I want to provide a trial version of my software. This version should only be evaluated within a specific period of time. Let's say only during January 2011.
As this software massively uses the system clock in processing, it would be quite annoying to set the clock to an earlier time to be able to use it over and over. So because of this, I wound't think of a more complicated protection mechanism.
So I have thought about exiting after a test like:
if (DateTime.Now.Year != 2011 && DateTime.Now.Month != 1)
{
MessageBox.Show("expired!");
Application.Exit();
}
How easy will this be cracked :-) ?
Is there a "safe" way to do this ?
Basicly you can say it is impossible to secure trial software against cracking. Everything you do in Software can be bypassed (Yes! Even Ring-0 Drivers).
Even if you have an external dongle from which you recieve the authentication to start can be spoofed through software. Although it isn't easy :-)
You can only make it hard not impossible :-)
It's not exactly related to cracking it, but it's worth noting that if this is an app that can be used internationally, it'll show as being 'expired' for many users before they've even had a chance to try it at all. The values returned by DateTime reflect the local users culture, so DateTime.Now.Year returns 1431 for Arabic cultures and 2553 for the Thai culture for instance. Months can similarly differ, so you shouldn't hardcode values for them without checking the culture first.
You can get round this by using the InvariantCulture each time ,e.g. DateTime.Now.Year.ToString(System.Globalization.CultureInfo.InvariantCulture);
This method could be cracked if the user set his computer Date to 2009: your software will be used for other two years.
If you want to use this method I think the best way is to check the actual date on the internet.
However some users couldn't have a connection; in that case you can use something like a countdown that makes the software executable for n-days.
You ship your software with an encrypted file that contains the date of installation;
The next time you will check for that file:
If exists and the day is different increment a counter;
If exists but is corrupted or if it doesn't exists update the counter to "max-day";
If exists but the counter is equal to "max-day" exit the application;
Update the old file with the new values;
Obviously the counter will be another encrypted file and, as for the other file, you have to check his state (corruption or deletion).
Here's my opinion.
The weak point of any time-limit or dongle-protection is that in the end everything must be checked with an 'if' statement. In the old 'x86 days there is JNE, JE, JNZ family of instructions. Such 'if' statement must exist in hundreds if not thousands or more in the application. So any cracker must find out where to start looking, for instance, dongle checkers almost always use DeviceIoControl API, which could be pinpointed quickly. After the calls to DeviceIoControl API found, the cracker just reverse engineered the routine around the API call, and try change JNE instructions around that to JE or the other way around.
In your case, the usage of DateTime is the tell-tale (but of course, there is a lot of place where DateTime being used for other things, that makes it harder for the cracker). To make things difficult for the cracker, copy the current date to some object's values, and try to make, like, 20 places or something that stores the DateTime. Or even better, retrieve current date from the net and also from the current computer. Don't check the DateTime directly, but use the value that you store in some objects before, to make it harder for the cracker. Use consistency check mechanism to ensure the dates are within tolerance, and kill the app if you find out that 2 of the datetime is different to the other stored datetime (give 2 days tolerance or so).
Also check whether the clock is not turned back by the user, if you found out that CurrentDateTime < StoredDateTimeInRegistry then you should store a kill flag somewhere in the registry. Or you might also want to use a file in addition to the registry.
For every kind checks you do, try to do it in many places and in different ways.
At the end, I must say that what Bigbohne said is true (nothing is impossible to crack) - it is just that, by making it difficult for the cracker, we changed his/her effort-to-result ratio, and hopefully discouraging him from continuing the cracking process.
Checking trial period expiration in C# code is easy to crack, even if you will obfuscate code due to it is compiled into CLR. It is better carry out this check into code that is compiled to byte code. Also you can read topic Protect .NET code from reverse engineering? about protecting .NET code from reverse engineering
Software licensing is a complete subject on its own, and it looks like that you are looking for a simplest solution to be implemented for your trial software.
What simply you can do, on startup of your application log the current date/time in registry and use it is as a reference point for validation. So even if the system time would be changed it wouldn't effect your application validation logic.
If possible, write the registry access library in C++, which wouldn't be possible to crack. Good luck.
Related
How do I expire an exe after certain date/Time. Like I want to expire an exe/Application on date 12-12-2018.
Currently I only know about two ways ::
Computer Date: I have DateTim.Now in C#, So I can compare user system date with my hard-coded date but it is not trustworthy because it checks the date from the user Computer Date which a user can change.
Internet Date: I make a request to Internet to get date but I can't rely on internet because It is possible that user won't connect to internet at the time using my Exe, so i can't make it dependent on internet.
So how do you expire your exe in safe and secure manner.
(I am not talking about license system etc that many stackoverflow Q/A suggested I am just talking about simply way to do this. If it is not possible please do answer also.)
well, it depends a bit on how reliable the system has to be...
of course you can allways say: the code has left your hands -> from now on nothing is reliable ... your code can be tampered with, the hardware is not under your control... so in the end, this task can not be done right, if you consider every possibility
but you can make it a bit harder for someone to tamper with the system...
let's say you have some sort of application state, that is initialized at first start using an internet service that verifies that the software did not expire yet... of course this has to be secured and authenticated with something like TLS and an embedded certificate... (bonus points if you use the bytes from the certificate elsewhere as constants in your program)
now this state has to hold something the program needs to work on, in other words, it is mandatory that this state is affected by changes that are persisted. additionally the state holds the expiry date, and the greatest timestamp your program has seen so far
for example you can have a counter in there that counts operations in your program ... do something, increment the counter, etc
the counter state then is saved along with the data your program is working on, like in a file header, when you write something
of course this information needs some sort of anti-tampering mechanism ... along with the counter state, save the current timestamp and a hash over the file content... then create some sort of signature over the header
when you load that file, verify the signature, the content hash, the timestamp has to be in the past, and the current counter state has to be greater than the saved counter state
the application state is saved the same way on a regular interval and of course you check the state on every startup (expired, greatest known timestamp < current timestamp, signature)
of course someone with brain.exe can poke around a little and dismantle a mechanism like this, but it is a little harder than just reseting a clock
edit:
and of course you can check if there is a filesystem available to write on, that is NTFS formatted, where you can store something hidden in an alternate data stream...
you can also have a config file that you write to AFTER your initial program checks are complete, and compare the last write time of that file to the current system clock to see if it was reset
you can also check for files on the harddrive that are newer than the date the system clock shows you...
In using Stopwatch.GetTimestamp() we find that if you record the return value and then continue calling it and comparing to the previous return value, it will eventually but unpredictably return a value less than the original.
Is this expected behavior?
The purpose of doing this in the production code is to have a microsecond accurate sytem time.
The technique involves calling DateTime.UtcNow and also calling Stopwatch.GetTimestamp() as originalUtcNow and originalTimestamp, respectively.
From that point forward, the application simply calls Stopwatch.GetTimestamp() and using Stopwatch.Frequency it calculates the difference from the originalTimestamp variable and then adds that difference to the originalUtcNow.
Then, Voila...an efficient and accurate microsecond DateTime.
But, we find that sometimes the Stopwatch.GetTimestamp() will return lower number.
It happens quite rarely. Our thinking is to simply "reset" when that happens and continue.
HOWEVER, it makes us doubt the accuracy of the Stopwatch.GetTimestamp() or suspect there is a bug in the .Net library.
If you can shed some light on this, please do.
FYI, based on the current timestamp value, the frequence, and the long.MaxValue it appears unlikely that it will roll over during our lifetime unless it's a hardware issue.
EDIT: We're now calculating this value "per thread" and then "clamping it" to watch for jumps between cores to reset it.
It's possible that you get the jump in time because your thread is jumping cores. See the "note" on this page: http://msdn.microsoft.com/en-us/library/ebf7z0sw.aspx
The behavior of the Stopwatch class will vary from system to system depending on hardware support.
See: http://msdn.microsoft.com/en-us/library/system.diagnostics.stopwatch.ishighresolution.aspx
Also, I believe the underlying equivalent win32 call (QueryPerformanceCounter) contains useful documentation: http://msdn.microsoft.com/en-us/library/windows/desktop/ms644904(v=vs.85).aspx
I don't know exactly regarding about running backwards (which sounds like a small change backwards), but I have so far experienced three times that the value of Stopwatch.GetTimestamp() can change so enormously that it causes overflow exceptions in some further calculations of form about like this:
(Stopwatch.GetTimestamp() - ProgramStartStopwatchTimestamp) * n
where n is some large value, but small enough that if the Stopwatch weren't jumping around enormously, then the program could run years without having overflow exception. Note also that these exceptions occurred many hours after the program started, so the issue is not just that the Stopwatch ran backwards a little bit immediately after start. It just jumped to totally different range, in whatever direction.
Regarding Stopwatch rolling over, in one of the above cases it (not the difference, but Stopwatch) obtained value of something a la 0xFF4? ???? ???? ????, so it jumped to a range that was very close to rolling over. After restarting the program multiple times, this new range was still consistently in effect. If that matters anymore considering the need to handle the jumps anyway...
If it was additionally necessary to determine which core the timestamp was taken on then it probably helps to know executing core number. For this end, there are functions called GetCurrentProcessorNumber (available since Server 2003 and Vista) and GetCurrentProcessorNumberEx (available since Server 2008 R2 and Windows 7). See also this question's answers for more options (including Windows XP).
Note that core number can be changed by the scheduler any time. But when one reads the core number before reading Stopwatch timestamp, and after, and the core number remained same, then perhaps one can assume that the Stopwatch read was also performed on this core...
To specifically answer the high-level question "How often does Stopwatch.GetTimestamp() roll over?", Microsoft's answer is:
Not less than 100 years from the most recent system boot, and potentially longer based on the underlying hardware timer used. For most applications, rollover isn't a concern.
This question may be easy and the answer obvious, but I can't seem to be able to find a solution right now.
I built an application which has a big flaw in it. In a property of my User class, I check to see if the user subscription is expired. To do this, I compare the ending date of the subscription with DateTime.Now:
return (DateTime.Compare(DateTime.Now, subEndDate) > 0);
It doesn't take a genius user to realize that all it is needed is to change the Windows date to an earlier one, and then the application won't expire at all. So I think that comparing to DateTime.Now should not be done, is there a better method that I could use in order to validate a subscription date?
Thanks.
Regards,
Call a webservice or check a database to determine if the subscription is still active
Does this actually matter? If your product is purely web based the only time you have to worry about is your server time. If the server time is able to be altered without your consent you probably have larger problems to worry about.
If your product is desktop based, then how much protection do you want build in? If you just want to protect against your casual user the solution you have is probably enough. If someone is determined to pirate your software then they will probably be successful. If you want to make it harder for these users one solution would be to keep a log of all the times the application has been run. This way you can get an idea of they are playing with the clock.
Maybe you could extract the subscription expiration logic out of your client program and put it into an external service, then your client app could connect to a different server and retrieve expiration details based on a user parameter passed in?
There are several NTP servers out there which you can use for free... they return the exact time and your casual user won't have a hand in manipulating those... to access them you have several options - though none built-in:
http://dotnet-snippets.com/dns/simple-network-time-ntp-protocol-client-SID571.aspx
http://www.codeproject.com/KB/IP/ntpclient.aspx
http://www.codeproject.com/KB/datetime/SNTPClient.aspx
http://www.rebex.net/time.net/ (commercial)
I'm developing an application and I need to make a demo version of it that will expire in lets say 30 days.
My idea for now is to store the current time when the application is first started in a simple txt file stored in the projects resource (so it doesen't have to be written on the hard disk or the registry), and every time the program is started check if 30 days have passed.
But, what if the user resets the time to an earlyer state?
Then my app would still start becouse now the "current date" can be 1 day after the "first start"..
Is there any way I can get some info along with the first date (or, insted of) that would assure that specific time that the application is first started?
Thank you for your time.
One of the option is to check the date time from some external server and not from local system. But this is also possible to crack as the user can put a proxy in between which will act as the external server to your app and this proxy can send any time the user want. In case you want the solution for novice users, external server approach is fine, but any smart user can still crack the application. Remember, any code that runs on a client machine can be cracked, you just need to flip the correct bit in the application code :)
I have a simple check in the code of one of my programs when in beta. It pretty much does what you say. In the initial code is a hard coded date. The logic then just tests to see if the current date is earlier than the hard coded date. Pretty primitive and it relies on the users system date. However once it is past the program will not run unless the system date is changed. As I mention I use this for betas not for my production programs that have an evaluation period. For that I use Infralution License Tracker. This is payware but it does allow the setting of evaluation periods and also the actual licensing of the code.
Interesting question - how about encoding the initial datetime somehow - base64 or even encryption of somekind), then also storing the datetime each time your application is run.
That way you can detect inconsistencies by checking each datetime and if there's funny business going on (eg. todays date is older than the last date) you can shut the user out.
Is it a viable option to compare two FileInfo.CreationTimeUtc.Ticks of two files on two different computers to see which version is newer - or is there a better way?
Do Ticks depend on OS time or are they really physical ticks from some fixed date in the past?
The aim of a UTC time is that it will be universal - but both computers would have to have synchronized clocks for it to be appropriate to just compare the ticks. For example, if both our computers updated a file at the exact same instant (relativity aside) they could still record different times - it's not like computers tend to come with atomic clocks built-in.
Of course, they can synchronize time with NTP etc to be pretty close to each other. Whether that's good enough for your uses is hard to say without more information. You should also bear in mind the possibility of users deliberately messing with their system clocks - could that cause a problem for your use case?
Do Ticks depend on OS time or are they
really physical ticks from some fixed
date in the past?
Ticks are pretty much independent of the OS.
If I remember correctly, 1 second = 10000000 ticks.
So whatever time you are checking, what you get from Ticks is about ten million times what you get from TotalSeconds. (Although it is more accurate than TotalSeconds, obviously.)
A tick is basically the smallest unit of time that you can measure from .NET.
As of speaking about UTC, yes, it is as good as you can get. If the system time on the machine your app is running on is accurate enough, you'll manage with it without issue.
Basically, the more frequent updates there are of the files, the more inaccurate this will be. If someone creates two versions of the file in one second, all of the system times must be precisely synchronized to get a good result.
If you only have different versions once per several minutes, then it is very much good enough for you.
The short answer is that no, this is not a viable solution, at least not in the theoretical, anything-can-happen type of world.
The clock of a computer might be accurate to a billionth of a billionth of a second, but the problem isn't the accuracy, it's whether the clocks of the two computers are synchronized.
Here's an experiment. Look at your watch, then ask a random stranger around you what the time is. If your file was written to on your computer when you looked at the watch, and written to on the computer belonging to the person you're asking 1 second ago, would your comparison determine that your file or his/her file was newer?
Now, your solution might work, assuming that:
You're not going to have to compare milli- or nano-second different clock values
The clocks of the computers in question are synchronized against some common source
** or at the very least set to be as close to each other as your inaccuracy-criteria allows for
Depending on your requirements, I would seriously look at trying to find a different way of ensuring that you get the right value.
If you are talking about arbitrary files, then the answer about UTC is worth a try. The clocks should be the same.
If you have control over the files and the machines writing to them, I would write a version number at the start of the file. Then you can compare the version number. You would have to look into how to get unique version numbers if two machines write a file independently. To solve this, a version webservice could be implemented which both machines use.
Some file formats have version information built-in, and also time stamps. For example, Microsoft Office formats. You could then use the internal information to decide which was the newest. But you could end up with version conflict on these as well.
From the way you phrased the question, I assume that for some reason you cannot call the DateTime comparison methods. Assuming this, the msdn page for the ticks property states "A single tick represents one hundred nanoseconds or one ten-millionth of a second. There are 10,000 ticks in a millisecond." Thus the ticks refer to the value assigned by the .NET library and do not depend on the machine/OS(ehich is probably Windows since you are using C#) and can be safely used for comparisons.