I have node-locked licensing working, using the MAC address and system time. We're concerned that people will just edit their system date to extend a license, so I've tried getting the real date from an machine in the NTP pool. That works, but then obviously you can't use the product without being online, and it doesn't seem to be 100% reliable (I'm guessing the UDP packet never arrives/returns in some cases).
What's the standard approach here? Live with the changeable OS date? Run something on a web server that provides the time over TCP? I hear the BIOS date gets updated by the OS when you reboot, so perhaps there isn't any way to know for sure what the current date is without using the internet?
I know that licensing can never be completely secure, and I expect it to be cracked or torrented, but I don't want it to be as easy as changing the system date. Any ideas appreciated. Thanks
Using a hard disk drive serial number in addition to the date would be more difficult to bypass. You can also have it limited to the user login name. Other than having a hardware dongle, software licensing can always be circumvented.
Update:
If that's the case, can't you just monitor the time? Create an algorithm that validates the system clock follows a logical progression (always increasing.) If the date ever suddenly get shifted back more than a specified amount of time (you have to account for some drift and internet time server corrections), you disable the program until the user restores the clock?
Related
Let Say there are two identical systems. One of which has licence version of windows and I am ghosting entire drive into second computer's hdd. will windows ever come two know?
If that system is not connected to internet ?
Is CPU_ID unique Identifier or is it a cpu product ID.
I know mac address is unique in a system but I want to dig deeper in finding unique identifiers of system.
Take a look at this.
What should be the unique ID of a machine? Its motherboard ID? Windows Product ID?
I am working on visual C#.
The Kernel is compiled with specific drivers and the Kernel knows all the information about the hardware including their firmware version and hardware Ids. (one of the reason for BSOD)
If you install a windows and change the HDD to another same set-up, windows might try to repair and work. However if you have TPM chip and Bitlocker enabled, windows will ask you for the BitLocker recover key as soon as you've changed the hardware setup. That's because windows kernel knows each hardware and their ID's and therefor changes in them.
In order to answer you intended question, don't bother trying to prevent privacy you will never succeed and there will be someone to crack it. Instead spend that time on your actual product and marketing. People who want's to steal, they will steal anyway or won't use. Spend your time for those who would want to buy your product.
Having said that, move important code to web service if you really that much worried.
I am working on an application for our IT support team. For one of the requirement, I need to find out the manufacturing date of a laptop (and some desktops). I did some googling and found some solutions but none of them are feasible in my case:
Serial Number : get the serial number from the back of the machine and access the vendor's site with given serial number and get all the details.
-> This is not going to work because there are hundreds of machines and from many vendors like Dell, HP, Lenovo, etc.
Operating System : I can extract all the OS level info by using "systeminfo.exe". There is a field called "Original Install Date" which will give a date when OS was installed on the machine.
-> This is also not going to work for me because whenever a laptop is assigned to a new user, it is being formatted and fresh OS image is being deployed so everything this date will change.
BIOS : In one of the articles it is being stated that because BIOS is installed as soon as the assembly is finished so it can provide the most accurate date when the machine was ready to end user use after installing OS. So I have used "Win32_Bios" WMI class to extract this data.
-> The problem with this approach is whenever any BIOS version upgrade happens, this BIOS date is also getting modified, so I cannot get the real manufacturing date of the machine.
Last approach, I thought if I can get the processor manufacturing date then I might get some approximate date when the machine came into existence. I checked Device Manager --> Processors --> Properties.
-> Problem with this approach is, I am seeing the version and date of the processor driver and not the real processor and this date is showing way back from 2006
I would really appreciate if someone please share their views or experiences regarding the above situation.
I know this kind of the question has been asked before and it has been closed down because people thought it is not very interesting topic to discuss so I really request to all please do not close this question. Let's give a chance to everyone to share their views.
Thanks.
Can we find if our software has been copied in an OS image (windows) and then deployed in another machine. The hardware details do change but it may be due to hardware upgrade or change.
Is there anything at software level which indicates that the OS image has been installed.
P.S the OS install date doesnt change after image deployment.It shows the date of original OS installation date and time and not that of the imaged one.
For example i tried to detect this using service tag,uuid and os install date changes . I thought the hardware and software details combined would result in correct detection. But the os install date dint change and hardware details changed or showed junk value during hardware upgrade . My software will be installed in the os . Then OS will be imaged. I want to detect the imaged installation
If your software is connected to the Internet this is relatively easy to solve. You arrange to 'call home': send occasional packets to a known server address containing enough information to identify the instance.
For this purpose UDP packets serve quite well. You include information about the build of your software, the operating system it is running on, some simple hardware details such as how much memory and disk, the IP address and the MAC address. From the packets logged by your server you will easily be able to tell an original instance from a clone, or an original with updated hardware in almost every instance. You may also be able to obtain highly distinctive information by a detailed inspection of hardware if you have sufficient privilege.
Please note that Windows does exactly this. If an activated copy is found running on a machine that is sufficiently different then it must be re-activated. The definition of 'sufficiently different' is not made public.
Just to be clear, what I'm describing is a heuristic, not an algorithm. I'll assume the original installation creates a GUID, and that a clone carries the same GUID. When you receive packets from installations with the same GUID containing enough information, in practice you will be able to tell the original from the clone in virtually every case. Two clones may start identical but very soon something will diverge: a network IP address, disk free space, active devices.
This may not fill all the requirements of the original question but it will work (it already does) and it's better than nothing.
Generate a GUID each time the computer boots, and include both the current GUID and the history of GUIDs previously generated each time you report to the server.
If a machine's report has a GUID missing, then you know the machine has been cloned and at least one new instance should be generated. You can determine when the cloning took place by looking for the last GUID that is remembered by both instances.
To determine which instance to consider "the same machine" as the original, if this matters, look for changes in the MAC address or computer name. If there is exactly one instance where neither of these have changed since the machine was cloned, that can be assumed to be the original. (If there are multiple instances with the same MAC address, something is badly wrong; bring it to the attention of the system administrators and let them sort it out.)
If none of the current instances has a matching MAC address and computer name, this might mean that the original machine has not been powered back up yet but will be eventually, or that it has been destroyed, or that it is permanently offline and only being used as a template. It could also mean that, by coincidence, the computer name and/or MAC address were changed after the machine was cloned but before the next report.
How best to deal with this depends on the context, but in most cases it would probably be sensible to show the original machine as a separate instance, even if you haven't had a report from it since the cloning took place, and let the system administrator manually delete it if appropriate.
I have a script, which monitors some folder's subfolders, check their created date, and if DateDiff from created time and Now is more than 730(2 years) it deletes this folders. The problem is in that, if set current time on PC for 5/16/2015 - the script will delete folders, and it's not cool. I thought about getting time from some internet service, but there is no guarantee that PC will be connected to internet. So I tried to get BIOS time (I believe no users can change it to wrong), and compare folder's created time with this time. But, unfortunately I didn't find the way how to do that. Maybe you have any idea how to implement this task?
Having an incorrect date and time on a production-level machine is not an option nowadays. It will break a lot of things like HTTPS sites (they will fail to validate because of expired certificates), etc.
The system clock (BIOS time) is changed by the operating system whenever the time itself is changed in the OS, so you only have one clock in the computer. In other words the OS does not have a separate clock to track time with.
Nowadays most computers use the Network Time Protocol to keep their clocks in sync, so you should specify the correctly set time as a pre-requisite for your software. (Or you can just specify that the computer must be connected to an external atomic clock, but that's going to be expensive.)
I saw this question in a forum about how an application can be developed that can keep track of the installation date and show trial period expired after 30 days of usage. The only constraint is not to use the external storage of any kind.
Question: How to achieve this?
Thanks
Bala
--Edit
I think its easy to figure out the place to insert a question work. Anyway, I will write the question clearly. "external storage" means don't use any kind of storage like file, registry, network or anything. You only have your program.
Use the file-modified date of the file containing the program as the installation date.
I like Doug Currie's idea of the file-modification date. But if the application is downloaded from the web, every night at midnight it gets relinked with new initialized data containing the new expiration date. Then any binary downloaded that day expires on the date given.
If you like, sign the date with a private key so it can't be hacked. Include a public key in the app and decrypt the date. If not correctly signed, hasta la vista, baby.
I don't know if this is possible, as most work I've done has been with embedded systems in which I don't even need to touch the operating system. But would the following be possible?
When compiling your program, leave some extra space at the end (say, 8 bytes), all set to 0. When your application is run, it fetches those bytes and if they're all 0, replaces them with the current time (That's the part I'm not sure about. Does the OS let you do that? If not, there might be some work-arounds using multiple processes.), otherwise, if the time difference is greater than 30 days, it notifies the user that the trial period has ended.
Of course, that method would be vulnerable to resetting the system clock.
If you can't use any external storage at all (not even config files or anything like that), you would need to code it into the app itself so the app's main method (or some method) checks if the current date is less than some expiration date. Part of your installer could actually compile that code on the fly and then it would be set to the installation date. This could be easily defeated by reinstalling the app, but then again, it's not realistic to have no external storage either.
I think the only way to do this generally would be to have your application spawn something off in a separate process that would continue to run and keep track of the date/time even if the main application were closed. When it was restarted, it would then connect to the running process to see if the trial period had expired.
Of course, this would only work if the computer was never restarted and the user never hunted down your spawned process and killed it, which is pretty unlikely. If your application does not do anthing IO-related (file system, registry, something on the network etc.), then a simple restart will wipe away anything that you've done.
So, to summarize: it's not really possible.