Store date permanently

Hi, I'm writing an activation system for a software, which allows a 15 days
grace period. Now the question is... how can I store the date? It has to be
kept even if the software is reinstalled, and it must not be too easy to
find/delete. I could write a hidden file somewhere in the system or hide it
in the registry, but if it is a limited XP account, I'm quite limited. Any
genious idea!? I tried Isolated Storage, but just moving the assembly files
creates a new Isolated Storage, so it's of no use.

Thanks!

Etienne
Getting a beta version out soon...

Lloyd
Fri Sep 02 00:32:12 CDT 2005

It's not uncommon of install program to requires Admin account.
For example you can't install VS.NET if you're not admin.
I haven't tried with Office but I bet it will requires to be admin as well.
Once you requires admin right to install, you could set a key in the
registry!

Anyway, even with a limited user account, I wouldn't be surprise if you've
got read/write access to the following registry key:
System.Windows.Forms.Application.CommonAppDataRegistry


"Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
> Hi, I'm writing an activation system for a software, which allows a 15
> days grace period. Now the question is... how can I store the date? It has
> to be kept even if the software is reinstalled, and it must not be too
> easy to find/delete. I could write a hidden file somewhere in the system
> or hide it in the registry, but if it is a limited XP account, I'm quite
> limited. Any genious idea!? I tried Isolated Storage, but just moving the
> assembly files creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>

C-Services
Fri Sep 02 06:38:58 CDT 2005

Etienne wrote:
> Hi, I'm writing an activation system for a software, which allows a 15 days
> grace period. Now the question is... how can I store the date? It has to be
> kept even if the software is reinstalled, and it must not be too easy to
> find/delete. I could write a hidden file somewhere in the system or hide it
> in the registry, but if it is a limited XP account, I'm quite limited. Any
> genious idea!? I tried Isolated Storage, but just moving the assembly files
> creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>
>

Hiding it in the registry or the filesytem isn't much use really if the
user knows how to use filemon or regmon (free utilities from
http://www.sysinternals.com/)

Lloyd
Fri Sep 02 07:02:04 CDT 2005

it's the best one can do anyway!
and there is no stopping a hacker anyway, it could always decompile the
code, as far as .NET code is concerned...
better target honnest customer!

I also thought of a more tedious thing, the app could require a licence file
to run, with some encrypted data!
that won't stopper a hacker from decompiling/modifying the app, but average
user won't be able to do much about it.
But that might make the install process too complex for some average user
(if it has to donwload additional file or copy/paste big strings)


--
"A preoccupation with the next world pretty clearly signals an inability to
cope credibly with this one."

"C-Services Holland b.v." <csh@REMOVEcsh4u.nl> wrote in message
news:zrmdnaxXd-RPpIXeRVnyvg@zeelandnet.nl...
> Etienne wrote:
>> Hi, I'm writing an activation system for a software, which allows a 15
>> days grace period. Now the question is... how can I store the date? It
>> has to be kept even if the software is reinstalled, and it must not be
>> too easy to find/delete. I could write a hidden file somewhere in the
>> system or hide it in the registry, but if it is a limited XP account, I'm
>> quite limited. Any genious idea!? I tried Isolated Storage, but just
>> moving the assembly files creates a new Isolated Storage, so it's of no
>> use.
>>
>> Thanks!
>>
>> Etienne
>> Getting a beta version out soon...
>
> Hiding it in the registry or the filesytem isn't much use really if the
> user knows how to use filemon or regmon (free utilities from
> http://www.sysinternals.com/)

Stu
Fri Sep 02 07:02:22 CDT 2005

True, but if you combine the value with some known salt (which could be
constant or machine-based), and then encrypt it, you can check the salt is
still there when you decrypt the value. That way if the user changes the
stored value, you'll know about it.

Of course, if you want the value to persist after uninstallation, and the
user has fiddled, you need a way to let them get back to a non-fiddled
state. Also, you might be violating XP-compliance by leaving stuff on the
machine after uninstallation.

Stu


"C-Services Holland b.v." <csh@REMOVEcsh4u.nl> wrote in message
news:zrmdnaxXd-RPpIXeRVnyvg@zeelandnet.nl...
> Etienne wrote:
>> Hi, I'm writing an activation system for a software, which allows a 15
>> days grace period. Now the question is... how can I store the date? It
>> has to be kept even if the software is reinstalled, and it must not be
>> too easy to find/delete. I could write a hidden file somewhere in the
>> system or hide it in the registry, but if it is a limited XP account, I'm
>> quite limited. Any genious idea!? I tried Isolated Storage, but just
>> moving the assembly files creates a new Isolated Storage, so it's of no
>> use.
>>
>> Thanks!
>>
>> Etienne
>> Getting a beta version out soon...
>
> Hiding it in the registry or the filesytem isn't much use really if the
> user knows how to use filemon or regmon (free utilities from
> http://www.sysinternals.com/)

gmiley
Fri Sep 02 07:28:04 CDT 2005

Ok, this may sound like and ad, but I am a semi-regular poster so I
hope it's not taken that way... =)

I found this in one of our FoxPro Advisor magazines. (Yes, we currently
have VFP as our core here, we are migrating to .Net)

FoxPro Advisor (August 2005, p30)
Protect VFP Applications With Armadillo

I have not used this software yet, but the article seemed to point out
that it was a fairly reliable system. I do not know if you are wanting
a free solution or if your company doesn't mind springing for the
protection, but here is the link to their website:

http://siliconrealms.com/index.shtml

It might be worth a look. It does work with other languages.

Ignacio
Fri Sep 02 08:02:15 CDT 2005

Hi,

IMO it's much better to ship a limited version, which they can use as long
as they want. Checking the install date is a pain and very difficult to
enforce,
I had a similar dilemma and opted for the limited version approach. A
posible solution I considered was requesting an internet connection and at
load time I check the HDD id with a central server, but I had to discard
this idea as this particular client had no permanent internet connection and
as some other poster said it's farly trivial to see the code.


cheers,

--
Ignacio Machin,
ignacio.machin AT dot.state.fl.us
Florida Department Of Transportation



"Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
> Hi, I'm writing an activation system for a software, which allows a 15
> days grace period. Now the question is... how can I store the date? It has
> to be kept even if the software is reinstalled, and it must not be too
> easy to find/delete. I could write a hidden file somewhere in the system
> or hide it in the registry, but if it is a limited XP account, I'm quite
> limited. Any genious idea!? I tried Isolated Storage, but just moving the
> assembly files creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>

William
Fri Sep 02 08:15:36 CDT 2005

MS put out a free Shareware Starter Kit that allow trial/license versions
and interface to Paypal, etc.
http://sharewarestarterkit.com/

--
William Stacey [MVP]

"Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
> Hi, I'm writing an activation system for a software, which allows a 15
> days grace period. Now the question is... how can I store the date? It has
> to be kept even if the software is reinstalled, and it must not be too
> easy to find/delete. I could write a hidden file somewhere in the system
> or hide it in the registry, but if it is a limited XP account, I'm quite
> limited. Any genious idea!? I tried Isolated Storage, but just moving the
> assembly files creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>

NoSpamMgbworld
Fri Sep 02 09:01:02 CDT 2005

As long as it it .NET 2.0.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************


"William Stacey [MVP]" wrote:

> MS put out a free Shareware Starter Kit that allow trial/license versions
> and interface to Paypal, etc.
> http://sharewarestarterkit.com/
>
> --
> William Stacey [MVP]
>
> "Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
> news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
> > Hi, I'm writing an activation system for a software, which allows a 15
> > days grace period. Now the question is... how can I store the date? It has
> > to be kept even if the software is reinstalled, and it must not be too
> > easy to find/delete. I could write a hidden file somewhere in the system
> > or hide it in the registry, but if it is a limited XP account, I'm quite
> > limited. Any genious idea!? I tried Isolated Storage, but just moving the
> > assembly files creates a new Isolated Storage, so it's of no use.
> >
> > Thanks!
> >
> > Etienne
> > Getting a beta version out soon...
> >
>
>
>

NoSpamMgbworld
Fri Sep 02 09:01:04 CDT 2005

Methods commonly used:

1. Registry key
2. File hidden somewhere in the file system (generally encrypted)
3. DLL compiled (using Reflection.Emit()) by the installer (custom installer)

No matter what you do, a clever hacker will find a way to break your
product. There are programs that watch the registry and file system while
programs are installed, so files can be seen. There are also programs that
watch memory so hackers can see registration calls.

In addition, .NET compiles to MSIL, so the best you can do is obfuscate. A
clever hacker can find calls to registration, however.

But, you probably know all of this already. The average Joe is whom you are
trying to make buy your software, so any of the above tricks (registry, file,
compiled code on install) will work. It is not a bad idea to use more than
one, as it will take a bit longer to hack your program.

Lesson learned: You can't keep a professional thief out forever, but you can
make it hard for the petty thief.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

***************************
Think Outside the Box!
***************************


"Etienne" wrote:

> Hi, I'm writing an activation system for a software, which allows a 15 days
> grace period. Now the question is... how can I store the date? It has to be
> kept even if the software is reinstalled, and it must not be too easy to
> find/delete. I could write a hidden file somewhere in the system or hide it
> in the registry, but if it is a limited XP account, I'm quite limited. Any
> genious idea!? I tried Isolated Storage, but just moving the assembly files
> creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>
>
>

Phil
Fri Sep 02 09:40:36 CDT 2005

I've used the Win32 APIs CredWrite and CredRead to store a blob containing
this kind of data. You might be able to use .NET's CredentialCache class if
it's generic enough to store a date string as a credential associated with a
Uri of your choice. It's slightly less visible to Administrators than
registry entries.

You could mangle the date anyway so that it wouldn't be obvious to someone
who saw it how to extend it, if that's a concern.
--
Phil Wilson
[Microsoft MVP-Windows Installer]
"Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
> Hi, I'm writing an activation system for a software, which allows a 15
> days grace period. Now the question is... how can I store the date? It has
> to be kept even if the software is reinstalled, and it must not be too
> easy to find/delete. I could write a hidden file somewhere in the system
> or hide it in the registry, but if it is a limited XP account, I'm quite
> limited. Any genious idea!? I tried Isolated Storage, but just moving the
> assembly files creates a new Isolated Storage, so it's of no use.
>
> Thanks!
>
> Etienne
> Getting a beta version out soon...
>

Etienne
Fri Sep 02 11:06:05 CDT 2005

Yes, the code is obfuscated, and there's a licensing/activation system.
Basically, to run, the app needs a License.dat file containing the serial
key and an activation code. I read those, validate against the computer
code, and determine if app can run. If it can't, I request internet or phone
activation to get valid activation code for current computer. If he alters
the license file, it will reject it. If he moves it to another computer, it
will reject it.

As for how to store the date, I though about storing current date on app
startup, but it could also be during setup. This way, I have administrative
rights (since I also have to install MSDE, and the .Net framework if it's
not already installed). Would it work if I write a file in a system folder
containing encrypted date, then mark it as available to everybody? If
someone runs the software from a limited account, he needs to be able to
read the file.

This should be a good approach, I'll look into it. Thanks guys!

Etienne

"Cowboy (Gregory A. Beamer) - MVP" <NoSpamMgbworld@comcast.netNoSpamM> wrote
in message news:51BAA1B8-04F1-454D-B12B-A8225019FBDC@microsoft.com...
> Methods commonly used:
>
> 1. Registry key
> 2. File hidden somewhere in the file system (generally encrypted)
> 3. DLL compiled (using Reflection.Emit()) by the installer (custom
> installer)
>
> No matter what you do, a clever hacker will find a way to break your
> product. There are programs that watch the registry and file system while
> programs are installed, so files can be seen. There are also programs that
> watch memory so hackers can see registration calls.
>
> In addition, .NET compiles to MSIL, so the best you can do is obfuscate. A
> clever hacker can find calls to registration, however.
>
> But, you probably know all of this already. The average Joe is whom you
> are
> trying to make buy your software, so any of the above tricks (registry,
> file,
> compiled code on install) will work. It is not a bad idea to use more than
> one, as it will take a bit longer to hack your program.
>
> Lesson learned: You can't keep a professional thief out forever, but you
> can
> make it hard for the petty thief.
>
> --
> Gregory A. Beamer
> MVP; MCP: +I, SE, SD, DBA
>
> ***************************
> Think Outside the Box!
> ***************************
>
>
> "Etienne" wrote:
>
>> Hi, I'm writing an activation system for a software, which allows a 15
>> days
>> grace period. Now the question is... how can I store the date? It has to
>> be
>> kept even if the software is reinstalled, and it must not be too easy to
>> find/delete. I could write a hidden file somewhere in the system or hide
>> it
>> in the registry, but if it is a limited XP account, I'm quite limited.
>> Any
>> genious idea!? I tried Isolated Storage, but just moving the assembly
>> files
>> creates a new Isolated Storage, so it's of no use.
>>
>> Thanks!
>>
>> Etienne
>> Getting a beta version out soon...
>>
>>
>>

Lloyd
Sat Sep 03 05:04:51 CDT 2005

Excellent link :-)

--
"A preoccupation with the next world pretty clearly signals an inability to
cope credibly with this one."

"William Stacey [MVP]" <staceyw@mvps.org> wrote in message
news:%233FVsB8rFHA.460@TK2MSFTNGP15.phx.gbl...
> MS put out a free Shareware Starter Kit that allow trial/license versions
> and interface to Paypal, etc.
> http://sharewarestarterkit.com/
>
> --
> William Stacey [MVP]
>
> "Etienne" <mysteryx93_nosspam@hotmail.com> wrote in message
> news:OciYaX3rFHA.4044@TK2MSFTNGP09.phx.gbl...
>> Hi, I'm writing an activation system for a software, which allows a 15
>> days grace period. Now the question is... how can I store the date? It
>> has to be kept even if the software is reinstalled, and it must not be
>> too easy to find/delete. I could write a hidden file somewhere in the
>> system or hide it in the registry, but if it is a limited XP account, I'm
>> quite limited. Any genious idea!? I tried Isolated Storage, but just
>> moving the assembly files creates a new Isolated Storage, so it's of no
>> use.
>>
>> Thanks!
>>
>> Etienne
>> Getting a beta version out soon...
>>
>
>