So, let's say i am working with a potentially unsavory employer and i wish to provide only a "trial run" of my software. I have an app in python turned windows executable through something like pyinstaller. Is there a way to make that app track internally how much time it has been run for and then brick itself permanently after a certain threshold? You could obviously use system time, but if one to figure that out, they can just rewind the system clock. Ideally, i would wish for .exe to have an internal "clock", but i doubt that .exe is capable of modifying itself dynamically. Is there a preferred "industry standard" way of doing this? No need to bother with payment processing, etc, just "works for certain time period" aspect.
Asked
Active
Viewed 34 times
0
-
1I think all you can do is obfuscate the protection. If they *really* want to, they can see what mechanisms your code uses (writing to secret locations, maintaining some clock, checking a remote server), and either bypass them outright, or do workarounds to reset the clock. – Carcigenicate Apr 08 '23 at 22:52
-
"Is there a way to make that app track internally how much time it has been run for and then brick itself permanently after a certain threshold?" Of course you can track that information, pretty easily in fact. It's generally not too hard to make programs overwrite their own files on Linux / MacOS - Windows' built-in protections might make this trickier, because it will think your program is a virus. However, in order to remember it across program runs, it would have to be recorded somewhere. Even if that record were within the executable file itself, it could in principle be found and edited. – Karl Knechtel Apr 08 '23 at 23:41
-
For that matter, they could simply save a copy of the original executable before ever running it, and copy it fresh to start over along with setting the system time. Or "image" the entire system to be a bitwise exact copy of how it was immediately after installing the program the first time. If your program requests a time from an external source like NTP, they can deny access; if the program requires that access for its functionality, they can emulate the NTP server. – Karl Knechtel Apr 08 '23 at 23:45
-
Thanks for the answers. It doesn't need to be overly complicated since people it meant to protect against aren't geniuses, but it still would be nice to have something more robust than just datetime.now(). I think writing that information to registry should more than suffice in terms of obfuscation, so i'll settle for that for now. – ExMachina Apr 09 '23 at 02:04
1 Answers
0
You can have the app request the time from NTP instead as these answers
It really just depends on how persnickety you want your program to be but you could do something as simple as record the start time of the trial from NTP and then use that as your reference.
If you want to get a bit more clever you could have the program encrypt the start time.
All of these things could be bypassed, you're just making it harder.
Grant Curell
- 1,321
- 2
- 16
- 32