News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Something simple

Started by Magnum, December 09, 2010, 11:48:14 AM

Previous topic - Next topic

Magnum

I would like something real basic.

30 day time limit on software.

No problem if it's crackable.

I was thinking:

1. Store date when program is first run in the registry
2. Check that date whenever program is run and display message when current date equals or exceeds 30 days.

Or store date in a file deep in a directory that all users have access to.

Other ideas appreciated.

Have a great day,
                         Andy

Tight_Coder_Ex

Permutations to this sort of thing can seem infinite, therefore, which platform are we speaking of and how secure does this information have to be.  As an example, one of my apps records an encrypted date so you can't backdate the system as to prolong the trial period.


Magnum

I am running XP.

I would appreciate any help.

Have a great day,
                         Andy

Tight_Coder_Ex

I'm not a proponent of using the registry as by simply using REGEDIT or similar type program, you don't have to be a rocket scientist to figure out what's going on.

Probably the simplest approach would be use GetSystemTime and stuff it in the data file and do a simple comparison each time the file is opened.
another option would be DosDateToFileTime.  For anyone looking into a data file, this number wouldn't immediately be obvious what its purpose is

So the options are as I see;

   1. Create a registry key
   2. Modify PE header on installation so 32 bit datestamp reflects when app was installed
   3. Embed in data file.

Number 3 is the one I would go with and then from that point determine how quirky you want to make the app. Nothing is impervious to being hacked, but on the same token, you don't have to make it easy.  I've designed algos that were so meaningless to the point of 90% was BS as to drive a hacker nuts trying to figure out what was meaningful and what wasn't.

Magnum

Thanks Tight_Coder_Ex.

# 3 sounds good.

So, I could get the date, encrypt and write it to a file?

Andy
Have a great day,
                         Andy

Tight_Coder_Ex

Quote from: Magnum on December 09, 2010, 03:51:02 PM
So, I could get the date, encrypt and write it to a file?
I guess it depends on your definition of crackable, keeping in mind an avid hacker can get into most anything given time.  One method I've used is as follows;

   1.  A new user is determined by creating an empty file for the first time
   2.  Then user is queried for a personal or company name that always show up somewhere on the app
   3.  I calculate a 32 bit number by stripping the MSB from each character leaving (0-25) adding to prev value and then shifting everything left 3 bits
   4.  As soon as bit 31 is true I XOR this with the peviously calculated value and then save, this happens for every 8 to 10 characters.
   5.  Then I get the time derived from time() in LIBC and this becomes the marker for when the file was created.
   6.  Everytime the file is opened, current time is compared to that time and thereby you can determine your expiry. In your case 30 days
   7.  The time is passed to steps 1 - 4, thereby determining the user has either changed the time or users name.  In either case the program should fail.


In that case I never give any warning as I assume one would e-mail me and ask what is wrong and by sending me the file I could determine they tried to change  something.

Magnum

I will start with 2.

So, store the company name etc. in the app. (.data section or in the code)

Does the 32 bit number go in the .exe too or in the created file?
Have a great day,
                         Andy

Tight_Coder_Ex

Just in the data file, but while application is running, that name would appear in the title or status bar as an indication of ownership or authority to use.

Playing around with the executable could trigger a virus detection, even though there is room in PE header.

I don't think conceptualization is of any value in this forum, so we should probably use our e-mails for this and then as the application develops post results in "The Laboratory" were others can learn, share or contribute.