How to protect software from system date-time changes?

Question

I would like to add licensing system to application. For example: user buys license for 1 month and after that program expires (Kinda Anti-Virus style?).

Problem is that application is supposed to run in systems which may or may not be connected to internet, so how to protect from date-time changes?

Storing app startup and close times in encrypted file won't work as date can be changed (with program uptime of 8 hours per day, would be possible to extend license to almost 300% in ideal case - change time to app close time + 1 second before launching program).

Another question - is there any way to protect from software like http://en.wikipedia.org/wiki/Deep_Freeze_(software)? (maybe scan drivers?)

EDIT:
I'm currently using smart card to store licensing information and will use code virtualizer on critical functions (I know about making breakpoints on API calls and inspecting passed data - don't need to hide that data, just to ensure things go as planned)

Are you trying to create a protection that cannot be bypassed/cracked? You simply can't. It's just a matter of deciding how much effort you'll put into the protection. — Allon Guralnek, Aug 04 '10 at 09:50
I understand there is no such thing as complete protection, however I would like to decrease that 300% in some way. — Im0rtality, Aug 04 '10 at 09:57

score 22 · Answer 1 · answered Aug 04 '10 at 09:22

22

Yes, it would be possible to extend the license by up to 300% but at great effort to the user. Frankly if someone is going to spend every day of a month resetting their time to one second after they quit your program before starting it again to use it longer, there is nothing you are going to do about it, and the time you take to stop them will cost you more than they ever will.

answered Aug 04 '10 at 09:22

Woody

5,052
2
22
28

1

Sure the program is expensive. Thus, buyers are one who know how to count money. Time is money. Specifically, their time is money, rather more and a lot more expensive than the license. Why do they spend their expensive time in such a vain? – sanmai Aug 15 '10 at 16:34

score 19 · Accepted Answer · answered Aug 10 '10 at 04:06

19

Step 1: Create trial_tracker entry in an encrypted format in a windows registry and in file.

Step 2: Assign app install timestamp ( yyyy-mm-dd-hh-mm-ss ) to trial_tracker

Whenever app starts, check if current system timestamp is greater than trial_tracker and less then expected expiry date

If yes, update trial_tracker to current system timestamp and continue.
If no, trial_tracker has been tampered or trial time expired. Ask user to purchase full version or exit.

Note: User can get away with this by deleting windows registry entry and encrypted file.( if he is able to find them ). In such case, further checks can be added. For example create secondary windows registry entry which checks for existence of primary registry and encrypted file.

Along with these, additional remote checks can be applied which depends on internet connection ( optional )

answered Aug 10 '10 at 04:06

Harsha Hulageri

2,810
1
22
23

2

It's trivial to find registry entries added by a program with a hook on RegOpenKeyEx. – Clark Gaebel Aug 12 '10 at 02:48
1

Well, it might be possible to create that encrypted file during installation and checking file contents on each program start. If file is deleted tell user that he's not licensed to use it and exit. What would be weak points of this? – Im0rtality Aug 13 '10 at 06:37
The weak point would be the encryption: unless you make a requirement for Internet access during install (and you keep up an online service to encrypt licensing files), you'll have no key to encrypt the file with (more exactly you'll have no key the user cannot get to). – Remus Rusanu Aug 16 '10 at 01:23
What about generating key on the fly and hiding algorithm under Code Virtualizer? – Im0rtality Aug 16 '10 at 08:04
2

What if the user changes the date before the trial period end.? how to check for that.? – S Andrew Jan 25 '17 at 06:59

ZXX · Answer 3 · 2010-08-17T05:30:12.647

Reputable game development manager stated once in a conference that it's impossible to protect software for longer than a month even with internet connection - if your software is popular :-) So you can just write software that no one wants and it will be as safe as you want :-)))

If on the other side you write reasonably popular software then you couldn't care less if a small percentage of paying customers snitch some extra time - they'll renew a week latter anyway. If you really want to do short time licensing you have to put internet as a pre-requisite. It's still going to be cracked in a month if it's good for something :-) but paying customers will by and large remain paying customers with reasonably light enforcement.

If however you piss people off by doing intrusive and scary things then you'll loose paying customers and create much bigger motivation for ppl to crack it.

score 5 · Answer 4 · answered Aug 09 '10 at 19:54

5

Create a windows service that gets installed with your app, but is auto-start. Keep track of elapsed time and offsets there. Provide an API for your app to talk to the service to query usage/elapsed time.

answered Aug 09 '10 at 19:54

Andrew Lewis

5,176
1
26
31

+1 for idea we didn't thought – Im0rtality Aug 10 '10 at 07:48
15

This might work, but if I found out that your app was installing autostart services on my machine just for licensing I would be mad and either have even more incentive to pirate it or switch to a competing solution. – Nate Aug 11 '10 at 15:42
Can you give an example how would a service keep track of elapsed time? Modern CPUs change frequency/ticks with load and battery status, systems go into hibernation, and you cannot trust the system clock. How will your service tell time and not go adrift? – Remus Rusanu Aug 16 '10 at 01:19
1

@AndrewLewis I wish I could downvote a hundred times. How could one even think about spamming ones customer's computers like this. Really, I could cry. If you really do this with your customer's computers... no words. – tmighty Feb 21 '18 at 07:45
@tmighty lol, no I haven't ever done this, nor would I ever. But it is one solution to the problem. Admittedly not the best one. – Andrew Lewis Feb 27 '18 at 04:21

score 2 · Answer 5 · answered Oct 03 '12 at 06:29

From your program you create a log of time when the app is launched and exited.The log is encrypted and prevent the common user to trick its content.

With this log, you can see if time elapsed normally that is time goes to the future. If not then something fishy is occurring on this system. In this case display a dialog box with a phone number where they can call you.

You could also ensure via a data file that the program can run for one month only after that as the said data file don't contain the data to work for the following month, this requires an update.

The idea is that time is flowing linearly to the future, it can only increase the counter from the launch date and external data is required for the program to run in the future so you've created a dependency relationship on updates. This last strategy is what Microsoft and co used and they call it security updates / patches...

score 2 · Answer 6 · answered Aug 04 '10 at 09:59

2

I assume the software phones home at least once to let you know the license key has been bought / installed / extended?

After the time has ran out since they bought the license key and they haven't purchased another you could contact them and ask them how they are getting on and to let them know they need to renew. If they do choose to abuse your system a simple call to chat about it may be enough to get them to stop.

answered Aug 04 '10 at 09:59

Toby

8,483
13
45
68

Glad I could be of some help. I am not sure my solution would scale well due to the manual aspects of it but of course you could streamline the reporting. – Toby Aug 04 '10 at 10:28

score 2 · Answer 7 · answered Aug 09 '10 at 19:50

Maybe you could combine the use of the date/time with the tick count? Then if you see a date/time with an incompatible tick count, you could flag that as a violation. This would change your worst case scenario to require them to restart the machine whenever they want to manipulate the clock to abuse your license.

score 1 · Answer 8 · answered Aug 10 '10 at 04:13

You shall decrease the time elapsed between checks. Instead of checking only at application startup and application shutdown, you shall check every 5, 10 or 15 minutes using a timer or a background thread. In this way the user cannot change time (because the software will stops in few minutes).

However, I'd prefer to pay a software that I need instead of not having the correct date/time on my machine.

Allon Guralnek · Answer 9 · 2010-08-12T09:09:12.250

Enable Privilege Use logging (in the installation process) and then check for a time changed event in Windows' event log, as explained here:

http://www.stevebunting.org/udpd4n6/forensics/timechange.htm

You can then deduct the time difference from the license (rather than void the license, since some system clock changes are legitimate).

NOTE: This will not protect from changes of the system clock when changed from the BIOS.

score 0 · Answer 10 · answered Aug 12 '10 at 02:47

0

Create a Windows driver that starts on boot, grabs the system date-time, and runs until shutdown, tracking the time independently from Windows [ sleep(1000); ++time; ].

When your application starts up, check that the service is running, and check the date-time! Compare it to the date-time you were installed on, and you can figure out if you've expired or not.

Note: If any application did this, I wouldn't install it in the first place. If I WAS tasked with cracking it, it would be trivial. There is no way to prevent reverse engineering. NONE. It WILL get cracked no matter what. And when it does, you're going to regret putting any time into this.

answered Aug 12 '10 at 02:47

Clark Gaebel

17,280
20
66
93

As a user, I don't really like any software which installs additional low level stuff - I can't really know what it does. So, in general, I shouldn't even pay attention to protecting my application, because every protection can be disabled? – Im0rtality Aug 12 '10 at 08:00
3

Rather than use a driver/service, the app could do that kind of manual time keeping in a worker thread instead, and see if the time gets out of sync with the system clock. Also, the OS issues WM_TIMECHANGE notifications whenever the clock is changed, so the app can look for those as well. – Remy Lebeau Aug 12 '10 at 08:29
Same question that goes for Andrew Lewis goes here: how would a driver/service/thread know *how much time* has passed? `sleep(1000);++time;` would drift out of sync with a real clock in just a few minutes. In a day, you'd be off by hours. – Remus Rusanu Aug 16 '10 at 01:25
You could sync (if difference isn't too big) internal counter with system time value each... 10 secs? – Im0rtality Aug 16 '10 at 08:06

score 0 · Answer 11 · answered Aug 14 '10 at 13:03

You are putting too much effort in the protection itself.

Instead your trial software should contains annoying limitations that will not prevent your users to evaluate it but will certainly prevent them from using it for business.

score 0 · Answer 12 · answered Aug 15 '10 at 17:15

0

Maybe you could offer this software as a service if you are so worried about enforcing the licence?

answered Aug 15 '10 at 17:15

silvo

4,011
22
26

score 0 · Answer 13 · answered Aug 15 '10 at 18:58

One way to do is to store the current time and date of software download in an encrypted file that should be used along with the package.

Another way is to store file in the user computer and keep checking with your hard coded date in the software with that file.

How to protect software from system date-time changes?

13 Answers13

Linked