tags:

views:

1225

answers:

5

Hello,

C# 2008 SP1

I am writing an application that I want to give to a select number of customers.

What is the best solution to use so that after the trail period (1 month) the application will no longer work.

I was thinking that if they are interested in purchasing the software I will give them a license key or something, to unlock the application.

I am have a very limited budget as I am working on my own. So is there any free 3rd party products that does this?

Many thanks for any advice,

+1  A: 

The simplest solution (and as a result the simplest to circumvent) is to store the date the program is first installed (or run) in a file and then check that against the current date whenever the program is launched. If the difference is > 30 days then exit the program.

By storing the date in more obscure places or places that are harder for the user to tamper with (such as the registry) then it gets progressively harder for them to circumvent the system and get more time to use it, but doesn't stop them rewinding the clock on their PC.

If you store the date on your server and also get the date from your server then this is more secure, but does mean that the user has to have an open internet connection to use your software.

ChrisF
+4  A: 

Your options:

  1. At the installation write something to the registry, so that it is hard to find and remove later. This way your application will know when it was originally installed and whether it should still work right now or stop. This method will fail if the registry is cleaned well or if the OS is reinstalled.

  2. Use some sort of online validation service. Will be free of the disadvantages of the [1]. Will also allow you to monitor application activity transcending the OS installation. For that to work you will need to somehow uniquely identify a user PC and transmit its signature to your server.

Developer Art
+4  A: 

If you go with a date-based approached, it can be circumvented by a user's setting their date back (although I doubt people do this very often). An alternative is to allow the application to be started a certain number of times before expiring; this approach obviously ignores any date changes.

My preferred method is to disable parts of the application that are critical to normal use of the program but aren't critical to its evaluation (like the ability to save your work, for example). I do this with my own software, and then send them an unlocking code unique to their computer when they purchase the full program. One primary advantage of this approach is that the installed demo functions as a potential sales tool forever. I'd rather have my program always working to some extent; I don't think a "Sorry, this program has expired" message generates many sales.

MusiGenesis
If you took this approach, the "missing" functionality would still be there in the program; you *could* cripple it so a save/load takes 5 minutes, for instance. Then they would have true full functionality, but the program would be very difficult to use fully, until they registered.
Mark Rushakoff
@Mark: I always intended the missing functionality to still be there in the demo version, so that they only have to enter the unlock code to enable everything. I like your idea about leaving the functionality in but crippling it in an annoying way. One other idea I had was to allow work to be saved, but mark the file in a way that prevents it from being re-opened until they buy the full version.
MusiGenesis
It's actually possible to make time-based approach hard to circumvent by noting the time when application is started and closed (and the other way around) and comparing these times to see if the clock has been set back.
CannibalSmith
"Just after a month of using it, a save/load already takes 5 minutes? And they want money for __that__?" ;-)
MaxVT
@MaxVT: I was just being polite to Mark. I don't really think taking 5 minutes to save is a good idea. :)
MusiGenesis
@Cannibal: true, but already you're making more work for yourself as a programmer, and as I said in my answer, my demo is a sales tool - it doesn't help me if my sales tool has an expiration date.
MusiGenesis
Hello, I think the limited functionality is ok for this. However, I like the idea of having a unique key for unlocking on their computer. I am wondering how do you create a unique key for each computer? If I give a key to someone, I don't want someone to unlock every application by passing the key around. Thanks,
robUK
@robUK: I do this very simply (don't tell the crackerz, please). When the application starts for the first time, I generate a unique random Product ID and hide it in the registry. This Product ID is then displayed in the About box, and customers send it to me when they purchase the application. I then generate an unlock code that only works for that particular Product ID. The customer enters this code, my application compares it to the Product ID in the registry and then unlocks the program. This way, the unlocking survives everything except a complete OS reinstall.
MusiGenesis
My Product ID is generated with a custom algorithm that uses combinations of 16 letters and numbers and leaves out potentially confusing characters (like 0 and O or 1 and I) so the customers won't make typos. The algorithm for generating matching unlock codes is proprietary, but it's basically nothing more than just mixing up characters in a weird way - any hacker could go through the EXE and figure out what it's doing, but it's uncrackable for normal people (aka people who might actually buy the software anyway).
MusiGenesis
+2  A: 

Write a registry key during your installation. The key will contain the date of the installation. The date in the registry key must be encrypted.

When your application is started, check for the existence of this registry key. If it does not exist close the application else decrypt the date, check the trial period and close the application if the trial is over.

Francis B.
+1  A: 

Here is the trick i did to stop users from playing with date/time settings and back dating the clock.

When the app runs for the first time, encrypt the first run date and end trial date and last run date in registry. And decrypt and check the end trial date and not system date from there on everytime the app runs. This solution works for users with no internet connectivity.

Binoj D