Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Prevent Reinstallation 6

Status
Not open for further replies.
AkutaSame

AkutaSame

Programmer
Oct 5, 2002
97
0
0
US
I was just wondering if someone could share with me a method (other than putting a simple key into the registry, which can be deleted/removed) to prevent a demo software from being reinstalled.

Ex.
Someone downloads my demo software (hypothetical, the software isn't done) which has a time limit on it set to expire after 15 days. After the expiration, I want to make it so the person can't just uninstall the program and reinstall it for another 15 day trial. I know there are people out there who will even scour the registry for the product and remove all entries.

Is the only solution a hidden registry key with a name and value that have NOTHING to do with the program?
 
Sort by date Sort by votes
I am in the process of doing this also. I have not settle for a definite solution yet. But I have designed a protection scheme for my software that allows program to run on a single computer only using a 16 characters key.
In the same line of thinking, I am trying to design a key that would contains the time period that the program would be allowed to run, such that even if you reformat your disk and reinstall the program would not work beyond the given date. Of course I am still thinking about it. Its not perfect because changing the computer date would allow the program to run. Another solution would be to design it to rely on a specific diskette that would contain the key.
But there also it is not elegant.
If and when I come up with a definitive solution I will keep you inform
 
Upvote 0 Downvote
Thanks, I just don't want to resort to using a simple reg key, which WOULD be able to be overcome by scouring the reg and deleting it...

If I figure something out, I'll post the answer here.
 
Upvote 0 Downvote
if the end user is requesting of your site, could you not hard code a start/end time into the program, compile then upload. not the most practical of solutions i know, but there is no reg keys involved!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Unfortunatly the only way to do this is to keep a value on the computer somewhere. Your options on that are in the registry or creating a file somewhere.

Both can be overcome, but you have to think like a criminal in order to defeat them.

I had an OCX that was a mail linker. In any case that's not important. On first install or first use, the OCX would create 1 registry key. The registry key would input the first run date. But not just today's date. It was an encrypted algorythm of the date. Otherwise they could simply change the date in the registry.

Then on the second run of the program it would create a second registry key, just a simple the program has been run before key. Of course the name of the key was a little obscure and I placed the Key under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet ExplorerThat way a registry cleaner would not touch it.

Then when the program was running, if the key that had the date was missing i.e. re-install... It would look to see if the other key existed. If the other key did, it would basically not work.

The purpose on doing the registry keys on different runs of the software. Was that some guys will copy their registry prior to use and compare it afterwards to the installed. Therefore only finding the first key, not the second one I installed on the second run.

Now that's a lot of work, but depending on your program may be worthwhile.


Craig, mailto:sander@cogeco.ca

In the computer industry, there are three kinds of lies:
lies, damn lies, and benchmarks.
 
Upvote 0 Downvote
>you have to think like a criminal in order to defeat them.

defeat is not the right word, hinder is a better word.


If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Maim, beat, punish... those are all good words too, but unfortunatly against the law :)

I had considered rendering the PC useless or disabling it if the forementioned clauses were met and I could sermise that the person tampered with the registry to defeat my timer. But there are laws against such things, that and it would make me a hacker, which I'm not.

Craig, mailto:sander@cogeco.ca

In the computer industry, there are three kinds of lies:
lies, damn lies, and benchmarks.
 
Upvote 0 Downvote
LOL

ive been toying with an idea of forcing an installation of the hard drive (ie not of CD or floppy etc) then on installation deleting the install file... dont know exactly how it would be done, but i imagine its possible,

next there was the idea of reading creation times of popular apps and using them to encode with the time of my applications creation date, again flaws to that plan,

then the idea of rewriting the actual bytes of the EXE in several positions (with a lot of trial and error) to set a constants value (dont know if this is entirely possible)

my final idea is to include a guy in a black suit in the price of the app, to physically beat anyone trying to install it illegally!!

anyway i have to go watch united pull 2 goals back against real madrid!!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
But you *can* make the program delete itself from the hard drive if you think it has had its copy protection defeated.

It really boils down to two basic methods:

1: Hardware protected. Program is protected by a hardware key ( Sometimes called a "Dongle" ) that is inserted in the printer port, or in the USB port, so that if it is not present then the program will not run. Can be expensive, and is usually only used on programs that cost big bucks.

2: Software protection. As you've pointed out, this method is lacking in security. Just as a note though, you don't have to resort to just the registry to store a "key". You could write a file somewhere on the drive, preferably in a location that is not obvious ( and modify it's date so that it is older than the install date of the program ) and has a name that makes it look normal. After all, who's going to notice an extra file in the system directory named msyxvr32.dll ( or something like that )?

Just thinking, is there a way to check from VB if a file has been deleted but is still recoverable? As we know, when you delete a file the actual file is still on the drive, it's just had it's allocation removed from the FAT. Could the install process check the drive in the same way that an "undelete" utility looks for a file that has been deleted? If it found the "file", then it would refuse to continue with the install process?

Just wondering...

Robert
 
Upvote 0 Downvote
dongles... hmmm, anyone with an rs catalog and a couple of quid can build a dongle.

as for the writing a file, i wrote a prog that logs all files on the system (so if i can do they can do it), i run it to look for virus and other stuff (especially dil files [cr/h-ackers like to hide stuff with extension dil cos it looks like dll aparently]) run it before and after to look for new files...

anyway...



If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
"A Dongle ate my baby" sorry someone had to say it.

One realm that has not been explored is LAN and WAN.

With Install sheild you purchase license keys. i.e. 1 key has 1 client, another has 5 clients, etc. etc. If you try to run IS and another instance is open but you only have 1 key and they both match then both sessions of IS will shhut down.

Then there is the Internet idea. Everytime a program runs it checks the internet for authentication. If it's a web based program anyways, then this is perfect. But if not people might be pissed when thir app doesn't work from their laptop that is disconnected.

BTW this is one of the funnest threads I've participated on in a long time... I love thwarting theives.

Oh the other thing that we have to consider in all this. Especially if we are using dates. Is that the person could simply change the date on the PC?

Craig, mailto:sander@cogeco.ca

In the computer industry, there are three kinds of lies:
lies, damn lies, and benchmarks.
 
Upvote 0 Downvote
ADoozer,

Dongles usually include a chip that has encoded data on it. Sure, you can build a dongle, but can you build one that has the right encoding to fool the program?

And as for the file, like I said, software protection schemes are inherently unsecure, and can be defeated by someone who is dedicated enough to try. A mix of things is probably the best way to do it if you are going to go the software route.

Robert
 
Upvote 0 Downvote
craig sandler:
yup this is a cool thread, id also like to get hold of the guy that nicked my stereo from my car last year... *fume*

there was a thread a few months back that went into mucho detail on the subject, but search is under maintenance and i cant remember the thread number!!!

thevampire:
i agree...

>software protection schemes are inherently unsecure

if i had the solution id be writing to microsoft demanding a job!!!

as for the chip point... yes but there are ways of "recreating" or copying the chip, cable boxes have chips but i know many people with chipped cable (mainly due to dodgy cable employees)

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Well, as with most security, all you are trying to do is make it more difficult for the person than it's worth.

I work for a company that specializes in security, so I have to try and "think like a crook" to see how we can harden our systems.

As far as car security goes, what you are trying to do is make your car a less attractive target, verses the car parked beside it...

As the old saying goes, "I don't have to be faster than the bear that's chasing me, all I have to do is be faster than the other guys!"

Robert
 
Upvote 0 Downvote
>As far as car security goes, what you are trying to do is make your car a less attractive target, verses the car parked beside it

LOL i drive a daewoo!!!!!!!!!!!!!!!!!!!!!

i understand your point though!!

If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
As far as the dongles go, they are more reasonably priced than I expected. I'm not sure what you consider "big bucks", but if you are selling your software for a few hundred or more (American), it very well might be a good approach to consider.

Besides, "dongle" is just a fun word to say.
 
Upvote 0 Downvote
>search is under maintenance

Aaarrgghh! Last time it was down for maintenace it was gone for two or three weeks...
 
Upvote 0 Downvote
I'm sure I've got some suggestions and comments, but beer is clouding my brain at the moment so I'll just keep quiet for now...
 
Upvote 0 Downvote
LOL

Beer me no function well without! as homer once said!!



If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
 
Upvote 0 Downvote
Ok, now that I've gotten some replies... I'll ponder on them and reply.

Placing a file or registry key is a tried and unTrue method of preventing reinstallation. More times than not, the person can get around it SOME way.

I think the next step is to set up a webserver, and at any point they are connected to the Internet, have the program contact the server. Even if they have a firewall, the program must contact the server in order to run, thus, they would have to enable the program to go through their firewall. Once the program is through the firewall the program answers a series of "questions," one of them being the activation key. If any of these "questions" (which can be programmed into the software with specific, encrypted answers) comes back incorrect, the key is disabled and the person must contact a number to reactivate the activation key. The number of times the key has been reactivated will be kept on record, thus keeping an eye on potential abusers (i.e. people pretending that they had to "reformat their harddisk, and now don't have their activation key). The software will be purchasable online, so the CC number will be mapped to the account.

So, who likes my idea? ;) If you steal it, I will come for you. :p

Akuta Same
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ComputersUnlimited
  • Locked
  • Question
Prevent duplicates in XML file
Replies
4
Views
50
Andrzejek
Andrzejek
tshad
  • Locked
  • Question
How to prevent ItemCheck event from firing 1
Replies
2
Views
27
tshad
tshad
Yorkshireman2
  • Locked
  • Helpful tip
Datagridview - prevent columns scrolling to right when changing rows
Replies
0
Views
31
Yorkshireman2
Yorkshireman2
VbDev100
  • Locked
  • Question
Prevent windows shutdown
Replies
5
Views
29
dilettante
dilettante
GRIME
  • Locked
  • Question
Cannot prevent Duplication
Replies
2
Views
17
GRIME
GRIME

Part and Inventory Search

Sponsor

Back
Top