program expiry date
Author
Hi guys - I'd like to build a time-based license protection system for my software and I was hoping someone could give me some hints, or point me in the direction of a decent tutorial / paper on the subject.
Pretty standard requirement really, based on the install date, software will expire... say within 30 days, or at an arbitrary date. Avoids system clock manipulation if possible...
Language is C++ in a win / unix environment.
Thanks for your help in advance :)
Quite simple really, you need to store the date of installation somewhere, and then check that date when you load the program.
There are tons of places you could store this info. In the registry, in a temp file, embedded in the exe, on a server database...
You could try using an online clock to avoid them setting back the system clock, but it will never be truly hack proof
There are tons of places you could store this info. In the registry, in a temp file, embedded in the exe, on a server database...
You could try using an online clock to avoid them setting back the system clock, but it will never be truly hack proof
People don't tend to write tutorials on how to do such a thing because it usually hinges on the method used being kept secret. If someone knows how you're doing it then it's a lot easier to hack. They pretty much all fall under "Security by Obscurity".
If there were any good method documented then pretty soon it wouldn't be any good any more.
I think everyone pretty much has to invent their own method.
Having said that, the "on a server database" is the safest method I'm familar with, but there's not much chance that it will apply to your application, and I can't tell you about it anyway.
Most schemes are just one branch instruction alteration away from being cracked.
If there were any good method documented then pretty soon it wouldn't be any good any more.
I think everyone pretty much has to invent their own method.
Having said that, the "on a server database" is the safest method I'm familar with, but there's not much chance that it will apply to your application, and I can't tell you about it anyway.
Most schemes are just one branch instruction alteration away from being cracked.
If a remote time server (NTP for example) is not an option for you, you could log the startup time of every run and check that time0 < time1 < time2 < ...
If that expression evaluates to False, a major clock skew has been detected and it's likely that the user has attempted to bypass your license terms.
If that expression evaluates to False, a major clock skew has been detected and it's likely that the user has attempted to bypass your license terms.
Quote:Original post by tori
If that expression evaluates to False, a major clock skew has been detected and it's likely that the user has attempted to bypass your license terms.
Or you've just past daylight savings.
Quote:Original post by greksterQuote:Original post by tori
If that expression evaluates to False, a major clock skew has been detected and it's likely that the user has attempted to bypass your license terms.
Or you've just past daylight savings.
A bug. An easteregg. A bug that is an easteregg. ... Easterbug!
(or, seriously, more like phase of the moon bug)
Quote:In the registryCool, just download a .reg to unlock it.
Quote:in a temp fileMy temp directory is on ramdrive.
Quote:embedded in the exeVery convenient to patch.
Quote:on a server databaseEven easier to hack, since it doesn't require patching the exe.
Quote:You could try using an online clock to avoid them setting back the system clock, but it will never be truly hack proofAgain, just write a 5 line NTP server that returns same time.
Unless the application is running on server, there isn't anything you can do. As soon as there is enough interest, crack will pop up. Put 'keygen' or similar into google.
There do exist third-party tools. They don't come cheap, but they are usually comprehensive enough that producing a crack is a time-consuming matter, and it's hard to thoroughly test that everything has been cracked. I see a lot of such schemes in CAD applications, and few of them, if any, ever get cracked. Despite a lot of interest, some of these schemes are so complex, that it's not viable to attack the scheme, but instead original keys need to be reverse engineered in one way or another.
Quote:Original post by AntheusYup.
There do exist third-party tools. They don't come cheap, but they are usually comprehensive enough that producing a crack is a time-consuming matter, and it's hard to thoroughly test that everything has been cracked. I see a lot of such schemes in CAD applications, and few of them, if any, ever get cracked. Despite a lot of interest, some of these schemes are so complex, that it's not viable to attack the scheme, but instead original keys need to be reverse engineered in one way or another.
The OP said "a win / unix environment". Doing it on one platform is *hard*, doing it on multiple is harder.
Products like Aresco's FlexLM / FlexNet can handle it as a pure software solution on multiple operating systems. Or you can use USB hardware dongles that must be present and are difficult to circumvent.
The nice thing about these products is not only that they help prevent unauthorized access, but you can develop your product to 'phone home' if they detect a security violation.
Even these very expensive solutions can still be cracked, but it is much harder to break than anything you could create on your own.
You have to think out two things:
- how much incentive will people have to crack your app?
- how much are you planning to invest in protection (time/money)?
VirtualBox running in skewed clock environment makes all software solutions, including spying of filesystem, very easy to circumvent. In the worst case hacker can save system image at some date and use the same image later, adjusting virtual OS clock.
Dongle and server, if implemented cryptographically correct way, are the only foolproof methods that cannot be circumvented without modifying the executable.
- how much incentive will people have to crack your app?
- how much are you planning to invest in protection (time/money)?
VirtualBox running in skewed clock environment makes all software solutions, including spying of filesystem, very easy to circumvent. In the worst case hacker can save system image at some date and use the same image later, adjusting virtual OS clock.
Dongle and server, if implemented cryptographically correct way, are the only foolproof methods that cannot be circumvented without modifying the executable.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
