richard@dataspan.dataspan.UUCP (Richard "Tiger" Melville) (12/04/90)
Many of the software products our company sells rely on a licence file which
specifies the duration of time the software is licensed for. The software
then refuses to run when the period has expired. It is, however, possible
to roll back the date on a machine and fool the licence manager software.
This problem must be solved in order for us to distribute free demo versions
which work for a specified period only.
Is there a reliable way to test if the date on a machine has been rolled
back ? (System files which have modified dates in the future might do the
trick.) As portable a solution as possible is desirable, although we mainly
run SunOs 4.0.
--
_Q Q_ Richard Melville DataSpan Technology Inc.
__ /_\) /| 237-9313 400-540 5th ave SW
_\___/O____O|/O____/ \_ Calgary Alberta Canada, T2P 0M2
_/ \_rcosj@chudich.co.rmit.oz (John Simmons) (12/05/90)
richard@dataspan.dataspan.UUCP (Richard "Tiger" Melville) writes: >Many of the software products our company sells rely on a licence file which >specifies the duration of time the software is licensed for. The software >then refuses to run when the period has expired. It is, however, possible >to roll back the date on a machine and fool the licence manager software. >This problem must be solved in order for us to distribute free demo versions >which work for a specified period only. >Is there a reliable way to test if the date on a machine has been rolled >back ? (System files which have modified dates in the future might do the >trick.) As portable a solution as possible is desirable, although we mainly >run SunOs 4.0. Couldn't you get your program to check the date fairly regularly when it is run and write it away somewhere, keeping track of the latest date reached so far, then refuse to run at any time/date earlier than the latest one stored. The software may run after the desired date (if unscupulous people fiddle the machines date ) but it will slowly run out of usable time as the stored date gets up to the final die-by date. You could even have a penalty setup such that it deducts time from the final die-by date if it detects an attempt to run it at a time before the latest stored time/date. John Simmons (VK3KJG) Ph. 660 2619 Royal Melbourne Institute of Tech. System Administrator Fax 662 1060 (Victoria University of Technology) PO Box 2476V ACSnet: rcosj@chudich.co.rmit.oz Melbourne 3001 Australia CSNET: rcosj@chudich.co.rmit.oz.aus ARPA: rcosj%chudich.co.rmit.oz.au@uunet.uu.net BITNET: rcosj%chudich.co.rmit.oz.au@CSNET-RELAY UUCP: ...!uunet!munnari!chudich.co.rmit.oz.au!rcosj
barmar@think.com (Barry Margolin) (12/05/90)
In article <RICHARD.90Dec3143525@dataspan.dataspan.UUCP> richard@dataspan.dataspan.UUCP (Richard "Tiger" Melville) writes: >Is there a reliable way to test if the date on a machine has been rolled >back ? (System files which have modified dates in the future might do the >trick.) No, there isn't. Anyone who has access to change the date would also have access to change anything that the program might look at to verify the date. The Unix superuser is all-powerful within that system. If he's clever enough, he could patch the executable file so that it would skip over the date checks. -- Barry Margolin, Thinking Machines Corp. barmar@think.com {uunet,harvard}!think!barmar
brnstnd@kramden.acf.nyu.edu (Dan Bernstein) (12/05/90)
In article <RICHARD.90Dec3143525@dataspan.dataspan.UUCP> richard@dataspan.dataspan.UUCP (Richard "Tiger" Melville) writes: > Is there a reliable way to test if the date on a machine has been rolled > back ? No, there is not. ---Dan
mike@bria.AIX (Mike Stefanik/78125) (12/31/90)
In article <RICHARD.90Dec3143525@dataspan.dataspan.UUCP>, richard@dataspan.dataspan.UUCP (Richard "Tiger" Melville) writes: > Many of the software products our company sells rely on a licence file which > specifies the duration of time the software is licensed for. The software > then refuses to run when the period has expired. [deleted] > Is there a reliable way to test if the date on a machine has been rolled > back ? (System files which have modified dates in the future might do the > trick.) As portable a solution as possible is desirable, although we mainly > run SunOs 4.0. One method that I have used in the past was to declare a static string with some unique contents in the code (ie: static char *fubar = "UGGA000000000000") and then write the code so that it is self-modifying. I simply had the program determine from whence it came, opened itself, and searched for that string. Obviously the "0000000000" part is the date ala time(). Look at the current time, and if the current time is less than what was in your magic cookie, you know they rolled the clock back. If all is ok, then simply update that string with the current time. Just make sure that that you lock the image when you are doing this. The above is preferable over using inode information such as access time, because that can easily be fudged. Hope that helps. ----------------------------------------------------------------------------- Michael Stefanik, Systems Engineer (JOAT), Briareus Corporation UUCP: ...!uunet!bria!mike "If it was hard to code, it should be harder to use!"