You are putting too much effort in the protection itself.
Instead your trial software should contains annoying limitations that will not prevent your users to evaluate it but will certainly prevent them from using it for business.
Yes, it would be possible to extend the license by up to 300% but at great effort to the user. Frankly if someone is going to spend every day of a month resetting their time to one second after they quit your program before starting it again to use it longer, there is nothing you are going to do about it, and the time you take to stop them will cost you more than they ever will.
Whenever app starts, check if current system timestamp is greater than trial_tracker and less then expected expiry date
If yes, update trial_tracker to current system timestamp and continue.
If no, trial_tracker has been tampered or trial time expired. Ask user to purchase full version or exit.
Note: User can get away with this by deleting windows registry entry and encrypted file.( if he is able to find them ). In such case, further checks can be added. For example create secondary windows registry entry which checks for existence of primary registry and encrypted file.
Along with these, additional remote checks can be applied which depends on internet connection ( optional )
Reputable game development manager stated once in a conference that it's impossible to protect software for longer than a month even with internet connection - if your software is popular :-) So you can just write software that no one wants and it will be as safe as you want :-)))
If on the other side you write reasonably popular software then you couldn't care less if a small percentage of paying customers snitch some extra time - they'll renew a week latter anyway. If you really want to do short time licensing you have to put internet as a pre-requisite. It's still going to be cracked in a month if it's good for something :-) but paying customers will by and large remain paying customers with reasonably light enforcement.
If however you piss people off by doing intrusive and scary things then you'll loose paying customers and create much bigger motivation for ppl to crack it.
创建一个与您的应用程序一起安装但自动启动的 Windows 服务。跟踪经过的时间和偏移量。为您的应用程序提供一个 API,以便与服务对话以查询使用情况/已用时间。
Create a windows service that gets installed with your app, but is auto-start. Keep track of elapsed time and offsets there. Provide an API for your app to talk to the service to query usage/elapsed time.
I assume the software phones home at least once to let you know the license key has been bought / installed / extended?
After the time has ran out since they bought the license key and they haven't purchased another you could contact them and ask them how they are getting on and to let them know they need to renew. If they do choose to abuse your system a simple call to chat about it may be enough to get them to stop.
Maybe you could combine the use of the date/time with the tick count? Then if you see a date/time with an incompatible tick count, you could flag that as a violation. This would change your worst case scenario to require them to restart the machine whenever they want to manipulate the clock to abuse your license.
From your program you create a log of time when the app is launched and exited.The log is encrypted and prevent the common user to trick its content.
With this log, you can see if time elapsed normally that is time goes to the future. If not then something fishy is occurring on this system. In this case display a dialog box with a phone number where they can call you.
You could also ensure via a data file that the program can run for one month only after that as the said data file don't contain the data to work for the following month, this requires an update.
The idea is that time is flowing linearly to the future, it can only increase the counter from the launch date and external data is required for the program to run in the future so you've created a dependency relationship on updates. This last strategy is what Microsoft and co used and they call it security updates / patches...
You shall decrease the time elapsed between checks. Instead of checking only at application startup and application shutdown, you shall check every 5, 10 or 15 minutes using a timer or a background thread. In this way the user cannot change time (because the software will stops in few minutes).
However, I'd prefer to pay a software that I need instead of not having the correct date/time on my machine.
Create a Windows driver that starts on boot, grabs the system date-time, and runs until shutdown, tracking the time independently from Windows [ sleep(1000); ++time; ].
When your application starts up, check that the service is running, and check the date-time! Compare it to the date-time you were installed on, and you can figure out if you've expired or not.
Note: If any application did this, I wouldn't install it in the first place. If I WAS tasked with cracking it, it would be trivial. There is no way to prevent reverse engineering. NONE. It WILL get cracked no matter what. And when it does, you're going to regret putting any time into this.
发布评论
评论(13)
您在保护本身上投入了太多精力。
相反,您的试用软件应该包含令人讨厌的限制,这些限制不会阻止您的用户对其进行评估,但肯定会阻止他们将其用于商业目的。
You are putting too much effort in the protection itself.
Instead your trial software should contains annoying limitations that will not prevent your users to evaluate it but will certainly prevent them from using it for business.
如果您非常担心执行许可证,也许您可以将此软件作为服务提供?
Maybe you could offer this software as a service if you are so worried about enforcing the licence?
一种方法是将软件下载的当前时间和日期存储在应与软件包一起使用的加密文件中。
另一种方法是将文件存储在用户计算机中,并使用该文件不断检查软件中的硬编码日期。
One way to do is to store the current time and date of software download in an encrypted file that should be used along with the package.
Another way is to store file in the user computer and keep checking with your hard coded date in the software with that file.
是的,可以将许可证延长最多 300%,但用户需要付出很大的努力。坦率地说,如果有人在退出程序后要花一个月的每一天将时间重置为一秒,然后再次启动它以延长使用时间,那么您对此无能为力,并且您停止所需的时间它们会让你付出比以往更多的代价。
Yes, it would be possible to extend the license by up to 300% but at great effort to the user. Frankly if someone is going to spend every day of a month resetting their time to one second after they quit your program before starting it again to use it longer, there is nothing you are going to do about it, and the time you take to stop them will cost you more than they ever will.
第 1 步: 在 Windows 注册表和文件中以加密格式创建 Trial_tracker 条目。
第 2 步: 将应用安装时间戳 ( yyyy-mm-dd-hh-mm-ss ) 分配给 Trial_tracker
每当应用启动时,检查当前系统时间戳是否大于 Trial_tracker 且小于预期到期日期
如果是,则将 Trial_tracker 更新为当前系统时间戳并继续。
如果不是,则Trial_tracker已被篡改或试用时间已过。要求用户购买完整版或退出。
注意:用户可以通过删除 Windows 注册表项和加密文件来摆脱此问题。(如果他能够找到它们)。
在这种情况下,可以添加进一步的检查。例如,创建辅助 Windows 注册表项来检查主注册表和加密文件是否存在。
除此之外,还可以应用额外的远程检查,这取决于互联网连接(可选)
Step 1: Create trial_tracker entry in an encrypted format in a windows registry and in file.
Step 2: Assign app install timestamp ( yyyy-mm-dd-hh-mm-ss ) to trial_tracker
Whenever app starts, check if current system timestamp is greater than trial_tracker and less then expected expiry date
If yes, update trial_tracker to current system timestamp and continue.
If no, trial_tracker has been tampered or trial time expired. Ask user to purchase full version or exit.
Note: User can get away with this by deleting windows registry entry and encrypted file.( if he is able to find them ).
In such case, further checks can be added. For example create secondary windows registry entry which checks for existence of primary registry and encrypted file.
Along with these, additional remote checks can be applied which depends on internet connection ( optional )
著名的游戏开发经理曾在一次会议上表示,即使有互联网连接,也不可能保护软件超过一个月 - 如果您的软件很受欢迎:-) 因此,您可以编写没有人想要的软件,并且它会像以前一样安全你想要的:-)))
如果另一方面你编写了相当流行的软件,那么你就不会在意一小部分付费客户是否会偷窃一些额外的时间——无论如何他们都会在一周后更新。如果您确实想进行短期许可,则必须将互联网作为先决条件。如果它对某些事情有好处的话,它仍然会在一个月内被破解:-),但付费客户基本上将在相当宽松的执法下仍然是付费客户。
然而,如果你通过做侵入性和可怕的事情激怒了人们,那么你就会失去付费客户,并为人们破解它创造更大的动力。
Reputable game development manager stated once in a conference that it's impossible to protect software for longer than a month even with internet connection - if your software is popular :-) So you can just write software that no one wants and it will be as safe as you want :-)))
If on the other side you write reasonably popular software then you couldn't care less if a small percentage of paying customers snitch some extra time - they'll renew a week latter anyway. If you really want to do short time licensing you have to put internet as a pre-requisite. It's still going to be cracked in a month if it's good for something :-) but paying customers will by and large remain paying customers with reasonably light enforcement.
If however you piss people off by doing intrusive and scary things then you'll loose paying customers and create much bigger motivation for ppl to crack it.
创建一个与您的应用程序一起安装但自动启动的 Windows 服务。跟踪经过的时间和偏移量。为您的应用程序提供一个 API,以便与服务对话以查询使用情况/已用时间。
Create a windows service that gets installed with your app, but is auto-start. Keep track of elapsed time and offsets there. Provide an API for your app to talk to the service to query usage/elapsed time.
我假设软件至少会打电话回家一次,让您知道许可证密钥已购买/安装/扩展?
在他们购买许可证密钥的时间到期后,他们还没有购买另一个许可证密钥,您可以联系他们,询问他们的进展情况,并让他们知道他们需要续订。如果他们确实选择滥用您的系统,一个简单的电话聊天可能就足以让他们停止。
I assume the software phones home at least once to let you know the license key has been bought / installed / extended?
After the time has ran out since they bought the license key and they haven't purchased another you could contact them and ask them how they are getting on and to let them know they need to renew. If they do choose to abuse your system a simple call to chat about it may be enough to get them to stop.
也许您可以将日期/时间与滴答计数结合起来?然后,如果您看到日期/时间具有不兼容的刻度计数,您可以将其标记为违规。这将改变最坏的情况,要求他们在想要操纵时钟来滥用您的许可证时重新启动计算机。
Maybe you could combine the use of the date/time with the tick count? Then if you see a date/time with an incompatible tick count, you could flag that as a violation. This would change your worst case scenario to require them to restart the machine whenever they want to manipulate the clock to abuse your license.
您可以在程序中创建应用程序启动和退出的时间日志。该日志经过加密,可防止普通用户欺骗其内容。
通过此日志,您可以查看时间是否正常流逝,即时间是否转到未来。如果没有,则该系统上出现了可疑的情况。在这种情况下,会显示一个带有电话号码的对话框,他们可以通过该电话号码给您打电话。
您还可以通过数据文件确保程序只能运行一个月,因为该数据文件不包含下个月的数据,这需要更新。
这个想法是,时间线性地流向未来,它只能从启动日期开始增加计数器,并且程序在未来运行需要外部数据,因此您已经创建了更新的依赖关系。最后一个策略是微软和合作伙伴使用的,他们称之为安全更新/补丁......
From your program you create a log of time when the app is launched and exited.The log is encrypted and prevent the common user to trick its content.
With this log, you can see if time elapsed normally that is time goes to the future. If not then something fishy is occurring on this system. In this case display a dialog box with a phone number where they can call you.
You could also ensure via a data file that the program can run for one month only after that as the said data file don't contain the data to work for the following month, this requires an update.
The idea is that time is flowing linearly to the future, it can only increase the counter from the launch date and external data is required for the program to run in the future so you've created a dependency relationship on updates. This last strategy is what Microsoft and co used and they call it security updates / patches...
您应减少检查之间经过的时间。您不应仅在应用程序启动和应用程序关闭时进行检查,而应使用计时器或后台线程每 5、10 或 15 分钟检查一次。这样用户就无法更改时间(因为软件将在几分钟后停止)。
但是,我宁愿支付我需要的软件的费用,而不是我的机器上没有正确的日期/时间。
You shall decrease the time elapsed between checks. Instead of checking only at application startup and application shutdown, you shall check every 5, 10 or 15 minutes using a timer or a background thread. In this way the user cannot change time (because the software will stops in few minutes).
However, I'd prefer to pay a software that I need instead of not having the correct date/time on my machine.
启用权限使用日志记录(在安装过程中),然后检查 Windows 事件日志中的时间更改事件,如下所述:
http://www.stevebunting.org/udpd4n6/forensics/timechange.htm
然后您可以从许可证中扣除时差(而不是使许可证失效,因为某些系统时钟更改是合法的)。
注意:当从 BIOS 更改系统时钟时,这不会防止系统时钟发生更改。
Enable Privilege Use logging (in the installation process) and then check for a time changed event in Windows' event log, as explained here:
http://www.stevebunting.org/udpd4n6/forensics/timechange.htm
You can then deduct the time difference from the license (rather than void the license, since some system clock changes are legitimate).
NOTE: This will not protect from changes of the system clock when changed from the BIOS.
创建一个 Windows 驱动程序,该驱动程序在启动时启动,获取系统日期时间,并运行直至关闭,独立于 Windows [ sleep(1000); 跟踪时间; ++时间; ]。
当您的应用程序启动时,检查服务是否正在运行,并检查日期时间!将其与您安装的日期时间进行比较,您可以确定您是否已过期。
注意:如果有任何应用程序执行此操作,我一开始就不会安装它。如果我的任务是破解它,那将是微不足道的。没有办法阻止逆向工程。没有任何。无论如何它都会被破解。当它发生时,你会后悔在这上面投入任何时间。
Create a Windows driver that starts on boot, grabs the system date-time, and runs until shutdown, tracking the time independently from Windows [ sleep(1000); ++time; ].
When your application starts up, check that the service is running, and check the date-time! Compare it to the date-time you were installed on, and you can figure out if you've expired or not.
Note: If any application did this, I wouldn't install it in the first place. If I WAS tasked with cracking it, it would be trivial. There is no way to prevent reverse engineering. NONE. It WILL get cracked no matter what. And when it does, you're going to regret putting any time into this.