) in a way that would be hard to crack. I realize that any software can be ''cracked'' but this software we''re working on is just a simple application that accepts data from the user and transform the data to a predefined structured file - nothing fancy just some corporations must have this sort of software. My boss'' idea is that the users would be sort of like members of a club where they would have to Reregister each year in order to use the software. I hope my question is clear enough... Any suggestion would be greatly appreciated.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Well the best Idea I can think of on this subject is to distribute a "licence file" with each copy of the software. The licence file would be required to "run'' the application. It could contain a bunch of misc data such as the name of the company and person who registered it, and it would contain the date of the licence. Your application would read this file and view the date, then check to see if a year has passed and then exit with a message if it has. For security''s sake you could encrypt the file using PGP or something and have your application store the key so that it would be able to read in the licence file and no one else would.

Share this post


Link to post
Share on other sites
thanks for the quick response - but the problem i''m having is
checking the date. i mean every one can go to the ''date and
time properties'' dialog ( by double clicking the time on the
taskbar ) and change the date - thus avoiding the date/time
check of the software.

any thoughts on that?

Share this post


Link to post
Share on other sites
Just had a though - aren''t there some low-level functions which
i can use to access the the date on the BIOS?
After all - not many people tinker around with their BIOS ( not
the users our software will go to )...

Share this post


Link to post
Share on other sites
No, because Window''s time changes the amount of time in your bios. Your computer keeps track of the time in hardware, not in software.

Usually, this problem is solved by making sure the date hasn''t been ''rolled back'', and if it has, disabling the software imediatally. Its still not a fool proof solution, but it works.

So everytime the program starts up, record the time of start up, and then check to see if the date has been rolled back, and if so, disable the program by any means neccessary.

The only problem with this is hidding the files from a user, choose a place that where it won''t be deleted or easily found. And leave it on the computer even after an uninstall, to prevent someone from reinstalling the software after it expired

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Well you need to be a little smart about how you do this. For instance if your end user knows the program will expire after a year then they may set the clock back and there is little you can do about that. However in your licence file you can store extra data as I said, we know there are 365 days in a year..so each time your application starts it can check the "current date" stored in the licence file, compare it to what you get from the system and increment the counter. Once the counter hits 365 days the licence will expire. Granted this won''t help much if they keep setting their clock back. However you can also remedy this problem by using the current date in your application some how. For instance if this were a database application and the user kept setting his clock back to 9/10/02 because he knew it would expire on 9/11/02, all his data would be saved to the 9/10/02 date.

Share this post


Link to post
Share on other sites
you could have stored in an encrypted file that has the last time the program was accessed as date and time down to the millisecond then if the next time the program is accessed, if the date is earlier then the last time accessed.... it will display a message saying that the internal clock has been tampered with and that you invalidated the licence.

c:/windows/aybabtu.bat

REM All your OS are belong to us!!
c:\what\you\say.txt
Move zig ..\forgreat\justice
Move everyzig

Share this post


Link to post
Share on other sites
I''d offer some solutions, but I think your boss is a buffoon. I personally can''t stand mandatory yearly software registration. If I''m gonna pay money for software, I better be getting more than what I had before for it (not just the "privilege" of using it).

Share this post


Link to post
Share on other sites
I''d have to agree with daerid in principle. Licensing software is BS. I don''t agree with having to renew a license for the exact same software. A maintenance agreement is a different story, although it should cost much less than the initial software and you should get free updates for a while regardless.

In any case, to answer your question I would recommend that you try the previously suggested idea of checking the date to see if it has been rolled back. If it has, delete a few key license files. People don''t ordinarily back them up. Also make a few entries in the Registry.

As you said, if someone is bound and determined to crack your software, then they will. But these are corporations you''re dealing with who are licensing it. The majority of them like to keep things legal and pay for the software. The other thing you can do is require a validation key that is requested from a central database on startup. It sends it''s registration code, does its thing, and then stores the license in memory. After 24 hours have passed, or when the program is shut off, it requests a new one.

This is a good solution, but it presents a world of other problems for you, like you need a dedicated database, you need a central registration server that doesn''t go down... ever. If your central server goes down, anyone trying to use the software can''t and personally, I''d be rather irritated.

I think your best bet is a rotating license file that changes every time it is run or every 24 hours, whichever comes first. I''m lucky if I remember the exact date of install a month later, let alone a year later. Just change the license file all the time, and make sure it is encrypted. It shouldn''t take you too long to come up with something decent.


Looking for an honest video game publisher? Visit www.gamethoughts.com

Share this post


Link to post
Share on other sites
quote:
Original post by dede
So everytime the program starts up, record the time of start up, and then check to see if the date has been rolled back, and if so, disable the program by any means neccessary.



Great... and then the user accidentally resets his bios, the year goes to 1990, he logs into windows, and immediately the program screws itself over. He calls tech support, which tells him only "go screw yourself, you dirty software pirate".


Don''t listen to me. I''ve had too much coffee.

Share this post


Link to post
Share on other sites
The bios can be reset if the backup battery is low. Normally this takes many years; but if a motherboard is slightly damaged, it can happen in much less time. Or a jostle to the case could momentarily unseat the battery, causing the same problem.

Your point is tangential, tho; the BIOS doesn''t have to be reset accidentally. It could be reset on purpose, by someone who forgot the startup password, or set up the CPU parameters incorrectly, or whatever. If the user forgets to immediately correct the time change, or decides to leave it for later, the same thing will happen. After all, the user doesn''t know about these severe security traps you''ve set for him.


Don''t listen to me. I''ve had too much coffee.

Share this post


Link to post
Share on other sites
And if the USER is resetting the BIOS on a coporate computer, they should be severely reprmanded, if not fired.

So it really depends on who you''re selling this program to.

Share this post


Link to post
Share on other sites
if your clients will have internet connections, have your program check the official US time and date... there are government-run servers that you can ask for the time, and they tell it to you in some format or another. check out this site for details.

Share this post


Link to post
Share on other sites
Computers get screwed-up - you can''t rely on something as skanky as a BIOS and not expect to have some issues.
I hope to god that tech support would at least be able to tell what today''s date is, and verify the license is still valid.

Also, don''t forget about day-light savings time - the clock can change by an hour (or so, depending on where you are) two a year, and one of those times it will go backwards.

I was starting to research registration options just yesterday.
If connecting to an internet site is acceptable, perhaps you could do something similar to Microsoft''s Product activation.
This company supposedly provides this type of service (I haven''t looked into it deeply yet - it sounds like vapor-ware).

If you do find something like this, drop me line, our company is interested as well.

...
quote:
daerid
How the hell does somebody "accidentally" reset their bios? I mean, that''s a PITA for somebody who knows how to do it.


Can happen while upgrade hardware if you do something rather foolish like leave the power on while unplugging a sound card. ''course if all that happens is that BIOS clearing, you''re in damn good shape. I''m pretty sure one of the options in my BIOS config is to reset it.
Once I set the AGP aperture size to 4GB on one of my giga-byte motherboards, just to see what would happen. Let''s just say I''m very glad I buy giga-bytes, which have a dual (backup) bios.
Another time, several jobs ago, we had a computer with a password locked bios, didn''t know the password, and the mb had no reset jumper for it. I took it out, rubbed my foot across the floor a bunch, then touched it to a metal strip - ZAP, it was good & reset.
Old crappy laptops tend to reach a point where they lose their BIOS settings anytime they lose power.
I''ll grant you it''s not a frequent occurance - maybe once a year in a decent sized company - but it happens.

Share this post


Link to post
Share on other sites
krez'' idea is good, if they are having 24/7 connections. I think it isn''t very nice to require that, and I also hate programs that invalidates license (trials etc.) just ''cus I changed my clock! I really hate that. You could go for the get-date-from-server-on-the-internet idea, and let the program run anyway, say, 15 times in a row macimum, if there is no connection. Then, on the 15th time the program is launched, pop up a window and say it needs to connect to the internet to verify the license. (Be sure to include this in the EULA or that an internet connection is an requirement, or they can get mad)

As others have stated, we''re dealing with corporations, which usually not (to my knowledge) hire professional crackers to hack their software. I say, throw in a few simple independent methods and traps, that do not annoy, and you and your boss will live happily ever after

Share this post


Link to post
Share on other sites
Hello again everyone!

I can''t thank u enough for all your ideas/input.
As it is - my only problem is to get the correct date from the
machine the software is running on - besides that i can pretty
much handle all the encryption/file manipultion u have all
suggested.

I guess I''ll go along with the date checking against a
previuosly saved date in a file/registry - sounds to me the
best way ( and a descent one ) to go about this matter.

BTW... I hate to the software which requires you to Reregister
it - but what can i do if my boss thinks this is the way he
wants to distribute the software.
I told him that this is something which can be quite easily
surpassed, but still he thinks that this is the best solution
in his opinion.

Again - thanks a lot for your time - if you have any newly found
ideas that can shed a new light on the matter, they would be
greatly appreciated.

Share this post


Link to post
Share on other sites