Solved

how to prevent user from changing system time ?

Posted on 2001-06-22
15
237 Views
Last Modified: 2010-04-01
I'm implementing the 30 days trial scheme on program. but the problem is how can I prevent the user changing the system date ?
0
Comment
Question by:eugeneng
15 Comments
 
LVL 3

Expert Comment

by:jltari
ID: 6217740
In my opinion, you shoudn't try to stop the user from changing the system time. You rather should check the system time when the software is installed and each time it is started. Crypt that somewhere in a file or in the registry, and make sure date and time don't change to earlier than the last check.
0
 

Author Comment

by:eugeneng
ID: 6217785
that is what I've done, but user can simply hack that by changing the system date back, so my program will still assume it is not expire yet!! I've seen some programs, e.g Xing player, even I've changed the system date back to the date before it expire, the program will still refuse to run. how to do that ?
0
 
LVL 32

Expert Comment

by:jhance
ID: 6217817
You really cannot prevent users from changing the clock on their own systems.

If however, you app were to keep a log of every time it runs and a run time comes up that is out of sequence, then you know that the time has been messed with.  So end up with a timeline like:

INSTALL...RUN1...RUN2...RUN3...RUNN...EXPIRE

If the current time is ever before the install or the last run time, you do whatever it is you are planning.  Keep this data in a file or the registry (if Windows) and generate a HASH (MD-5 is a reasonable choice).  That way if the timeline data is modified you'll know that as well.
0
 
LVL 2

Expert Comment

by:Microsoft
ID: 6217823
why not write the time and date to a file on the hard drive

called something not obvious

so

2 files

one when the software was installed

the other every day the software is run

then read the software installed data with the date out of the second file
and if the diff is >30 then dont load

thats how i did  it

cheerts

Andy
0
 
LVL 1

Expert Comment

by:ua1zcl
ID: 6218148
Combine few methods and test few times during session.
May use (if Windows) RegEnumKeyEx( ) where is
PFILETIME lpftLastWriteTime. I not found how to change
this value.
0
 
LVL 30

Accepted Solution

by:
Axter earned 100 total points
ID: 6218178
I had this very same problem in a program I created, and I was able to solved it very successfully.

First of all, you don't want to stop the user from changing the system time.  What you need is a method to determine if the system time has been change, and if it has been changed, what is the correct time.

Continue....
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218189
You program should first get the system time.
Then get the time stamp from several operating system key files.
These key files are files that get modified during boot up.
Even if the user does change the system time, these files will still reflect the correct date of boot up.
The only way the user can get around this is to change the time in the BIOS.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 30

Expert Comment

by:Axter
ID: 6218218
For windows NT you can check "c:\\pagefile.sys" and "c:\\winnt\*.tmp"

For NT/98/95 you can check the following:
"Win.ini"

In Win98/95 there are a few other files you can check, but I don't remember them of hand.  You can figure this out by looking at a Win98/95 directory, and look at what files have the current date stamp.
On Win98/95 the file that is used for virtual memory will have the most current date.

You should check all these files, and make sure that none of them has younger date then the system date.
If any of them do, then you know the system time has been changed, and you should time out the program.

continue...
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218243
Another step to take is have an extra time out key for your program.  That key should always have the latest date dectectable by your program.  You should always check the system time with this extra key.  The system time should never be younger then this key.  If so, you know that the system time has been changed, and you then can time out the program.

Example:
Program starts 01 March 2001.  
Extra key always has the latest date.
User starts program on 31 March 2001.
Your program saves the latest date "31 Mar 01" in the extra key.
When your program times out, and the user changes the date to 01 Mar or 29 Mar, your program will be able to see that the date is younger then the previously stored date "30 Mar" and can then time out.
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218314
Make sure when you save these keys, to save it in the registry in an inconspicuous location.  Make the key look like a system's variable. And make the date encrypted.  You can use any simple encryption.  Like change the numbers to letters.
Example:
15 Mar 2001 (15/03/2001)
Can be changed to
(bf/ad/caab)
And you should take out the "/" dividers so it should look like the following:
bfadcaab

Why go through this trouble?
If you don't change the date format, a user can just do a registry key search for keyword using the time out date as the key word.
You want to minimize the chance that a user can find your registry key.

An example of a inconspecuous key would be something like:
HKEY_CLASSES_ROOT\.wav\contentid\
or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IE Setup\Options\subver

You want to pick a key that you know you the user will have access to, and that can not interfere with the system, but it looks like it's part of the system.

continue .....
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218340
You should also put some decoy registry keys in obvious locations.
Something like
HKEY_LOCAL_MACHINE\SOFTWARE\MyProgramName\StartDate

When your program detects this key has been changed, make it update it to automatically.

You should do anything you can to add to confusion and add to the hacker's frustration in order to discourage the hacker.

Continue....
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218379
In my program I had 5 backups for the Initialize date.
And my program would always used the oldest date of the five dates.  If any of the five locations had incorrect dates, my program would update it to the oldest date.

Here are four of the locations I used:
1. Registry Key
2. System.ini Variable key
3. win.ini Variable key
4. Custom file with a hidden Variable key
5. (???????)

All keys were encrypted.

Before my program initialized the key in the files, it first got the file dates, then added the initialized key, and then change the file stamp to the original date.
If you don't do this the user can just search directory for most recent file changed.

continue ....
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218393
I forgot to mention, that you should make the custom file have the same date as your executable.  So after you initialize the custom file, change the date stamp on the file, and make it match your main program.

continue....
0
 
LVL 30

Expert Comment

by:Axter
ID: 6218428
None of these methods are fire proof.

The registry key can be found by a user using a registry tracker program.
The system.ini and win.ini key can be found by a user going to a different computer, and then saving the system.ini and win.ini files to a backup directory, before installing your program.
Then install your program.
After installing your program, they can use a File-Dif program to find the difference between the original win.ini file and the modified win.ini file.

The custom file can be found by installing the program into two different computers at different dates, and then doing a file-dif on all the files in the sub directory.

I'm sure there are other methods to finding these keys that I haven't even thought of yet.

So what you have to keep in mind is that your goal is to stop the average user from hacking your time out.
You will not be able to stop a really good hacker.

For more info, you can take a look at the following PAQ:
http://www.experts-exchange.com/jsp/qShow.jsp?ta=winprog&qid=20121450

Above PAQ is a similar question I answered previously.
0
 

Author Comment

by:eugeneng
ID: 6223698
Excellent!!! Axter, thanx alot..

for the other helpers, I think Axter deserves the reward points coz he gave me the most robust methods & ideas to solve my problem, anyhow, thousand of thanks for you guys
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
The goal of the tutorial is to teach the user how to use functions in C++. The video will cover how to define functions, how to call functions and how to create functions prototypes. Microsoft Visual C++ 2010 Express will be used as a text editor an…
The viewer will learn how to use the return statement in functions in C++. The video will also teach the user how to pass data to a function and have the function return data back for further processing.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now