I'd check the modified time of the most recently modified file (probably there are a few common paths that are frequently updated, but you could just search the filesystem).
Also, you can decrease the "time remaining" (stored in some secret location) by the amount of time the app was running for its session. When it reaches 0, they're done. You can also detect that the clock moved backwards from the latest seen value in any session, and penalize them by removing e.g. a whole day.
Best bet is to not warn them, and after 30 days (be sure to check both ways, otherwise they can set the clock to in the future, install your app, and reset the clock to today) it stops working, also lock the app once the trail period has expired, so even if they then reset the clock, it should still be locked
Who are your clients? If it is to the general public, and it is a fairly narrow audience, I think you can stick with the time based approach. I agree that users will get sick of adjusting their system clock and just buy your software. But if it is a really popular piece of software or if it is aimed at developers, then yes you should probably beef up the trial protection because it will get cracked pretty quickly.
Yes, they can fiddle the system clock. But it gradually gets more and more inconvenient to do so the farther it gets beyond the end date of the trial period. They'll give up on using your software before dinking with the clock.
Or, even more likely, they'll hack your protection scheme so it gives them an indefinite length of time to use it.
I'd suggest making your software call back to your server periodically; the user can fiddle with the system clock all he wants, but you control the clock on your server. If the server knows when the licence was issued, it can reply appropriately to a request from the client regardless of the status of the client's clock.
Disclaimer & plug: the company I co-founded produces the OffByZero Cobalt licensing solution. It's a turnkey solution to software protection, & specifically handles the kind of time-limited scenario you mention.
As noted, time-based licensing is pretty easy to get around. You can jump through some hoops to keep people from resetting their system clock. You could contact a certified time server and set your internal clock that way, but it wouldn't take a rocket scientist to crack that if they can access your code. An easy way is to just find the time check in the asm listing and branch around it.
We've worked on this for years (disclosure: I work for a copy protection company (www.wibu.us)) and use a combination of an internal clock on a smart card chip and certified time servers, plus some code to make sure that you can never set the time back (code is always encrypted so it's not patchable). We also have a software-only solution which uses an internal clock but not on a smart card chip. There are drawbacks to all security measures; finding the right tradeoffs for your market, price point, etc are the trick.
发布评论
评论(6)
我会检查最近修改的文件的修改时间(可能有一些经常更新的常见路径,但您可以只搜索文件系统)。
此外,您还可以根据应用程序会话运行的时间来减少“剩余时间”(存储在某个秘密位置)。当它达到 0 时,它们就完成了。您还可以检测到时钟从任何会话中最新看到的值向后移动,并通过删除例如一整天来惩罚它们。
I'd check the modified time of the most recently modified file (probably there are a few common paths that are frequently updated, but you could just search the filesystem).
Also, you can decrease the "time remaining" (stored in some secret location) by the amount of time the app was running for its session. When it reaches 0, they're done. You can also detect that the clock moved backwards from the latest seen value in any session, and penalize them by removing e.g. a whole day.
最好的办法是不要警告他们,30 天后(一定要检查两种方式,否则他们可以将时钟设置为将来,安装您的应用程序,然后将时钟重置为今天)它会停止工作,也会锁定应用程序一旦试用期结束,即使他们重置时钟,它仍然应该被锁定
Best bet is to not warn them, and after 30 days (be sure to check both ways, otherwise they can set the clock to in the future, install your app, and reset the clock to today) it stops working, also lock the app once the trail period has expired, so even if they then reset the clock, it should still be locked
谁是你的客户?如果是面向公众,而且受众范围相当狭窄,我认为你可以坚持基于时间的方法。我同意用户会厌倦调整系统时钟并购买您的软件。但是,如果它是一款非常流行的软件,或者它针对开发人员,那么您可能应该加强试用保护,因为它很快就会被破解。
Who are your clients? If it is to the general public, and it is a fairly narrow audience, I think you can stick with the time based approach. I agree that users will get sick of adjusting their system clock and just buy your software. But if it is a really popular piece of software or if it is aimed at developers, then yes you should probably beef up the trial protection because it will get cracked pretty quickly.
是的,他们可以扰乱系统时钟。但随着试用期结束日期的延长,这样做会变得越来越不方便。他们会在与时钟共进晚餐之前放弃使用你的软件。
或者,更有可能的是,他们会破解您的保护方案,以便他们无限期地使用它。
Yes, they can fiddle the system clock. But it gradually gets more and more inconvenient to do so the farther it gets beyond the end date of the trial period. They'll give up on using your software before dinking with the clock.
Or, even more likely, they'll hack your protection scheme so it gives them an indefinite length of time to use it.
我建议您的软件定期回调您的服务器;用户可以随心所欲地摆弄系统时钟,但你可以控制服务器上的时钟。如果服务器知道许可证何时颁发,则无论客户端时钟的状态如何,它都可以适当地回复客户端的请求。
免责声明及插件:我共同创立的公司生产 OffByZero Cobalt 许可解决方案。它是软件保护的交钥匙解决方案,并且专门处理你提到的那种有时间限制的场景。
I'd suggest making your software call back to your server periodically; the user can fiddle with the system clock all he wants, but you control the clock on your server. If the server knows when the licence was issued, it can reply appropriately to a request from the client regardless of the status of the client's clock.
Disclaimer & plug: the company I co-founded produces the OffByZero Cobalt licensing solution. It's a turnkey solution to software protection, & specifically handles the kind of time-limited scenario you mention.
如前所述,基于时间的许可很容易绕过。您可以跳过一些障碍来防止人们重置系统时钟。您可以联系经过认证的时间服务器并以这种方式设置您的内部时钟,但如果火箭科学家可以访问您的代码,他们就不需要破解它。一个简单的方法是在 asm 列表中找到时间检查并围绕它进行分支。
我们为此工作了多年(披露:我在一家版权保护公司 (www.wibu.us) 工作),并结合使用智能卡芯片上的内部时钟和经过认证的时间服务器,再加上一些代码来确保您永远无法将时间设置回来(代码始终是加密的,因此不可修补)。我们还有一个纯软件解决方案,它使用内部时钟,但不在智能卡芯片上。所有安全措施都有缺点;找到适合您的市场、价格点等的正确权衡是诀窍。
As noted, time-based licensing is pretty easy to get around. You can jump through some hoops to keep people from resetting their system clock. You could contact a certified time server and set your internal clock that way, but it wouldn't take a rocket scientist to crack that if they can access your code. An easy way is to just find the time check in the asm listing and branch around it.
We've worked on this for years (disclosure: I work for a copy protection company (www.wibu.us)) and use a combination of an internal clock on a smart card chip and certified time servers, plus some code to make sure that you can never set the time back (code is always encrypted so it's not patchable). We also have a software-only solution which uses an internal clock but not on a smart card chip. There are drawbacks to all security measures; finding the right tradeoffs for your market, price point, etc are the trick.