How to make software expire on a certain date on Windows?

windows date licensing

21,416

Solution 1

Whatever you do will be cracked, so you are better off concentrating on your software rather than the protection. Keep it simple. If people are determined to get around your protection they will. They could even virtual machine it, so day trials are not really a limitation that can be enforced.

Solution 2

To make the expiration date a little bit more difficult to avoid, you could store the time of the most recent execution somewhere "hidden" and make sure the user can not go back in time. Any decent "hacker" will get around this, but for joe the average user it will be too much of a hassle.

Working with a wrong date has some bad side effects when using other programs that rely on the correct date/time. So when the user is desperate enough to change his date/time every time he starts your software, he wont buy it anyway...

Improving the expiration mechanism further is just like copy protection for games at this point. Good games sell anyway, bad ones don't.

Solution 3

You can store the first and last execution date in a file and also store a salted checksum of it. As @Timbo said, any decent hacker will get around this (as he would with practically any other method).

Like this, you can store something like this in a file anywhere (maybe in the register)

20090801:20090815:20090901
ca5579e3bacb7557b6ed22b5f553f9d5

being:

20090801 - the start date
20090815 - the last execution date
20090901 - the final date
ca5579e3bacb7557b6ed22b5f553f9d5 - the salted MD5 checksum

this way you can check the validness of the checksum using an algorithm like this

bool CheckExpiry()
{
    string SecretSalt = "Y*##d3F!@g^hk";
    string InitialDate = FetchInitialDate();
    string LastExecutionDate = FetchLastExecutionDate();
    string FinalDate = FetchFinalDate();
    int Checksum = FetchChecksum();

    string FinalString = InitialDate + ":" + SecretSalt + ":" + LastExecutionDate + ":"  + FinalDate;
    int InternalCheckSum = md5sum( FinalString );

    return InternalCheckSum == CheckSum;
}

of course you can use SHA-1 or any other digest algorithm you like more. Just make sure you use a not easily guessable SecretSalt.

And you can check the LastExecutionDate against the current date to check if the date was changed backwards.

Solution 4

you can try to store (inside the code, not in a file) the expiration date md5summed, this may add some more "protection" from disassemblers. Hide the date check code inside some other critical function, don't write a specific function to do it. You could also edit the exe file on expiration, just to avoid the "change date" trick.

Solution 5

In this case you can make some change in system when the application expires. In other words to get the application running the system date and not the system change should be there.

You can add a registry entry when it gets expired. or may be a deletion of a file.

And this is a previoud discussion initiated by me addressing a simillar problem. It will be possibly useful..

Licensing

View more solutions

21,416

Author by

Paul

Updated on September 09, 2020

Comments

Paul over 3 years

I have a piece of Windows/C++ application which includes a hard coded expiry date, so that the release expires and stops running on a certain date like, 30 of august 2009.

Obviously the user can take back the system time to work around this limitation.

Is there a good way to stop my application running if the date has passed even though the user has taken the system date back ?

P.S. I can not make use of an internet connection for this purpose. And I believe writing the last execution time to a file/registry would also be too easy to break.

Thanks.

Paul
Chathuranga Chandrasekara over 14 years

Still have a problem. If the hacker has a backup :(
Paul over 14 years

Thanks Timbo. [quote]you could store the time of the most recent execution somewhere "hidden"[/quote] Actually I am looking for hints about this "somewhere". Is it registry, a tmp file in %TEMP% or some other method ?
Jay over 14 years

Catch to deleting a file or otherwise vandalizing yourself is that if the user had a temporary glitch that screwed up their system clock or otherwise triggered your self-destruct system, and then they fix the problem, they still can't run. Okay, every security scheme has to balance protecting yourself from unauthorized users with excessive inconvenience to authorized users.
Jay over 14 years

I used a similar system once: we stored the date in a file, we didn't store it in a recognizable format but coded it, so if someone opened the file and looked at it it wouldn't be obvious it was a date, and then we said that if the date ever went backward, it was an automatic fail. If your software is popular enough that people decompile it and figure it out, sure, they can get around such a scheme. It all depends how much work someone is willing to go to.
pokrate over 14 years

very good solution. treat date like a password. simple.