tags:

views:

71

answers:

4
+6  Q: 

Limiting Starts or Run Time for Evaluation Software in C# and Windows

Are there any good ways to limit the number of times an application can start or limit how long it can be used for under Windows 7 and using C#?

As far as I can see the registry can be easily edited, there are programs to report any kind of file access, virtual machines can be used to change the system time back to when the application was installed, etc. For every idea I can think of there is a (usually) trivial work around.

I want to avoid the need for an internet connection. I.e. I don't want the software to request permission to start each time using hashes, etc.

I see third party license systems that have this kind of functionality. If implementing these approaches is always lame, how do they do it so it isn't lame?

Note: I don't want to "crack" a third party system. I already have my own license system that I want to improve. Generic, plausible ideas are all that I am looking for.

thanks, Andy

A: 

Use the registry but encrypt the entry with the expiration date. It is not foolproof but it will keep 75% of the casual cheaters.

A few other tricks:

  1. Store the number of days used too (possibly in another reg key or somewhere totally different) so if they roll back the clock the number of days used up stays the same.
  2. Use some form of salt in your encryption so two programs with the same exp date will have different values.
  3. Stay away from the really nasty stuff like writing to the boot sector of the HD (looking at you Adobe) you will loose more users from doing that practice than you will gain from the DRM.

The key for any secured system is you can not trust anything they control. Any system that does not have a internet check there is no way you can stop them from reloading a VM.

Scott Chamberlain  2010-09-27 19:39:28
+1  A: 

Building a relatively secure but simple system for software licensing is far from easy. It goes without saying, that any system (other than hosting the code on secure servers) can be broken given enough resources and time. The best you can do is to make the effort necessary to do so greater than the average benefit.

If you are serious about protecting your own software assets, you should consider using a commercially proven licensing technology, rather than rolling your own. That said, let's look at how you could consider protecting in the manner you describe.

First, you should realize that in the age of virtual machines, any file or registry entry you create can be easily rolled back. Without an online component to the verification process you can't prevent this scenario.

What you can do are things like:

  • Store an encrypted value of the number of days the system has been used for - a value which can never step backwards.
  • Store an encrypted counter which you decrement down towards zero each time the system is used.
  • Store an encrypted value of the last date/time the software was launched.
  • Store an encrypted hash for the other three values.

Now you have a means to check that these values are consistent and limit the ability for someone to tamper with them. You should also SALT these values so that they can't be easily replayed.

LBushkin  2010-09-27 19:43:28
A: 

I notice a trend of some programs' installers being stand alone download clients for the rest of the program. Could you use meta-programming to send executable that does checks on something obscure like (insert obscure thing here)?

Gabriel  2010-09-27 19:47:11
+2  A: 

This is not the answer to your question, just something to think about. No matter how complicated your protection system is, it will be easily cracked. Even with online checking, it can, and will be cracked if someone wants it really bad.

That said, the people who would want to crack your program AREN'T your customers, they never were, and they never will be. If you make your protection system ubreakable (and there are no unbreakable protection system), those people will just not use your program and will find some other which they can crack.

On the other hand, people who are your customers won't try to crack it and will buy the original. Ask yourself - do you really want to waste your time, energy and money for somebody that is not your customer, and probably slow down the system for somebody who actualy is?

That said, I believe you should make some kind of protection system, but go with that which is fast and easy to implement and least obtrusive.

Ivan Ferić  2010-09-27 19:57:48

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?