I would like something real basic.
30 day time limit on software.
No problem if it's crackable.
I was thinking:
1. Store date when program is first run in the registry
2. Check that date whenever program is run and display message when current date equals or exceeds 30 days.
Or store date in a file deep in a directory that all users have access to.
Other ideas appreciated.
Permutations to this sort of thing can seem infinite, therefore, which platform are we speaking of and how secure does this information have to be. As an example, one of my apps records an encrypted date so you can't backdate the system as to prolong the trial period.
I am running XP.
I would appreciate any help.
I'm not a proponent of using the registry as by simply using REGEDIT or similar type program, you don't have to be a rocket scientist to figure out what's going on.
Probably the simplest approach would be use GetSystemTime and stuff it in the data file and do a simple comparison each time the file is opened.
another option would be DosDateToFileTime. For anyone looking into a data file, this number wouldn't immediately be obvious what its purpose is
So the options are as I see;
1. Create a registry key
2. Modify PE header on installation so 32 bit datestamp reflects when app was installed
3. Embed in data file.
Number 3 is the one I would go with and then from that point determine how quirky you want to make the app. Nothing is impervious to being hacked, but on the same token, you don't have to make it easy. I've designed algos that were so meaningless to the point of 90% was BS as to drive a hacker nuts trying to figure out what was meaningful and what wasn't.
Thanks Tight_Coder_Ex.
# 3 sounds good.
So, I could get the date, encrypt and write it to a file?
Andy
Quote from: Magnum on December 09, 2010, 03:51:02 PM
So, I could get the date, encrypt and write it to a file?
I guess it depends on your definition of crackable, keeping in mind an avid hacker can get into most anything given time. One method I've used is as follows;
1. A new user is determined by creating an empty file for the first time
2. Then user is queried for a personal or company name that always show up somewhere on the app
3. I calculate a 32 bit number by stripping the MSB from each character leaving (0-25) adding to prev value and then shifting everything left 3 bits
4. As soon as bit 31 is true I XOR this with the peviously calculated value and then save, this happens for every 8 to 10 characters.
5. Then I get the time derived from time() in LIBC and this becomes the marker for when the file was created.
6. Everytime the file is opened, current time is compared to that time and thereby you can determine your expiry. In your case 30 days
7. The time is passed to steps 1 - 4, thereby determining the user has either changed the time or users name. In either case the program should fail.
In that case I never give any warning as I assume one would e-mail me and ask what is wrong and by sending me the file I could determine they tried to change something.
I will start with 2.
So, store the company name etc. in the app. (.data section or in the code)
Does the 32 bit number go in the .exe too or in the created file?
Just in the data file, but while application is running, that name would appear in the title or status bar as an indication of ownership or authority to use.
Playing around with the executable could trigger a virus detection, even though there is room in PE header.
I don't think conceptualization is of any value in this forum, so we should probably use our e-mails for this and then as the application develops post results in "The Laboratory" were others can learn, share or contribute.