how to prevent user from changing system time ?

Posted on 2001-06-22
Last Modified: 2010-04-01
I'm implementing the 30 days trial scheme on program. but the problem is how can I prevent the user changing the system date ?
Question by:eugeneng

Expert Comment

ID: 6217740
In my opinion, you shoudn't try to stop the user from changing the system time. You rather should check the system time when the software is installed and each time it is started. Crypt that somewhere in a file or in the registry, and make sure date and time don't change to earlier than the last check.

Author Comment

ID: 6217785
that is what I've done, but user can simply hack that by changing the system date back, so my program will still assume it is not expire yet!! I've seen some programs, e.g Xing player, even I've changed the system date back to the date before it expire, the program will still refuse to run. how to do that ?
LVL 32

Expert Comment

ID: 6217817
You really cannot prevent users from changing the clock on their own systems.

If however, you app were to keep a log of every time it runs and a run time comes up that is out of sequence, then you know that the time has been messed with.  So end up with a timeline like:


If the current time is ever before the install or the last run time, you do whatever it is you are planning.  Keep this data in a file or the registry (if Windows) and generate a HASH (MD-5 is a reasonable choice).  That way if the timeline data is modified you'll know that as well.
Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.


Expert Comment

ID: 6217823
why not write the time and date to a file on the hard drive

called something not obvious


2 files

one when the software was installed

the other every day the software is run

then read the software installed data with the date out of the second file
and if the diff is >30 then dont load

thats how i did  it



Expert Comment

ID: 6218148
Combine few methods and test few times during session.
May use (if Windows) RegEnumKeyEx( ) where is
PFILETIME lpftLastWriteTime. I not found how to change
this value.
LVL 30

Accepted Solution

Axter earned 100 total points
ID: 6218178
I had this very same problem in a program I created, and I was able to solved it very successfully.

First of all, you don't want to stop the user from changing the system time.  What you need is a method to determine if the system time has been change, and if it has been changed, what is the correct time.

LVL 30

Expert Comment

ID: 6218189
You program should first get the system time.
Then get the time stamp from several operating system key files.
These key files are files that get modified during boot up.
Even if the user does change the system time, these files will still reflect the correct date of boot up.
The only way the user can get around this is to change the time in the BIOS.
LVL 30

Expert Comment

ID: 6218218
For windows NT you can check "c:\\pagefile.sys" and "c:\\winnt\*.tmp"

For NT/98/95 you can check the following:

In Win98/95 there are a few other files you can check, but I don't remember them of hand.  You can figure this out by looking at a Win98/95 directory, and look at what files have the current date stamp.
On Win98/95 the file that is used for virtual memory will have the most current date.

You should check all these files, and make sure that none of them has younger date then the system date.
If any of them do, then you know the system time has been changed, and you should time out the program.

LVL 30

Expert Comment

ID: 6218243
Another step to take is have an extra time out key for your program.  That key should always have the latest date dectectable by your program.  You should always check the system time with this extra key.  The system time should never be younger then this key.  If so, you know that the system time has been changed, and you then can time out the program.

Program starts 01 March 2001.  
Extra key always has the latest date.
User starts program on 31 March 2001.
Your program saves the latest date "31 Mar 01" in the extra key.
When your program times out, and the user changes the date to 01 Mar or 29 Mar, your program will be able to see that the date is younger then the previously stored date "30 Mar" and can then time out.
LVL 30

Expert Comment

ID: 6218314
Make sure when you save these keys, to save it in the registry in an inconspicuous location.  Make the key look like a system's variable. And make the date encrypted.  You can use any simple encryption.  Like change the numbers to letters.
15 Mar 2001 (15/03/2001)
Can be changed to
And you should take out the "/" dividers so it should look like the following:

Why go through this trouble?
If you don't change the date format, a user can just do a registry key search for keyword using the time out date as the key word.
You want to minimize the chance that a user can find your registry key.

An example of a inconspecuous key would be something like:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE Setup\Options\subver

You want to pick a key that you know you the user will have access to, and that can not interfere with the system, but it looks like it's part of the system.

continue .....
LVL 30

Expert Comment

ID: 6218340
You should also put some decoy registry keys in obvious locations.
Something like

When your program detects this key has been changed, make it update it to automatically.

You should do anything you can to add to confusion and add to the hacker's frustration in order to discourage the hacker.

LVL 30

Expert Comment

ID: 6218379
In my program I had 5 backups for the Initialize date.
And my program would always used the oldest date of the five dates.  If any of the five locations had incorrect dates, my program would update it to the oldest date.

Here are four of the locations I used:
1. Registry Key
2. System.ini Variable key
3. win.ini Variable key
4. Custom file with a hidden Variable key
5. (???????)

All keys were encrypted.

Before my program initialized the key in the files, it first got the file dates, then added the initialized key, and then change the file stamp to the original date.
If you don't do this the user can just search directory for most recent file changed.

continue ....
LVL 30

Expert Comment

ID: 6218393
I forgot to mention, that you should make the custom file have the same date as your executable.  So after you initialize the custom file, change the date stamp on the file, and make it match your main program.

LVL 30

Expert Comment

ID: 6218428
None of these methods are fire proof.

The registry key can be found by a user using a registry tracker program.
The system.ini and win.ini key can be found by a user going to a different computer, and then saving the system.ini and win.ini files to a backup directory, before installing your program.
Then install your program.
After installing your program, they can use a File-Dif program to find the difference between the original win.ini file and the modified win.ini file.

The custom file can be found by installing the program into two different computers at different dates, and then doing a file-dif on all the files in the sub directory.

I'm sure there are other methods to finding these keys that I haven't even thought of yet.

So what you have to keep in mind is that your goal is to stop the average user from hacking your time out.
You will not be able to stop a really good hacker.

For more info, you can take a look at the following PAQ:

Above PAQ is a similar question I answered previously.

Author Comment

ID: 6223698
Excellent!!! Axter, thanx alot..

for the other helpers, I think Axter deserves the reward points coz he gave me the most robust methods & ideas to solve my problem, anyhow, thousand of thanks for you guys

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Templates For Beginners Or How To Encourage The Compiler To Work For You Introduction This tutorial is targeted at the reader who is, perhaps, familiar with the basics of C++ but would prefer a little slower introduction to the more ad…
Introduction This article is the first in a series of articles about the C/C++ Visual Studio Express debugger.  It provides a quick start guide in using the debugger. Part 2 focuses on additional topics in breakpoints.  Lastly, Part 3 focuses on th…
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.
The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question