Solved

Hiding Trial Period Information

Posted on 2008-06-10
12
334 Views
Last Modified: 2010-04-21
Hi Experts,

Just a simple quick question. Where is the best place to hide the start date of the applications trial phase?
0
Comment
Question by:reynaldio
  • 4
  • 3
  • 3
  • +2
12 Comments
 
LVL 6

Expert Comment

by:JapyDooge
Comment Utility
What i did in the past

A regkey with another name
md5 of install date (date only)

program starts and does md5 to the last 30 days in history in a while
as long as the md5 is not valid, its exceeded

offcourse u can use more than 30
0
 
LVL 18

Expert Comment

by:Johnjces
Comment Utility
I have created a bizarre registry key that made little sense but only to me and then did a fairly simple encryption of the start and/or end date.

Generally under HKLM.

This by no means is fool proof but works for the majority of people and keeps most people honest.

John
0
 
LVL 13

Expert Comment

by:rfwoolf
Comment Utility
...yes, but would that work in VISTA?
0
 
LVL 18

Expert Comment

by:Johnjces
Comment Utility
Absolutely not UNLESS you have done all of the Vista UAC preparations, proper manifest, created a helper application or a COM dll to retrieve the information from that part of the registry.

Guess we should have stated works for XP and 2000 but Vista is a different "animal".

John
0
 
LVL 2

Expert Comment

by:Ustin19
Comment Utility
Storing keys\trials in HKCR does search and freezing trial slower. For example, Ka$persky Antivirus V5 stored it's key information there
0
 
LVL 2

Author Comment

by:reynaldio
Comment Utility
hi,

so it is common to put the information under windows registry.  i was thinking to put this information in a file and hide it in the windows system folder. is it a good idea?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 2

Expert Comment

by:Ustin19
Comment Utility
it is easy to sniff all registry and file operations, but it is a few more hard to be not obfuscated by HKCR registry branch naming rules - and if application uses any COM\OLE, it becomes not so trivial. And if it will be polymorphian name (e.g. lastruntime depended, in advanced case - patching exe file with random value before start or using external checksum storage) - it will be good obfuscation for majority of lamers.
Maybe, some distructive code (it is very hard variant, use it only if program is semiprivate) solutions you choose
0
 
LVL 2

Accepted Solution

by:
Ustin19 earned 200 total points
Comment Utility
next advice:
default value in registry is "" or not present.
Fill it during installation (xor, md5, GOSTR, RSA1024 as you wish of _installation_ date), then (at start) check encrypt(today), encrypt(today-1), ... encrypt(today-trialperiod) {it is not so long :) } and, if no of this functions returns true, assume end of trial period and delete storage for preventing of aposteriory analysists
0
 
LVL 2

Expert Comment

by:Ustin19
Comment Utility
Combination of prewiours posts guarantee your exe from kiddies at all, but not from patching jmp to nop
0
 
LVL 18

Assisted Solution

by:Johnjces
Johnjces earned 200 total points
Comment Utility
Here's a link that may help you out a bit more. It is a delphi.about.com article on the subject. MOre links, software and one free version that does quite a bit.

http://delphi.about.com/od/objectpascalide/a/aa012803a.htm

John
0
 
LVL 2

Author Comment

by:reynaldio
Comment Utility
Hi all,

thank you for all your advices.
Johnjces -> thank you for the great links you gave me.
I have problems assigning the points since there are no right or wrong answers here.
but i'm gonna give the points to John for his links and Ustin19 for a more complete ideas :)

Thanks,

Reynaldi
0
 
LVL 2

Author Closing Comment

by:reynaldio
Comment Utility
thanks guys :)
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers will learn about the different types of variables in Java and how to declare them. Decide the type of variable desired: Put the keyword corresponding to the type of variable in front of the variable name: Use the equal sign to assign a v…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now