For my VB.NET applications, I am wanting the user to have a free trial for x amount of days.
Where is the best place to record the amount of days past?
In the registry? Can't someone just delete the registry key, and then have the full x amount of days again?
Is there a better way?
Anything you store on the user machine could be compromised.
If you are serious about this thing then your "best" option is to have a webservice that your apps call at every startup passing some form of identification string.
(And this could be compromised too).
For the purpose to generate an identification string you could look at this question and the following answers
It doesn't matter where you store something on the local machine because it can always be removed.
A user could start up a Virtual PC install your app, and then roll back the virtual PC after 28 days and install again.
One option is to generate a key that is unique to the machine and then verify this with a web service. This is not completely hacker proof but it is better.
You could add some information to any file saved with the trial version of your app which is unique to that specific version of the app (perhaps a timestamp from when it was installed).
When a trial version of your app tries to open a file, it will check this signature and ensure that it was created with that same instance, otherwise refuse to open the file.
This essentially neuters the ability to simply reinstall the app and continue using it.
Related
I am trying to create some local user accounts in Windows 10 on my home PC. I can go through the wizard ok, but when I try to login to the accounts I get a message similar to 'user profile service failed the logon'.
The whole story is this:
I want to add a SSD drive to my system (Dell Tower, I do not remember the model). So following some advice, it was suggested to move my user files to another drive so the SSD drive would only have the OS and programs on it. Plus this would keep my SSD required size smaller.
So I started to move my user files using the "Location" tab for the "My Documents" and similar folders to my other drive. This all appeared to work okay.
I then selected my wife's folders but I could not since I was not logged under her account, fine. I logged out of my account and attempted to log into her account (we both have administrator rights). That is when I received the 'user profile failed' message.
I have third account on the system, another admin account, and it too failed. Windows seems to be accepting the passwords, just failing further into the login process.
I logged back into my account and my desktop is completely different, there are only 3 icons there now instead of the ~20 I had before, so something with the 'move' failed? I'm not sure. I moved the files back to the default location and that did not help. I googled the 'user profile service failed' message and it seems this happens often enough that there are fairly detailed instructions about how to fix it.
The one fix was to examine the registry (this was from support.mircosoft.com) HLM\Software\Microsoft\windows nt\CurrentVersion\ProfileList and 'simply' remove the '.bak' suffix from entries that match the accounts that are broke. Set some other values to 0. In my case the values were not present in the values list.
I did this and it did not help. I did reboots at various times throughout this process, but those did not help either....
So I tried to create a new account(s), but no matter how I created the account I could never log into the account. Right now, I have only one account that I can log into.
I have not tried the "net user" command as I have just found some information about here at work. I did have to use that program to reset my account's password recently. I have used the same password at home for years, so I do not know how it changed. Luckily, my wife's account still worked at that time and it was an administrator account. So maybe that was some indication that the 'user subsystem' was failing in someway.
This PC is seldom connected to the Internet, only for Windows updates or downloading a program, like "Open Office", Paint.Net type of things. We mainly use an older XP machine for computer work and a tablet for surfing the 'net. The computer is 'new' to us and we have not migrated our files to it. In fact the PC is seldom used at all and powered off for months at a time. I am pretty much the only person that even uses the system, my wife went through a "Dummy's for Windows 10" book and decided it was too different to really bother with learning a whole new thing.
I will try 'net user' tonight to add another account and see if that helps.
Thanks for any hints or suggestions.
I'm not 100% sure what's happened, but it looks like the accounts are probably corrupted. You can do it, but Windows much prefers to have the user profiles on the same drive as the installation itself. Moving them entirely may be the cause of the issue.
(For future reference, If you want to copy user accounts across to a new SSD, it's always best to start here: C:\Users\xxxxx). xxx being your userID. If you would like to use it as your primary C:Drive for Windows - I would advise just a clean install.
You could try a couple of things at this point. (Make sure you're connected to the internet if you can)
First, try just making sure your connected to the internet and run all the updates you can. The profile service may just be corrupted and Win10 especially might just need an internet connection to sort it automatically.
Try booting into recovery mode, and run a system restore back a few days. The files may not return but it might fix the profile issues.
If you can still login to your wifes profile, use this tool (after backing up your files) to clear out all the old profiles.
Net user will likely just enable the hidden admin account, and would not be all that useful if your wife's account is already and administrator.
I wrote a small program in vb.net and I'm looking for a simple way to keep people from just copying the executable and running it on another machine for reverse engineering without the installer. I understand that if people want the program bad enough they will figure out a way to get a hold of it, I'm basically just looking for some kind of deterrent to keep our competitors from walking around and copying it.
Logan,
The bad news is that you cannot stop people from reverse engineering your desktop application. You have 2 options:
Create a web application instead. The code will run securely on your server.
Use Remote Desktop Services. This way you can install your program on your server and let the users use it via RDS. Here is an article that illustrates the concept and how to implement it on Microsoft Azure: https://technet.microsoft.com/en-us/library/cc755055.aspx
The standard approach is to create a license key that will only work on a specific machine and store it in the registry. This can be something as simple as:
When your app starts get a unique machine id (http://www.dreamincode.net/forums/topic/181408-get-unique-machine-ids/)
Perform a one way hash on it
See if this value is stored in the registry
If it isn't, display a dialog displaying the unique machine id and asking for the 'license'
Accept input of the license so they don't need to ask again
You can manually calculate the one way hash yourself for computers that you want to run the software on.
This won't stop a determined hacker but it'll keep the 99.9% of people who can't hack your software honest.
I have one vb.net windows application and I want to deliver it to my client with 1 year validity.
After one year this software will automatically stop working or ask for renewal.
The client PC doesn't have internet access.
Please tell me the secure way for this.
When the program is installed, have it set a registry value with the current date. Then, on every subsequent program start, have it check that registry value against the current time. If more than a year has passed, do whatever you plan on doing to lock up your application.
This post has some excellent info on the specifics of adding, modifying, and accessing registry values in vb.net.
Check the date.
If dateToday > dateProgramSold.AddYears(1) Then
'open form that cant be close saying program is expired
End If
When the program is installed, it should ask for an registration key (they could get it by email, print it off and type it). The key should contain the last day of validity (encrypted). Store the key in the registry (or somewhere else). When the program starts, you check the date inside the key.
If they re-install the end date will stay the same.
When they want to update, just send a new key by email or mail.
The amount of security you put into just could depend on how much you trust the company. Because they could always decompile and crack your software.
I needed to do this for a program I wrote. My final solution included the resolution that you can't be 100% foolproof, so I considered my users and did the best I could with what I had.
Without access to the internet, how does the computer know what date it is? It has to rely on user input for it. So if a user can input it, then a user can change it. There is no foolproof way to get an accurate date from the PC without the the user having access to it. Whether from the OS, the BIOS, etc.
So what I ended up doing was putting an obfuscated key into the registry in an obscure place. HKCU >> Software. I made the key just some letters and numbers {L12A3C0DFF} then I named the key Z0B0 and made the value the obfuscated date. I took the year month and day and ran each one through a different calculation. I ended up with something that looked like DDE011468932.
Each time the program ran it decoded this registry setting to see if a year had passed based on the time in the BIOS. If the date in the BIOS was earlier then this date then they changed it and I would not not allow my program to run.
Also each time the program ran, I checked the date in the BIOS and stored this in the registry in the same way. So I would check to see if they changed the date in the BIOS to an earlier date.
So in order for them to abuse the date restriction of one year, they literally had to change the date in the BIOS every day which I figured was not worth it to them to do, besides, they would have had to figure out where I was getting the date from to begin with, which would take decompiling (and I wasn't selling it to a bunch of programmers). Simply changing the date in the OS wouldn't fool it.
I want to make use of registry to store installation date.
This would allow me to check application expiry on each run, so when I install my application on any PC the registry subkey will be created and store current date as installation date.
I am using Visual Studio Installer Set up and Deployment.
If you have any other suggestion to achieve this, please share.
As a general answer, create a registry item and put the appropriate Windows Installer property there, in this case [Date] in square brackets, case-sensitive, just like you'd put [TARGETDIR] to record the installation folder. This avoids code.
However it is a bad idea, as the comments point out. Apart from the fact that it can be defeated, the poor person that installs it then can't use it for a week is in trouble. You should start the clock on first run of the app. That's fair and accurate.
Otherwise, give each user something unique, maybe a license key, and have the app call into your company's web service on first run, saying "this key started now", then you can check every time the app runs and say no after the timer has expired, then you're using your company's clock, not the user's.
I'm getting started with Objective C and Cocoa on Mac and i would like to develop a app that will have a trial period of 30 days for example like most of the apps have.
How can this be implemented on Mac OSX? Do i store somewhere the installation date and then on each run i check for that? Or what is the general way of achieving this?
That is certainly one way to check the expiry of a trial, but I've found that implementing time based trials can be troublesome when dealing with slightly cleverer users.
If you use a time trial (i.e. 30 days) how do you check the time? You can store the time that the app was installed, and you can read the current time to work out the difference, but how can you guarantee the time(s) you are reading is correct. The user may have edited one or both of these values. (By changing your stored value if it's not encrypted or by changing the system time).
You could use the Internet to verify the time, but what would you do if the user isn't connected to the Internet?
I'm sure there will be more sophisticated ways of checking how long the user has had the program installed, but I'm afraid I can't enlighten you to any.
I'd consider one of the alternatives methods of providing a trial:
Number of times the app has been started - (take into account that your app may crash, or the user may keep the app open). You may wish to count instead, the number of days on which the app has been opened and allow the user to open the app on 15 different days.
Restricted Content - Make a separate target for your app with less content. This is a safer way to ensure that the user can't work around your restrictions, but it's also more work for them to install a separate version. Consider that you may lose some sales.