Announcement

Collapse

Forum Guidelines

This forum is for finished source code that is working properly. If you have questions about this or any other source code, please post it in one of the Discussion Forums, not here.
See more
See less

Time-limited evaluation period made easy

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Time-limited evaluation period made easy

    A simple example of how to create a time-limited evaluation program (for example 15 days). It is not affected by leap years, the number of days in a month or any other tripe.

    It works simply by converting the current date to a Julian date (ie. 06-10-2008 to 2454628), adds %NumDays (ie. 15) to that to become 2454643, and stores that in the registry. Whenever the program is run it checks to see if the current Julian date is greater than the registry stored one, and if it is you know the program has expired.

    Code:
    #COMPILE EXE
#INCLUDE "win32api.inc"
 
'// Config ...
$sKEY = "Software\Test\30 Day Limit Test"
$sVAL = "ExpDate"
%hKEY = %HKEY_LOCAL_MACHINE
%NumDays = 15
 
FUNCTION reg32CreateKey(BYVAL Hive AS LONG, szKey AS ASCIIZ) AS LONG
LOCAL hKey   AS LONG, Result AS LONG
IF RegCreateKeyEx(BYVAL Hive, szKey, BYVAL 0, "", %REG_OPTION_NON_VOLATILE, _
                  %KEY_ALL_ACCESS, BYVAL %NULL, hKey, Result) = %ERROR_SUCCESS THEN FUNCTION = 1
END FUNCTION

FUNCTION reg32SetValueDword(BYVAL Hive AS LONG, szKey AS ASCIIZ, szValue AS ASCIIZ, BYVAL dwData AS DWORD) AS LONG
  DIM lRet AS LONG, hKey AS LONG
  lRet = RegOpenKeyEx(Hive, szKey , 0&, %KEY_ALL_ACCESS, hKey)
  IF lRet = %ERROR_FILE_NOT_FOUND THEN
     lRet = reg32CreateKey(BYVAL Hive, szKey)
     IF lRet = 0 THEN EXIT FUNCTION
     CALL RegOpenKeyEx(Hive, szKey, 0&, %KEY_ALL_ACCESS, hKey)
     IF hKey = 0 THEN EXIT FUNCTION
  END IF
  lRet = RegSetValueEx(hKey, szValue, 0&, %REG_DWORD, dwData, BYVAL 4)
  RegCloseKey hKey: IF lRet = 0 THEN FUNCTION = 1
END FUNCTION

FUNCTION reg32GetValueDword(BYVAL Hive AS LONG, szKey AS ASCIIZ, szValue AS ASCIIZ) AS DWORD
ON ERROR RESUME NEXT
LOCAL dwBuf AS DWORD, hKey AS LONG
IF RegOpenKeyEx(Hive, szKey, 0&, %KEY_ALL_ACCESS, hKey) = %ERROR_SUCCESS THEN
    CALL RegQueryValueEx(BYVAL hKey, szValue, BYVAL 0, %REG_DWORD, BYVAL VARPTR(dwBuf), 4)
    RegCloseKey hKey
    FUNCTION = dwBuf
END IF
END FUNCTION
 
FUNCTION Date2Julian(MM_DD_YYYY AS STRING) AS LONG  '// by Mike Doty
  DIM Month&,Day&,Year&
  Month = VAL(LEFT$(MM_DD_YYYY$,2))
  Day   = VAL(MID$(MM_DD_YYYY$,4,2))
  Year = VAL (RIGHT$(MM_DD_YYYY$,4))
  LOCAL k AS LONG, Julian AS LONG
  k = INT((14 - Month) / 12)
  Julian = Day + INT(367 * (Month + (k * 12) - 2) / 12) _
               + INT(1461 * (Year + 4800 - k) / 4) - 32113
  Julian = Julian - (INT(3 * INT((Year + 100 - k) / 100) / 4) - 2)  'Convert to Gregorian
  Date2Julian = Julian
END FUNCTION
 
'################################################################################################################
  
FUNCTION PBMAIN() AS LONG
LOCAL dwCurDay AS LONG, dwDays AS LONG, dwDaysLeft AS LONG
dwCurDay = Date2Julian(DATE$)
dwDays = reg32GetValueDword(BYVAL %hKEY, $sKEY, $sVAL)
IF dwDays = 0 THEN   '// NEW INSTALLATION
   dwDays = dwCurDay + %NumDays
   reg32SetValueDword(BYVAL %hKEY, $sKEY, $sVAL, BYVAL dwDays)
   STDOUT "Installed"
ELSE    '// ALREADY BEEN INSTALLED
    dwDaysLeft = dwDays - dwCurDay
    IF dwDaysLeft > %NumDays THEN
        STDOUT "Cracker warning, number of days left is greater than the evaluation period"
    ELSEIF dwDaysLeft =< 0 THEN
        STDOUT "EXPIRED"
    ELSE
        STDOUT "Days left = " & STR$(dwDaysLeft)
    END IF
END IF
WAITKEY$
END FUNCTION
    A quick note on cracking ...

    I kept this example as minimal as possible - it obviously provides very little security against crackers. A cracker could simply release a program (or .reg file) to delete the HKLM\Software\Test\30 Day Limit Test\ExpDate key, resetting the evaluation back to day 1.

    The reason it's so easy is obviously because my example uses a static key. To make that harder for them you could use hashes of things that are at least somewhat unique to their machine, so as to create a dynamic key name. For example, the Windows directory location, or their username, or hardware 'signatures' such as their CPU ID.
    -
    Tags: None
  • #2
    Originally posted by Wayne Diamond View Post

    A quick note on cracking ...

    I kept this example as minimal as possible - it obviously provides very little security against crackers. A cracker could simply release a program (or .reg file) to delete the HKLM\Software\Test\30 Day Limit Test\ExpDate key, resetting the evaluation back to day 1.

    The reason it's so easy is obviously because my example uses a static key. To make that harder for them you could use hashes of things that are at least somewhat unique to their machine, so as to create a dynamic key name. For example, the Windows directory location, or their username, or hardware 'signatures' such as their CPU ID.
    I used Wise installer to capture product setup and build a master installer. The capture program takes a snapshot of the registry and directories before install and then after install. Any changes are added to the installation being build.

    SysInternal's RegMon watches the registry for read/write of keys and I am sure there are other products. I've used this product for debugging purposes. As well as checking for spyware. Is a product looking at registry keys it shouldn't. Anyway, I am off topic. I believe it would be very easy to find the dynamic key name and delete it.

    One solution would be to encrypt the data in the key. The user would not be able to create a valid key even knowing the key location/name.

    Also, if the username is used as part of the key name, change the username and the demo starts over again. This is good if the system has multiple users and you want to provde each user a demo period; not good if one just changes their username.

    Comment

    • #3
      btw just to clarify - obviously nothing is uncrackable, but if you simply use a static key location then its easy for a cracker to write and distribute a program (or even .reg file) to attack that key, whereas if its dynamic then its a lot harder - the cracker has to debug your program to try and figure out how youre calculating the dynamic names.

      Any more questions/comments etc please post to the Programming subforum instead, cheers!
      -

      Comment

      • #4
        A lot of early methods like this had flaws with signed and unsigned too and did only a > or a < test and not <> and when the number went too high or negative then it turned it into a 4 Billion day eval. PESX had this issue then he released it as Freeware. Some apps use access dates of system files and other methods to check if a date was cracked. Checking for the key being deleted is good too. Then you have things like making their life difficult where you can uninstall/remove your app if cracking is detected, or even delaying it until something important like they have just worked 4 hours on a project/file using what you developed and you could "accidently" close the app on them without saving if cracking was detected earlier, etc.
        sigpic
        Mobile Solutions
        Sys Analyst and Development

        Comment

        • #5
          See my License Generator post going up right now.

          Time limitation is too old, go with license limitation....

          PS - Wayne good to see ya!!
          Last edited by Scott Turchin; 17 Jun 2008, 05:15 PM.
          Scott Turchin
          MCSE, MCP+I
          http://www.tngbbs.com
          ----------------------
          True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

          Comment

          Previous template Next
          Working...
          X

          We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, and to analyze site activity. For additional details, refer to our Privacy Policy.

          By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

          I Agree