best place for "secure" file on windows

Question

I have written a program for one customer. I implemented a licensing method for him (signed XML files). This customer wants the application to be installed only once on his customer's PC, and wants me to "secure" this ... especially because his licenses are time-limited. Those PCs do not have internet access. I told him this is absolutely stupid and it's not able to secure this kind of thing (VM eg.), but he wants at least a little "security".

Now I am looking for a good place on a Windows machine that is writable by every user (no UAC), where I can store some "secret" data (e.g. last time used) so the user can't just turn back time on the PC.

He should also not be able to just delete the application folder, set back the time, reinstall and use the program, nor should he be able to do this by deleting the actual user and using the software from a new created one.

I know this is something really really stupid, but my customer insists so...

I tried finding some places but with no luck so far.

Do any one you know of some directory that meets these requirements?

Answer 1

I pretty sure process monitor would destroy this no matter what directory you pick, so just use a normal application data directory. There isn't a magic directory that will somehow help you hide the fact that you're reading/writing from it during the license check, and as long as you've told the customer how not-secure this is I wouldn't spend much time on it

Answer 2

Maybe the registry would be better? Ya, it's a terrible requirement really. Maybe you could encode the installation date into the XML file as part of the installation process, obfuscate it some way perhaps.

Answer 3

In the past when I've had similar inane requirements I've used the registry. Here's what I do:

1. In an embedded resource, give the program the public part of an asymmetric key
2. When running, check for a few registry entries (detailed later). This is the first run, so they'll be absent
3. Send to a central licensing server the CPU serial numbers (and possibly product serial number)
4. Server verifies that the CPU/serial has not been seen before, generates an expiry date/time. If they have, pulls up the old expiry date/time. If expiry date/time is passed, returns nothing, otherwise returns old date/time
5. Server sends the client the expiry date time and all of the information (expiry, CPU, serial) signed with the private key
6. Client stores the expiry date/time and the signed data in the registry
7. On subsequent runs, the client takes all of the information and compares it to the signature. If the signature is invalid, registry information is deleted

So now, if the user runs the program after the window, the information is deleted, server will refuse to re-auth. If they try to copy to a new machine with registry info, signature check fails. If they install on a new machine, re-auth fails (due to different CPU serials). The only thing you can't really cover is if they always adjust the time, though you could find the time easily with a NIST check.

Downside is it depends on the internet and you need a licensing server.

Answer 4

Ok. I took a little of everyones suggestions :) I am putting the file unter {sys}{My-GUID}\ and granting this directory full-permissions for everyone in my setup (innosetup)

Think this should be ... ok ... somehow :)

And @ NullUserException : He is paying my car ... i can't fire him :)

Thanks for your answers