License file issue

Question

I have included a time bomb within my software but have encountered an issue. My software works in the following way - if the network is available then connect with my server and provide a valid license key (if a valid key is produced then generate a license file which stores the expiry date and last run date) and if the network is unavailable (maybe a user isn't given access to the internet) then they email us with a code (which is based on some unique identifier for the machine in question) and a license file will be sent back to them. The issue I have is that the license file could be copied and then pasted into the appropriate directory when the software has expired -allowing a refresh of the license (supposing the machine is not connected to the internet since i can pull the time from an ntp server and that the machine time is set to some date in the past for which the software would have been valid). How can I get around this issue?

Thanks

if the license contains an expiry, a copy does should not matter if it contains the same expiry date as the other (tracking **anything** like a Last Run is problematic because they just have to set back the date each time they run it - or find and "fix" the compare value). In cases when you cant use NTP, there are several ways to approximate the date from Windows. Also you should start accepting/upvoting answers you get. — Ňɏssa Pøngjǣrdenlarp, Feb 24 '14 at 17:18
Tracking last run date is used to ensure that the user does not set the date back when the software is run. How would you suggest approximating the date from windows? — thehoten, Feb 24 '14 at 19:38
Last Date Run ensures nothing if they set the clock back before running the app - except with honest users. Writing to a license file it also makes it more difficult to 'lock' it with a CRC or signature since you are updating it. You really just need to compare an embedded expiry with the best current date you can get. — Ňɏssa Pøngjǣrdenlarp, Feb 24 '14 at 21:02
You can stop the software running if you check if last_run_date-current_date<0 when the software is loaded- so they can't move time backwards and operate the software — thehoten, Feb 25 '14 at 10:41
But if you write to the License file, all sorts of things unravel: you cant check a hash signature on the contents without revealing things like where it is, what it is and what the private key is. With that, its easy for someone turn churn out licences all they want. If it **isnt** sealed with a hash sig. you might as well not bother. DateNow > LastRun is nice, but comes at a big cost. — Ňɏssa Pøngjǣrdenlarp, Feb 26 '14 at 05:10

score 1 · Accepted Answer · edited May 23 '17 at 12:28

Well every solution will be just a workaround. As mentioned in older StackOverflow - question here and here there are two approach i would consider:

You could create a log file or (encrypted) registry-key which contains a Date-checker and will increment the date as long it's everything legit (System Date is not older than "Last Run Time") and valid (License valid).
You could read the windows log and search for time-changes and additional use the log for Date Check.

As you see: Both have still some flaws and with enough willpower can be overcome.

License file issue

1 Answers1