Licensing system with expiration date

c++ encryption licensing crypto++
10,545

The most useful way is to have a server that checks if the key is still valid. That makes it hard to fake.

But if you don't want to (for some reason) use a "online" technique, then you need to store the expiration date somewhere in the data that client uses. It can be encrypted, but your software will have to contain the decryption key. Because at some point or another, your application will have to compare the current date with the date of the expiration date.

As others have said, it's easy to spend a lot of energy on making this hard to break, but sooner or later, it comes down to some simple compare "Is it in date, or not?", and that code can always be "broken" by replacing the if (!in_date) exit_with_message("License expired..."); ith if (false) .... So, unless you do that sort of thing in 100s of different places, and make the code look very different in each place [don't call the same function, don't use the same message, don't use the same calculation, don't use the same result, etc, etc]

I wanted to use a compiler that we used at work on my home machine [to do some work related projects from home!]. It had a "demo license" built in, so you could try it out, but it stopped after 10000 lines of source code. So I looked for all occurrences of 10000 in the binary. I think there were three places that contained 10000. I changed one, tried compiling my test-sample of more than 10000 lines, and it still failed - changed it back and changed the next one: wohoo, it worked... Now, the coder could have made it much harder, but had I been interested enough, I'm sure I could have fixed that as well. This was just much easier than getting a second license, installing a license server on my home machine, etc, etc.

Bear in mind also that most people who break things like this are not doing it for money, but for the challenge. And that's just a bigger motivation if it's hard!

Edit:

I would do something like this:

1) Create a license.dat, which contains:

  • A license number of some sort.
  • An expiration date (somewhat encrypted)
  • A cryptographic hash of the two above components)

2) When loading the software [or at regular intervals in your software], load the license.dat.

3) Verify hash of the license file.

4) Check if the current date is greater than expiration date.

5) If checks all work out, continue, else exit with some relevant message.

Exactly how you store/encrypt the date is something I can't really advice on. One option is a 64-bit integer that has been suitably "scrambled", based on a time_t (time in seconds). The encryption is probably more of a case of "don't make it so darn obvious that it's a timestamp" - but the hash is really what is protecting your timestamp.

Share:
10,545
Admin
Author by

Admin

Updated on June 04, 2022

Comments

  • Admin
    Admin almost 2 years

    I want to implement a simple licensing system based on this article.

    Everything works fine. But now I want to add a expiration date and I do not know how.

    Can someone explain me how to add the expiration date? It is not important to know exactly how to implement, but I need to understand the algorithm behind it :)

  • Bernhard Barker
    Bernhard Barker about 11 years
    +1 for the 3rd and 4th paragraphs. Though I'd be a bit wary of discussing any illegal or possibly-illegal activity in a condoning way (especially activity which you were involved in) in the public domain. I'm sure we'd all be surprised by what warrants a warrant in today's world (especially in countries with less-than-kosher legal systems, which, ironically, includes the US).
  • Mats Petersson
    Mats Petersson about 11 years
    I actually told the boss of the company making the compiler (a year or so later, when some business brought us together). I doubt they would come after me... Not that I live in the US anyways...
  • Admin
    Admin about 11 years
    I dont want to spent to much time on my licensing system. I agree that every system can be broken.
  • Admin
    Admin about 11 years
    Where do I havt to store the expiration date. Do I use the public ot private key? Can I use the License.dat mentioned in the article? Can someone explain step by step what I have to do? Something like: 1. Add expiration date to hardware serial 2. crypt .. I really do not understand where to add teh expiration date how.
  • Admin
    Admin about 11 years
    I think 1)-3) is explain in the article. But hw do I get the expiration date out of the license file? Can I use the public key for that?
  • Mats Petersson
    Mats Petersson about 11 years
    It really depends on how you have stored it. I'm not going to tell you how to do that, because I don't know what I'd do myself, never mind how I'd sugget other people to do it. The immediate thing that comes to mind is to simply store 16 hex digits, and just use some pretty basic encryption [either swap the positions around, or use something like an XOR encryption]. That's not going to stop anyone serious, but it'll make it look less like a timestamp.
  • Admin
    Admin about 11 years
    What is possibly-illegal about this discussion?
  • Mats Petersson
    Mats Petersson about 11 years
    That I bypassed the licensing system in a compiler [but I'm also pretty sure that I could have got a license, had I just been bothered to ask]

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

C++ XOR encryption
Encrypt and decrypt string with c++, Openssl and aes
AES-256 Encryption with OpenSSL library using ECB mode of operation
Simple C++ Encryption - Decryption Library?
AES with padding pkcs7 c++ code
AES 256 encryption in C++ and Qt 5
How do I increment letters in c++?
How to encrypt and decrypt a file with Qt/C++?
Qt pricing (most up to date)
How to do AES decryption using OpenSSL