Preventing Timed Copy Protection Bypass?
I have trial software that I want to distribute to clients. I want the trial software to stop working 30 days after installation.
Simply checking the system date in software is the easiest way to achieve this, but can't the client easily get around this protection by changing the system time / date in Windows?
Is there a better way to accomplish what I want?
source to share
Your best bet is not to warn them and after 30 days (be sure to check both ways, otherwise they might set the clock in the future, install the app and reset the clock to date), it stops working, also block the app once the trail period has expired, so, even if they then reset the clock, it should still be locked
source to share
I would check the modified time of the last modified file (there are probably a few common paths that are updated frequently, but you can just search for the filesystem).
In addition, you can reduce the "time remaining" (stored in some secret place) by the time the application started for its session. When it reaches 0, everything is ready. You may also find that the clock moves back from the last value seen in any session and punishes it by deleting, for example, an entire day.
source to share
Who are your clients? If this is for the general public and it's a fairly narrow audience, I think you can take a time-based approach. I agree that it will be painful for users to set their system clock and just buy your software. But if it is a really popular piece of software, or if it is for developers , then yes, you should probably step up your trial protection because it will get cracked quickly.
source to share
Yes, they can mess with the system clock. But gradually it becomes more and more inconvenient to do this, the further it goes beyond the end date of the trial period. They will give up using your software before they start flashing with the clock.
Or, even more likely, they will hack your security scheme, so it gives them unlimited time to use it.
source to share
I suggest that you periodically transfer your program call to your server; the user can tinker with the system clock he wants, but you control the clock on your server. If the server knows when the license was issued, it can respond appropriately to the request from the client, regardless of the state of the client clock.
Disclaimer and Plugin: The company I founded produces the OffByZero Cobalt licensed solution . This is a turnkey solution for software protection and specifically refers to the description of a time-limited scenario.
source to share
As noted, temporary licensing is fairly easy to circumvent. You can jump over multiple hoops to keep people from restarting their system clock. You could contact a certified time server and set your internal clock this way, but a rocket scientist won't need to hack that if they can access your code. The easy way is to just find the time check in the asm list and expand it.
We have been working on this for many years (disclosure: I work for a copy protection company (www.wibu.us)) and use a combination of internal clocks on a smart card chip and certified time servers, and some code to make sure you can never set the time back (the code is always encrypted, so it cannot be changed). We also have a software solution that uses an internal clock, but not a smart card chip. There are drawbacks to all security measures; find the right trade-offs for your market, price, etc. is a trick.
source to share