Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent usage of expired license through system clock tampering? [closed]

Tags:

java

licensing

systemtime

ntp

I am currently working on a license manager using java, I will be specifying a start and end date for my application so I can force a licensed user to re-license the program after a certain amount of time.

But the problem I am facing is that any one can roll-back their system date and time in order to maintain the validity of license. Is there any way in Java to detect the system date and time is changed. I have already tried Network Time Protocol to get the current date and time from a time server.

like image 979
Lalchand Avatar asked Jun 13 '11 08:06

Lalchand

People also ask

How do I protect software from system date changes?

One way to do is to store the current time and date of software download in an encrypted file that should be used along with the package. Another way is to store file in the user computer and keep checking with your hard coded date in the software with that file.

What is clock tamper detection?

Answer. The license management software can report this error if it detects an item with an access, creation, or modification time that is in the future. Future timestamps can sometimes indicate that the system clock has been set backwards in order to circumvent license expiry dates.

1 Answers

You likely are storing a license file on the system. a) include the time that the software was registered in the license file, b) digitally sign the file.

The digital signature will tell you if the license file was tampered with. If not, the time will tell you when the software was registered; if the "current time" is less than the registered time, your license manager knows something funny is going on and it can respond according (refuse to run, delete the license, ...

If you really want to enforce the date range, write the current time on each program execution to a separate digitially signed file, verifying that time always goes monotonically up.

You can also check your last recorded time against any files your application writes-then-reads. Such a file with a date later than your last recorded time indicates some kind license-file rollback.

These wont stop the user from setting the clock back some, but it will make it pretty hard for him to do this in an organized way.

like image 172
Ira Baxter Avatar answered Oct 11 '22 15:10

Ira Baxter
Sign in to Comment

Related questions

Does RecyclerView.ViewHolder always have to be an inner class?
Spring Boot: Wrapping JSON response in dynamic parent objects
Session management with Spring Boot?
Kafka consumer exception and offset commits
java 10 compilaton Null Pointer Exception
GPU based algorithm on AWS Lambda
Convert java.util.Date to String in yyyy-MM-dd format without creating a lot of objects
Why is reading a JDBC ResultSet by position faster than by name and how much faster?
How to fix: Embedded H2 Database "NonTransientError: Unable to read the page at position" error?
static final fields vs TrustFinalNonStaticFields
Password encryption with Spring/Hibernate - Jasypt or something else? [closed]
TimeZone.setDefault changes in JDK6
In @Table(name = "tableName") - make "tableName" a variable in JPA
Do threads created in Java behave differently on Windows and Linux?
Combining JAXB and JPA in one model
How to avoid the 1024 lines of Java exception stack limit
What is a maven repository url for jung2 (java graph framework)?
Does Jackson Without Annotations Absolutely Require Setters?
why not Map#removeAll(Collection<?>)?
How to test a method invocation inside an anonymous class using mockito

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!