I have one vb.net windows application and I want to deliver it to my client with 1 year validity.
After one year this software will automatically stop working or ask for renewal.
The client PC doesn't have internet access.
Please tell me the secure way for this.
When the program is installed, have it set a registry value with the current date. Then, on every subsequent program start, have it check that registry value against the current time. If more than a year has passed, do whatever you plan on doing to lock up your application.
This post has some excellent info on the specifics of adding, modifying, and accessing registry values in vb.net.
Check the date.
If dateToday > dateProgramSold.AddYears(1) Then
'open form that cant be close saying program is expired
End If
When the program is installed, it should ask for an registration key (they could get it by email, print it off and type it). The key should contain the last day of validity (encrypted). Store the key in the registry (or somewhere else). When the program starts, you check the date inside the key.
If they re-install the end date will stay the same.
When they want to update, just send a new key by email or mail.
The amount of security you put into just could depend on how much you trust the company. Because they could always decompile and crack your software.
I needed to do this for a program I wrote. My final solution included the resolution that you can't be 100% foolproof, so I considered my users and did the best I could with what I had.
Without access to the internet, how does the computer know what date it is? It has to rely on user input for it. So if a user can input it, then a user can change it. There is no foolproof way to get an accurate date from the PC without the the user having access to it. Whether from the OS, the BIOS, etc.
So what I ended up doing was putting an obfuscated key into the registry in an obscure place. HKCU >> Software. I made the key just some letters and numbers {L12A3C0DFF} then I named the key Z0B0 and made the value the obfuscated date. I took the year month and day and ran each one through a different calculation. I ended up with something that looked like DDE011468932.
Each time the program ran it decoded this registry setting to see if a year had passed based on the time in the BIOS. If the date in the BIOS was earlier then this date then they changed it and I would not not allow my program to run.
Also each time the program ran, I checked the date in the BIOS and stored this in the registry in the same way. So I would check to see if they changed the date in the BIOS to an earlier date.
So in order for them to abuse the date restriction of one year, they literally had to change the date in the BIOS every day which I figured was not worth it to them to do, besides, they would have had to figure out where I was getting the date from to begin with, which would take decompiling (and I wasn't selling it to a bunch of programmers). Simply changing the date in the OS wouldn't fool it.
Related
I am running Enea OSE 4.6.1 on a system that I have and every so often (sometimes a few days, usually several weeks), I am asked to change my password by the system.
I am wondering if there is a way to check the expiration date of my password, or modify said date. I do not enjoy having work to do and being surprised with the expired password. The end goal is to write a script to check the password expiration so I am aware beforehand.
I searched through some of the OSE Documentation I have on hand and did not see much about passwords (I do not have every PDF). I also checked through some of the source code and the validation process but see no mention of expiration, dates, or change. Finally, I was able to secure a list of all pre-configured command line commands and none of them mention (expiration) date for passwords. There is a command to change password but it mentions nothing of time or date.
I believe there is a way to create my own custom command line command I found in one of the OSE manuals, but in order to do that I will need to know where password expiration is stored.
Any information would be greatly appreciated as I know OSE is not too widespread. Thank you in advance.
I have a VB.NET application that I would like the user to be able to run for a fixed period, then have it switch to a partially restricted mode. I have the code in place to do that, as well as code to encrypt data. What I need is to be able to track the date the application is first used. And have the date saved somewhere and in a format that the user is not likely to be able to reset it. Is there a preferred way to do this, such as some obscure Registry key?
If it 100 percent requires this, then you need to store the information in your server. This is quite hard to do. If it doesn't need to 100 percent high security, you can use Settings in your application, or the registry. Here is a good tutorial on using settings in your application: http://www.dreamincode.net/forums/topic/72654-using-settings/.
If you want to use the registry, then here is a good tutorial on that: https://msdn.microsoft.com/en-us/library/85t3c3hf.aspx. Note that using the registry requires administrator privileges.
I want to make use of registry to store installation date.
This would allow me to check application expiry on each run, so when I install my application on any PC the registry subkey will be created and store current date as installation date.
I am using Visual Studio Installer Set up and Deployment.
If you have any other suggestion to achieve this, please share.
As a general answer, create a registry item and put the appropriate Windows Installer property there, in this case [Date] in square brackets, case-sensitive, just like you'd put [TARGETDIR] to record the installation folder. This avoids code.
However it is a bad idea, as the comments point out. Apart from the fact that it can be defeated, the poor person that installs it then can't use it for a week is in trouble. You should start the clock on first run of the app. That's fair and accurate.
Otherwise, give each user something unique, maybe a license key, and have the app call into your company's web service on first run, saying "this key started now", then you can check every time the app runs and say no after the timer has expired, then you're using your company's clock, not the user's.
For my VB.NET applications, I am wanting the user to have a free trial for x amount of days.
Where is the best place to record the amount of days past?
In the registry? Can't someone just delete the registry key, and then have the full x amount of days again?
Is there a better way?
Anything you store on the user machine could be compromised.
If you are serious about this thing then your "best" option is to have a webservice that your apps call at every startup passing some form of identification string.
(And this could be compromised too).
For the purpose to generate an identification string you could look at this question and the following answers
It doesn't matter where you store something on the local machine because it can always be removed.
A user could start up a Virtual PC install your app, and then roll back the virtual PC after 28 days and install again.
One option is to generate a key that is unique to the machine and then verify this with a web service. This is not completely hacker proof but it is better.
You could add some information to any file saved with the trial version of your app which is unique to that specific version of the app (perhaps a timestamp from when it was installed).
When a trial version of your app tries to open a file, it will check this signature and ensure that it was created with that same instance, otherwise refuse to open the file.
This essentially neuters the ability to simply reinstall the app and continue using it.
I'm getting started with Objective C and Cocoa on Mac and i would like to develop a app that will have a trial period of 30 days for example like most of the apps have.
How can this be implemented on Mac OSX? Do i store somewhere the installation date and then on each run i check for that? Or what is the general way of achieving this?
That is certainly one way to check the expiry of a trial, but I've found that implementing time based trials can be troublesome when dealing with slightly cleverer users.
If you use a time trial (i.e. 30 days) how do you check the time? You can store the time that the app was installed, and you can read the current time to work out the difference, but how can you guarantee the time(s) you are reading is correct. The user may have edited one or both of these values. (By changing your stored value if it's not encrypted or by changing the system time).
You could use the Internet to verify the time, but what would you do if the user isn't connected to the Internet?
I'm sure there will be more sophisticated ways of checking how long the user has had the program installed, but I'm afraid I can't enlighten you to any.
I'd consider one of the alternatives methods of providing a trial:
Number of times the app has been started - (take into account that your app may crash, or the user may keep the app open). You may wish to count instead, the number of days on which the app has been opened and allow the user to open the app on 15 different days.
Restricted Content - Make a separate target for your app with less content. This is a safer way to ensure that the user can't work around your restrictions, but it's also more work for them to install a separate version. Consider that you may lose some sales.