![]() ![]() ![]() Mdate = DirectoryEntryDate(dir, #PB_Date_Created) Mdate = DirectoryEntryDate(dir, #PB_Date_Accessed) Mdate = DirectoryEntryDate(dir, #PB_Date_Modified) Get the date of the all entries in the Temp-Folderĭir = ExamineDirectory(#PB_Any, GetTemporaryDirectory(), "*.*") And don't forget to add a "licensed to user"-message in the info-box. ![]() With an aes-encrypted license-file and a date check you should prevent 99.99% of all basic users to freely copy your program. And because many programms create Temp-files, there must be at least one file created with the correct date. But he must set the date back to valid date (for example when he want to use a browser - or all https-sides will be invalid). Why the temp-folder? A user can change the current date to an earlier date to bypass the date check. Also you can save the current-date when the program quits and check on start, if the date is older than the quit-date. You can try to validate the current date with the internet - or if not possible, simple check all files in the Temp-Folder and check the date. When you want a time-limited-license, you can't trust the local date. Of course a hacker could find the aes-key in the app, but when he can do this, he could also remove the check code at all. a License-file encoded with AES and a inbuild key. Sometimes hardware breaks or is replaced (bigger ssd for example) and your programm will not run. Plus some users despise usb dongles a lot, i have experienced the problems with having to run 6 dongles on the same machine and it is not funny If you invest your time to enhance your software instead, that time is likely better used.ĭon't forget that it is also likely a race against the open source community The moment a crack/hack exists, your time invested in any protection is mostly wasted. But again, it is a race you will lose in the end, so i doubt it makes much sense. So you have for example between 3 weeks to 6 months where your software can only be used legally before a hack exists. There are ways by using a USB dongle that make hacking the software more difficult. Better spend time to enhance your software so more people will see a real value in paying for it, some people will always steal it anyway - focus on the legal users and make their life better by increasing the value of your software instead of wasting your time in a race you can't win anyway. It is an option but not a good one in my opinion. Some criminals might use that to extort money from you once your business is running successfully. It also introduces new vulnerabilities like DDOS attacks on your license server. Plus you will have to keep your servers up, running, up to date and any network/ISP/server issue makes your software unuseable. The advantage is having less software theft, but the major disadvantage is that your software is crippled and cant be used without a network connection anymore. You could for example have your app being 99% local with all the resource intensive work, but have something like a crucial processing setup calculation done by an external module on your server. That way you can avoid (if you do it right!) a simple local patch. While I knew it wasn't 100%, I guess when it comes down to disassembling it, there's always a equal to or not equal to that can be replaced.Ī better way might be to enforce a remote connection which does additional license verification. Paul wrote:It still compiles to a section of code that says "If Code = Valid Then Result" You are actually paying someone else to deal with all the obfuscating of code and detecting of disassemblers and virtual machines, etc.Īnd over time even those protection systems are bypassed unless they are constantly updated, playing a cat & mouse game with those trying to do the bypassing Guess that's why software protection systems are so expensive. The same code I posted earlier will also patch your "more creative" version with no modification. The disassembled code section that finishes the validation looks like this.Īnd it's still a simple Poke $74 to $75 to change the behavior. It still compiles to a section of code that says "If Code = Valid Then Result" and all the other work you've done up to that point is irrelevant. The only one that has worked harder here is the developer by adding more code trying to obfuscate strings and comparing memory, etc. Again, nothing is 100% but you could make a hacker work harder for it. ![]()
0 Comments
Leave a Reply. |