Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to prevent usage of expired license through system clock tampering? [closed]

I am currently working on a license manager using java, I will be specifying a start and end date for my application so I can force a licensed user to re-license the program after a certain amount of time.

But the problem I am facing is that any one can roll-back their system date and time in order to maintain the validity of license. Is there any way in Java to detect the system date and time is changed. I have already tried Network Time Protocol to get the current date and time from a time server.

like image 979
Lalchand Avatar asked Jun 13 '11 08:06

Lalchand


People also ask

How do I protect software from system date changes?

One way to do is to store the current time and date of software download in an encrypted file that should be used along with the package. Another way is to store file in the user computer and keep checking with your hard coded date in the software with that file.

What is clock tamper detection?

Answer. The license management software can report this error if it detects an item with an access, creation, or modification time that is in the future. Future timestamps can sometimes indicate that the system clock has been set backwards in order to circumvent license expiry dates.


1 Answers

You likely are storing a license file on the system. a) include the time that the software was registered in the license file, b) digitally sign the file.

The digital signature will tell you if the license file was tampered with. If not, the time will tell you when the software was registered; if the "current time" is less than the registered time, your license manager knows something funny is going on and it can respond according (refuse to run, delete the license, ...

If you really want to enforce the date range, write the current time on each program execution to a separate digitially signed file, verifying that time always goes monotonically up.

You can also check your last recorded time against any files your application writes-then-reads. Such a file with a date later than your last recorded time indicates some kind license-file rollback.

These wont stop the user from setting the clock back some, but it will make it pretty hard for him to do this in an organized way.

like image 172
Ira Baxter Avatar answered Oct 11 '22 15:10

Ira Baxter