Announcement

Collapse

Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less

Time-limited evaluation period made easy

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Time-limited evaluation period made easy

    A simple example of how to create a time-limited evaluation program (for example 15 days). It is not affected by leap years, the number of days in a month or any other tripe.

    It works simply by converting the current date to a Julian date (ie. 06-10-2008 to 2454628), adds %NumDays (ie. 15) to that to become 2454643, and stores that in the registry. Whenever the program is run it checks to see if the current Julian date is greater than the registry stored one, and if it is you know the program has expired.

    Code:
    #COMPILE EXE
    #INCLUDE "win32api.inc"
     
    '// Config ...
    $sKEY = "Software\Test\30 Day Limit Test"
    $sVAL = "ExpDate"
    %hKEY = %HKEY_LOCAL_MACHINE
    %NumDays = 15
     
    FUNCTION reg32CreateKey(BYVAL Hive AS LONG, szKey AS ASCIIZ) AS LONG
    LOCAL hKey   AS LONG, Result AS LONG
    IF RegCreateKeyEx(BYVAL Hive, szKey, BYVAL 0, "", %REG_OPTION_NON_VOLATILE, _
                      %KEY_ALL_ACCESS, BYVAL %NULL, hKey, Result) = %ERROR_SUCCESS THEN FUNCTION = 1
    END FUNCTION
    
    FUNCTION reg32SetValueDword(BYVAL Hive AS LONG, szKey AS ASCIIZ, szValue AS ASCIIZ, BYVAL dwData AS DWORD) AS LONG
      DIM lRet AS LONG, hKey AS LONG
      lRet = RegOpenKeyEx(Hive, szKey , 0&, %KEY_ALL_ACCESS, hKey)
      IF lRet = %ERROR_FILE_NOT_FOUND THEN
         lRet = reg32CreateKey(BYVAL Hive, szKey)
         IF lRet = 0 THEN EXIT FUNCTION
         CALL RegOpenKeyEx(Hive, szKey, 0&, %KEY_ALL_ACCESS, hKey)
         IF hKey = 0 THEN EXIT FUNCTION
      END IF
      lRet = RegSetValueEx(hKey, szValue, 0&, %REG_DWORD, dwData, BYVAL 4)
      RegCloseKey hKey: IF lRet = 0 THEN FUNCTION = 1
    END FUNCTION
    
    FUNCTION reg32GetValueDword(BYVAL Hive AS LONG, szKey AS ASCIIZ, szValue AS ASCIIZ) AS DWORD
    ON ERROR RESUME NEXT
    LOCAL dwBuf AS DWORD, hKey AS LONG
    IF RegOpenKeyEx(Hive, szKey, 0&, %KEY_ALL_ACCESS, hKey) = %ERROR_SUCCESS THEN
        CALL RegQueryValueEx(BYVAL hKey, szValue, BYVAL 0, %REG_DWORD, BYVAL VARPTR(dwBuf), 4)
        RegCloseKey hKey
        FUNCTION = dwBuf
    END IF
    END FUNCTION
     
    FUNCTION Date2Julian(MM_DD_YYYY AS STRING) AS LONG  '// by Mike Doty
      DIM Month&,Day&,Year&
      Month = VAL(LEFT$(MM_DD_YYYY$,2))
      Day   = VAL(MID$(MM_DD_YYYY$,4,2))
      Year = VAL (RIGHT$(MM_DD_YYYY$,4))
      LOCAL k AS LONG, Julian AS LONG
      k = INT((14 - Month) / 12)
      Julian = Day + INT(367 * (Month + (k * 12) - 2) / 12) _
                   + INT(1461 * (Year + 4800 - k) / 4) - 32113
      Julian = Julian - (INT(3 * INT((Year + 100 - k) / 100) / 4) - 2)  'Convert to Gregorian
      Date2Julian = Julian
    END FUNCTION
     
    '################################################################################################################
      
    FUNCTION PBMAIN() AS LONG
    LOCAL dwCurDay AS LONG, dwDays AS LONG, dwDaysLeft AS LONG
    dwCurDay = Date2Julian(DATE$)
    dwDays = reg32GetValueDword(BYVAL %hKEY, $sKEY, $sVAL)
    IF dwDays = 0 THEN   '// NEW INSTALLATION
       dwDays = dwCurDay + %NumDays
       reg32SetValueDword(BYVAL %hKEY, $sKEY, $sVAL, BYVAL dwDays)
       STDOUT "Installed"
    ELSE    '// ALREADY BEEN INSTALLED
        dwDaysLeft = dwDays - dwCurDay
        IF dwDaysLeft > %NumDays THEN
            STDOUT "Cracker warning, number of days left is greater than the evaluation period"
        ELSEIF dwDaysLeft =< 0 THEN
            STDOUT "EXPIRED"
        ELSE
            STDOUT "Days left = " & STR$(dwDaysLeft)
        END IF
    END IF
    WAITKEY$
    END FUNCTION
    A quick note on cracking ...

    I kept this example as minimal as possible - it obviously provides very little security against crackers. A cracker could simply release a program (or .reg file) to delete the HKLM\Software\Test\30 Day Limit Test\ExpDate key, resetting the evaluation back to day 1.

    The reason it's so easy is obviously because my example uses a static key. To make that harder for them you could use hashes of things that are at least somewhat unique to their machine, so as to create a dynamic key name. For example, the Windows directory location, or their username, or hardware 'signatures' such as their CPU ID.
    -

  • #2
    Originally posted by Wayne Diamond View Post

    A quick note on cracking ...

    I kept this example as minimal as possible - it obviously provides very little security against crackers. A cracker could simply release a program (or .reg file) to delete the HKLM\Software\Test\30 Day Limit Test\ExpDate key, resetting the evaluation back to day 1.

    The reason it's so easy is obviously because my example uses a static key. To make that harder for them you could use hashes of things that are at least somewhat unique to their machine, so as to create a dynamic key name. For example, the Windows directory location, or their username, or hardware 'signatures' such as their CPU ID.
    I used Wise installer to capture product setup and build a master installer. The capture program takes a snapshot of the registry and directories before install and then after install. Any changes are added to the installation being build.

    SysInternal's RegMon watches the registry for read/write of keys and I am sure there are other products. I've used this product for debugging purposes. As well as checking for spyware. Is a product looking at registry keys it shouldn't. Anyway, I am off topic. I believe it would be very easy to find the dynamic key name and delete it.

    One solution would be to encrypt the data in the key. The user would not be able to create a valid key even knowing the key location/name.

    Also, if the username is used as part of the key name, change the username and the demo starts over again. This is good if the system has multiple users and you want to provde each user a demo period; not good if one just changes their username.

    Comment


    • #3
      btw just to clarify - obviously nothing is uncrackable, but if you simply use a static key location then its easy for a cracker to write and distribute a program (or even .reg file) to attack that key, whereas if its dynamic then its a lot harder - the cracker has to debug your program to try and figure out how youre calculating the dynamic names.

      Any more questions/comments etc please post to the Programming subforum instead, cheers!
      -

      Comment


      • #4
        A lot of early methods like this had flaws with signed and unsigned too and did only a > or a < test and not <> and when the number went too high or negative then it turned it into a 4 Billion day eval. PESX had this issue then he released it as Freeware. Some apps use access dates of system files and other methods to check if a date was cracked. Checking for the key being deleted is good too. Then you have things like making their life difficult where you can uninstall/remove your app if cracking is detected, or even delaying it until something important like they have just worked 4 hours on a project/file using what you developed and you could "accidently" close the app on them without saving if cracking was detected earlier, etc.
        sigpic
        Mobile Solutions
        Sys Analyst and Development

        Comment


        • #5
          See my License Generator post going up right now.

          Time limitation is too old, go with license limitation....

          PS - Wayne good to see ya!!
          Last edited by Scott Turchin; 17 Jun 2008, 06:15 PM.
          Scott Turchin
          MCSE, MCP+I
          http://www.tngbbs.com
          ----------------------
          True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

          Comment

          Working...
          X