问题
I have some trial software that I wish to distribute to clients. I want the trial based software to stop working 30 days after installed.
A simple check of the system date in the software is the most straightforward way to achieve this, but couldn't a client easily circumvent this protection by changing his system time/date in Windows?
Is there a better way to accomplish what I want?
回答1:
Best bet is to not warn them, and after 30 days (be sure to check both ways, otherwise they can set the clock to in the future, install your app, and reset the clock to today) it stops working, also lock the app once the trail period has expired, so even if they then reset the clock, it should still be locked
回答2:
I'd check the modified time of the most recently modified file (probably there are a few common paths that are frequently updated, but you could just search the filesystem).
Also, you can decrease the "time remaining" (stored in some secret location) by the amount of time the app was running for its session. When it reaches 0, they're done. You can also detect that the clock moved backwards from the latest seen value in any session, and penalize them by removing e.g. a whole day.
回答3:
Who are your clients? If it is to the general public, and it is a fairly narrow audience, I think you can stick with the time based approach. I agree that users will get sick of adjusting their system clock and just buy your software. But if it is a really popular piece of software or if it is aimed at developers, then yes you should probably beef up the trial protection because it will get cracked pretty quickly.
回答4:
Yes, they can fiddle the system clock. But it gradually gets more and more inconvenient to do so the farther it gets beyond the end date of the trial period. They'll give up on using your software before dinking with the clock.
Or, even more likely, they'll hack your protection scheme so it gives them an indefinite length of time to use it.
回答5:
I'd suggest making your software call back to your server periodically; the user can fiddle with the system clock all he wants, but you control the clock on your server. If the server knows when the licence was issued, it can reply appropriately to a request from the client regardless of the status of the client's clock.
Disclaimer & plug: the company I co-founded produces the OffByZero Cobalt licensing solution. It's a turnkey solution to software protection, & specifically handles the kind of time-limited scenario you mention.
回答6:
As noted, time-based licensing is pretty easy to get around. You can jump through some hoops to keep people from resetting their system clock. You could contact a certified time server and set your internal clock that way, but it wouldn't take a rocket scientist to crack that if they can access your code. An easy way is to just find the time check in the asm listing and branch around it.
We've worked on this for years (disclosure: I work for a copy protection company (www.wibu.us)) and use a combination of an internal clock on a smart card chip and certified time servers, plus some code to make sure that you can never set the time back (code is always encrypted so it's not patchable). We also have a software-only solution which uses an internal clock but not on a smart card chip. There are drawbacks to all security measures; finding the right tradeoffs for your market, price point, etc are the trick.
来源:https://stackoverflow.com/questions/1442698/prevent-time-based-copy-protection-circumvention