How to make software expire on a certain date on Windows ?

Question

Hello,

I have a piece of Windows/C++ application which includes a hard coded expiry date, so that the release expires and stops running on a certain date like, 30 of august 2009.

Obviously the user can take back the system time to work around this limitation.

Is there a good way to stop my application running if the date has passed even though the user has taken the system date back ?

P.S. I can not make use of an internet connection for this purpose. And I believe writing the last execution time to a file/registry would also be too easy to break.

Thanks.

Paul

Answer 1

To make the expiration date a little bit more difficult to avoid, you could store the time of the most recent execution somewhere "hidden" and make sure the user can not go back in time. Any decent "hacker" will get around this, but for joe the average user it will be too much of a hassle.

Working with a wrong date has some bad side effects when using other programs that rely on the correct date/time. So when the user is desperate enough to change his date/time every time he starts your software, he wont buy it anyway...

Improving the expiration mechanism further is just like copy protection for games at this point. Good games sell anyway, bad ones don't.

Answer 2

In this case you can make some change in system when the application expires. In other words to get the application running the system date and not the system change should be there.

You can add a registry entry when it gets expired. or may be a deletion of a file.

And this is a previoud discussion initiated by me addressing a simillar problem. It will be possibly useful..

Licensing

Answer 3

Whatever you do will be cracked, so you are better off concentrating on your software rather than the protection. Keep it simple. If people are determined to get around your protection they will. They could even virtual machine it, so day trials are not really a limitation that can be enforced.

Answer 4

you can try to store (inside the code, not in a file) the expiration date md5summed, this may add some more "protection" from disassemblers. Hide the date check code inside some other critical function, don't write a specific function to do it. You could also edit the exe file on expiration, just to avoid the "change date" trick.

Answer 5

You can store the first and last execution date in a file and also store a salted checksum of it. As @Timbo said, any decent hacker will get around this (as he would with practically any other method).

Like this, you can store something like this in a file anywhere (maybe in the register)

20090801:20090815:20090901
ca5579e3bacb7557b6ed22b5f553f9d5

being:

20090801 - the start date
20090815 - the last execution date
20090901 - the final date
ca5579e3bacb7557b6ed22b5f553f9d5 - the salted MD5 checksum

this way you can check the validness of the checksum using an algorithm like this

bool CheckExpiry()
{
    string SecretSalt = "Y*##d3F!@g^hk";
    string InitialDate = FetchInitialDate();
    string LastExecutionDate = FetchLastExecutionDate();
    string FinalDate = FetchFinalDate();
    int Checksum = FetchChecksum();

    string FinalString = InitialDate + ":" + SecretSalt + ":" + LastExecutionDate + ":"  + FinalDate;
    int InternalCheckSum = md5sum( FinalString );

    return InternalCheckSum == CheckSum;
}

of course you can use SHA-1 or any other digest algorithm you like more. Just make sure you use a not easily guessable SecretSalt.

And you can check the LastExecutionDate against the current date to check if the date was changed backwards.