PDA

View Full Version : Time Restricted Software



cairnswm
01-07-2003, 02:20 PM
Does anyone have a secure component that restricts the amount of time a program can run for? Tamperproof preferably :)

Traveler
01-07-2003, 03:33 PM
I could be thinking to simplistic, but isn't it just a case of

if (endDate > 0-1-01-2004) then displayMessage('Get a new version on my website');

or something like that ?

tux
01-07-2003, 07:13 PM
i think he wants one where u cant set the clock back to make it work :)

cairnswm
02-07-2003, 05:45 AM
It probably is as simple as that but what happens if he only downloads the program on the 31-12-2003 he only gets one day to use the software.

I was thinking of something that possibly uses the registry and stores the installation date etc (encrypted) and then stops working after a specified time period.

Oh well I('ll make my own little component. Shouldn't be too hard :)

tux
02-07-2003, 08:29 AM
you could create a reg key when its run if it doesnt excsist then encrypt a string with the date in and save it.

then when that date is 1 day old (ei, yeseterday) then refuse to work.


just hope he doesnt install it on 11:59 :D

Alimonster
02-07-2003, 10:04 AM
Grr. Lost a reply cause the server was down. :evil:

I'd suggest that you go for a feature-reduced version rather than a time-limited one. You can just {$IFDEF} out relevant code so that it never appears in the shareware exe. Also, try to make it have a slightly different format from the final program so that users can't, for example, just email the maps and play 'em anyway.

The trouble is that anything client-side can be cracked given enough time and willpower. The above suggestion (creating registry keys) is easy to get around -- just run the exe and debug it. Whack a breakpoint at the relevant part, change an opcode or two (e.g. from jump-if-equal to jump-if-not-equal) and redistribute the cracked exe. Also, there are more direct ways (e.g. delete the key when your time limit expires and it'll be recreated, change the clock, etc).

You'd want to ensure that the unique value/however else it's protected is used throughout the code, so it all goes wonky if someone tampers with it. CRCs are probably a not-bad idea as well.

The only sure-fire way would be to involve a server somewhere the process, but that's kinda intrusive if your game doesn't use the net for anything else.

Check out the following article (http://www.gamasutra.com/features/20011017/dodd_01.htm) from Gamasutra (free registration required) for info on how the people who made Spyro tried to keep the hackers at bay.

Bear in mind that your game may not attract the attention of serious crackers if it's not a multi-million seller, which means that you don't have to go too overboard. However, do try to keep it a bit safe :).

cairnswm
03-07-2003, 05:37 AM
On the project I'm working now we are using NetExpress Cobol. When it installs it updates a number of keys in the registry. So even if you delete the info in one place it is still in lots of other places as well.

I was thinking of creating a component that implemented a number of options.
1. Time delay. Put a key in the registry for when the product was installed, encrypted with a double check digit (one before enryption, one after).
2. Number of use count - also encrypted along with the double check digit.
3. Server register link - must link to a server to continue working.
4. Register for a specific PC. I have code to get the MAC address of a users network card to help create a unique code per PC.

Unfortunatly this isn't for a game :) Its for my FAQ creator, currently in version 0.0 Alpha state :) I have the required code to link it into Internet Explorer as a new band to make creating FAQs from a web page or copied text very easy - a great way to store all those great delphi code snippets out there :)

cairnswm
03-07-2003, 06:16 AM
On the topic of how to restrict/limit use of your shareware program have a look at :

http://www.dexterity.com/articles/

and specifically

http://www.dexterity.com/articles/registration-incentives.htm

Articles by a self proclaimed successful shareware company.

Snape
26-07-2003, 02:28 PM
Try the TurboPower components on sourceforge.net.
There's a component called 'OnGuard', I think this is exactly what you are looking for.
Here's the link: http://sf.net/projects/tponguard/

Gadget
16-09-2003, 11:42 AM
Might also want to think about having multiple protection routines, and make it hard to hack the checks out. Have some self checking code, checksum tests, and dont hard code any kind of 'Demo Expired' messages using standard ASCII. But that's if you are bothered about people hacking it quickly?

Gadget
16-09-2003, 11:51 AM
It probably is as simple as that but what happens if he only downloads the program on the 31-12-2003 he only gets one day to use the software.

I was thinking of something that possibly uses the registry and stores the installation date etc (encrypted) and then stops working after a specified time period.

Oh well I('ll make my own little component. Shouldn't be too hard :)

One of the problems with registry checks is they are prone to 'Installation Capture' type attacks. ie. Install Shield, captures registry settings when the application installs and first runs. There are a couple of clever solutions to this problem, one is to write something that runs say 3 days after the install date. This then means that the install capture won't register the modificiation, and ensure that on uninstall that the registry entry is not removed. You can also get clever by using file attrib flags for various non changing system files, say for example using the Archive flag. Another nice unique feature that I have employed is using a random (say 1 in 50) net check. If they are connected to the internet, the application checks for a newer version, at the same time it checks the server date and time, realises its a trial version and disables the application. :)

Traveler
16-09-2003, 02:43 PM
If they are connected to the internet, the application checks for a newer version, at the same time it checks the server date and time, realises its a trial version and disables the application.

Wouldn't ZoneAlarm (or any other firewall) give me a warning and the option whether the program is allowed to proceed with the connection? I could choose not to connect.

cairnswm
17-09-2003, 05:09 AM
I've been looking at doing shareware for a while now. I have also been reading up quite a lot about it over the last few months. It is quite clear that using any form of time delay/expiry software is not a good plan as they get cracked very fast (on the Game Vision forums the one person said two days...).

I will use a demo vs registered copy approach to my shareware.

Gadget
17-09-2003, 09:59 AM
If they are connected to the internet, the application checks for a newer version, at the same time it checks the server date and time, realises its a trial version and disables the application.

Wouldn't ZoneAlarm (or any other firewall) give me a warning and the option whether the program is allowed to proceed with the connection? I could choose not to connect.

That's true, but one thing I have been thinking about is using other applications to bypass the firewall.

eg. Shell IEXPLORE.EXE, send a url to it passing the reg number as a query string, then read the text returned using the GETTEXT message or similar?