views:

1125

answers:

8

hi , i have created my product and also generated license key for that but i want to ask that key after 30 days. i have do it with registry value storing the date with adding 30 days in that. but i found that if the user change the system date with 30 days before my logic not work.

so is there any solution for the trial version software without checking system date and allow only 30 days of trial ?

thanks in advance.

+1  A: 

You need to have a way of detecting if the user changes the date from when you first started the trial. In solutions I've used before, we have saved the "last executed" date and the "first executed" date and if the clock changes to anything more than two days of "last executed" we expire the trial. You also need a "days executed" counter so that they can't keep moving the date two days back (forgot to mention that part) - the counter gets incremented on each execution.

Of course, software licensing systems like this are always avoidable by uninstalling and reinstalling with appropriate refreshing of the registry - the trick is obfuscating and duplicating your license information enough to make this difficult, but eventually, it will get found (especially if you're using an unobfuscated .NET codebase).

Jeff Yates
Or just run it in a fresh virtual machine image.
Pete Kirkham
@Pete: Exactly.
Jeff Yates
+3  A: 

You could use a licensing component. You can make one yourself (see the LicenseManager class), or buy one from a vendor (see for example this one).

Konamiman
The problem with "Military-strength security" ( as advertised by LogicNP ) is that the military uses different strengths of crypto for different purposes. You need a license for explosives in the UK for the strong stuff - all strong military crypto is hosted in embedded hardware modules which self-destruct if tampered with; if you were to publish it as software you'd be prosecuted under the official secrets act. The USA is, if anything, more restrictive in handling strong crypto. So it's a very specious claim, and probably should be "the weakest crypto the Military sometimes uses".
Pete Kirkham
+8  A: 

You could have another registry key that you increment after every day's use. That way, even if they change the computer's date, this key would indicate to your program that it's been running for > 30 days.

Additionally, this value could be encrypted so that if the user tries to manually change it, the program can refuse to run because it was unable to decrypt the value and get a valid number out of it.

To get around reinstalls, you could add some information to any file saved with the trial version of your app which is unique to that specific version of the app (perhaps a timestamp from when it was installed). When a trial version of your app tries to open a file, it will check this signature and ensure that it was created with that same instance, otherwise refuse to open the file. This essentially neuters the ability to simply reinstall the app and continue using it.

At the end of the day though, the user has complete control over their machine and can probably find a way around whatever it is you want to do (short of accessing a web service where these details are kept before you let the user use the app). You probably shouldn't expend so much energy trying to stop the guys who are willing to go through this extra trouble, but instead spend that extra time/money/energy improving the app for those who are willing to pay.

Joel Martinez
+1 for final advice
Alex Bagnolini
+2  A: 

Hard to process 30 days without reference to the system date/clock. You could always keep a list of the dates on which the app was started and count 1 for every time it was different from the last time. This way your user would have to set the same date each time they fired up your app.

Other than that, you could, providing there were internet access, query a known good time server for the current date. This could be circumvented by disconnecting but you could always demand an internet connection before your app will start.

Lastly, an external, local time source via a hardware dongle or similar but I think you are getting into the extreme where you'd be better off directly managing the trials in person.

Lazarus
A: 

IF you can guarantee an internet connection you could implement an online scheme (check a time server or your own authentication server). Of course that introduces another dependency - if the internet goes away, your users can't work.

Ultimately I'd say buy a third party licensing solution - it's still not unbreakable but it will probably be more robust than something you can do yourself without a lot of time and effort.

Marc
A: 

Store the last run date, and whenever the system date is before that, expire the trial.

The only fail-safe method is to validate the app against a service that you host, assuming no one cracked your connection code ;)

As long as they can clear the registry value/isolated storage file/saved settings: they can just restart the trial. There's not much you can do about that. That's why people opt for reduced functionality in trial software, in addition to a time-based trial period.

Wez
+2  A: 

I have one simple solution for you.

Take 2 variables for registry: 1. date 2. counter

steps:

  1. Set a counter = 1

  2. Copy system date to date

  3. Check each time if the date is different than the current date, than copy that date to the registry date, also increment the counter by 1. If the date is same, don't do anything.

  4. Now you can check you counter for trial days expiration

By using these trick, if user change the system date to previous date than also it works.

For registry you can encrypt the date & counter so that technical person would not recognize your logic!

cheers...

ADDED

This logic fails only when user doesn't change the date for each day! Again we have the solution for that!

I don't know whether it is possible or not but you can always have some solution:

  1. count the total time for trial period & store it in registry.
  2. Now count the total time for each run and add it in another variable. (I hope that it can be done by timer)
  3. Compare above two values for taking decision for expiration.
Vikas
Interesting solution unless the clock just runs forward... I launch the following day and the date in the registry is now today, it's not different and so I don't increment the counter? Also, what happens if I launch the app twice (or more) on 1 day? Each launch is going to increment the counter.
Lazarus
OK, I made a small change with the logic.
Vikas
A: 

See if this helps:

Implementing a 30 day time trial

Kavitesh Singh