Link to home
Create AccountLog in
Avatar of reynaldio
reynaldioFlag for Indonesia

asked on

Hiding Trial Period Information

Hi Experts,

Just a simple quick question. Where is the best place to hide the start date of the applications trial phase?
Avatar of JapyDooge
JapyDooge
Flag of Netherlands image

What i did in the past

A regkey with another name
md5 of install date (date only)

program starts and does md5 to the last 30 days in history in a while
as long as the md5 is not valid, its exceeded

offcourse u can use more than 30
I have created a bizarre registry key that made little sense but only to me and then did a fairly simple encryption of the start and/or end date.

Generally under HKLM.

This by no means is fool proof but works for the majority of people and keeps most people honest.

John
...yes, but would that work in VISTA?
Absolutely not UNLESS you have done all of the Vista UAC preparations, proper manifest, created a helper application or a COM dll to retrieve the information from that part of the registry.

Guess we should have stated works for XP and 2000 but Vista is a different "animal".

John
Avatar of Ustin19
Ustin19

Storing keys\trials in HKCR does search and freezing trial slower. For example, Ka$persky Antivirus V5 stored it's key information there
Avatar of reynaldio

ASKER

hi,

so it is common to put the information under windows registry.  i was thinking to put this information in a file and hide it in the windows system folder. is it a good idea?
it is easy to sniff all registry and file operations, but it is a few more hard to be not obfuscated by HKCR registry branch naming rules - and if application uses any COM\OLE, it becomes not so trivial. And if it will be polymorphian name (e.g. lastruntime depended, in advanced case - patching exe file with random value before start or using external checksum storage) - it will be good obfuscation for majority of lamers.
Maybe, some distructive code (it is very hard variant, use it only if program is semiprivate) solutions you choose
ASKER CERTIFIED SOLUTION
Avatar of Ustin19
Ustin19

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Combination of prewiours posts guarantee your exe from kiddies at all, but not from patching jmp to nop
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Hi all,

thank you for all your advices.
Johnjces -> thank you for the great links you gave me.
I have problems assigning the points since there are no right or wrong answers here.
but i'm gonna give the points to John for his links and Ustin19 for a more complete ideas :)

Thanks,

Reynaldi
thanks guys :)