Where does software protection store its data?

Question

I am in the process of exploring the software protection schemes for my company. Sure enough, there are so many alternatives and almost all of them give a facility to limit:

1. Number of usage (executions)
2. Number of days

Now if I think about it, there must be some place in computer where "number of times the application has been used" or "number of days it has been used for" is stored. Here I assume that an application protected using one of these mechanism would NOT require it to run with Administrative privileges. And I understand that an application with normal user rights cannot modify a place which affects other users. Which would mean that if an application is expired for user A, it will still run for user B (which looks foolish enough). I wonder what place these schemes can possibly hide their information in to make it work?

Answer 1

I wonder what place these schemes can possibly hide their information in to make it work?

At least under Windows, the registry would be the common data store accessible to all users.

Answer 2

I believe the only way do do this kind of stuff reliably is some kind of client-server scheme. E.g. your company has a license server, and the client's software queries the server every time it runs. Of course this requires a working internet connection, which is not always available...

Sure you can write something to registry, but nothing prevents the user modifying it.

Answer 3

"And I understand that an application with normal user rights cannot modify a place which affects other users" - this sentence is where you are misunderstanding.

The application can store this sort of information in a file, in the registry (under windows) or possibly even in its own code or data files.

For example, a user can save a text file so another user may or may read it. Permissions can keep things private to only one user, but code is usually free to make a file readable by any user on almost any operating system.

Answer 4

I know some protection mechanisms that require to be run with administrative privileges at least once (e.g. during installation). I assume they set up a place in a non-user-specific location (e.g. under HKEY_LOCAL_MACHINE or ProgramFiles or even WinDir) and also set write permissions for (authenticated) users to that location.

Answer 5

They just hide it somewhere where it is hard to find, for example in a data file of the application or somewhere deep in the registry. So for timed limits (runs until April, 4th), you can use the date of a file or write the installation date somewhere in the registry (not the usual places; they write it below an odd key in the drivers section where you have lots of random 64 character keys). These keys can then additionally protected (removing write access for anyone).

The "number of times" limits needs to write the key, though, so the "limited access" scheme doesn't work (or works against the protection). These places have no protection but the fact that no one knows where the information is stored. A good place is somewhere in the middle of a huge data file: That makes it hard for the cracker to find even when they figure out the counter must be somewhere in that file.

That said, most good software sells because it's good, not because it's protected.