I recently came across a PC cleaner software that offers a free trial for 30 days before you decide to purchase it. The developers, however, didn’t address a major flaw in their free trial system.

Before activating the free trial, I set my computer’s clock 40 years in the future now my “free trial” will expire in 2070.

The developers of this PC cleaner software could’ve easily prevented me from doing this.

I’m an Application Developer and Internet Marketer, if you like this article, please do visit my website: https://altair.marketing

I’m sure you must’ve come across an application that offers a time based free trial like this at least once in your life. You will be surprised to find out how many software developers (even from larger firms) tend to overlook this.

If you’re feeling particularly adventurous, you can try using this technique in different software which provide a free trial. Let me know your results in the comments section!

Bestseller No. 1
Acer Aspire 5 Slim Laptop, 15.6 inches Full HD IPS...
  • AMD Ryzen 3 3200U Dual Core Processor (Up to...
  • 15.6 inches full HD (1920 x 1080) widescreen LED...

If you’re a developer, you might want to know the best way to tackle this.

Let’s start with the most basic way of dealing with this.

Using a text file to check DateTime tampering

In this method, when your software activates the free trial, it simultaneously creates a text file with the current DateTime in the file’s metadata, which is updated every time the user opens the software.

Here’s how the algorithm works:

  • Upon creation of the free trial, your software creates a text file in the app’s directory and sets the “Created On” attribute to the current DateTime.
  • Every time the end-user opens your application, it updates the “Created On” attribute to the current DateTime.
  • Whenever the end-user opens the application, the software compares the “Created On” attribute to the current DateTime of the system.
  • If the current DateTime is less than the compared DateTime, it implies the system’s clock is incorrect.

Using this algorithm, you can prevent your end-users from setting their system clocks to a past DateTime.

However, this method has a loophole. If the user has already changed their system clock to a later date before activating the trial, they can still control the trial duration.

Worry not, there’s a simple fix for this problem. When activating the trial on a particular machine, your software first connects to the internet to check if the DateTime is correct. An internet connection is needed when activating the “trial” for the first time.

Fetching and comparing DateTime from the internet

Here’s how the algorithm looks like for the above:

  • Upon creation of the free trial, your software connects to the internet and gets the current DateTime.
  • The DateTime fetched from the internet is compared to the system’s current DateTime. If the difference is less than 24 hours, it proceeds to create the “essential” file discussed in the first method.
  • Your software creates a text file in the app’s directory and sets the “Created On” attribute to the current DateTime.
  • Every time the end-user opens your application, it updates the “Created On” attribute to the current DateTime.
  • Whenever the end-user opens the application, the software compares the “Created On” attribute to the current DateTime of the system.
  • If the current DateTime is less than the compared DateTime, it implies the system’s clock is incorrect.

Please note this is not the best way to prevent clock tampering from a security point-of-view. This method discourages the average end-user from abusing your application’s licensing system.

Anyone who is mildly competent will try to reverse-engineer your application through something like “IDA pro” or any other disassembler on the market. Even if you have obfuscated your code, they can just put a breakpoint and break it if they put in enough time.

Why would anyone implement this basic check if they know it can be defeated if someone knows what they’re doing?

The answer is if someone is determined to use your software for free, they’ll find a way to use it for free. If they’re unable to find a crack/exploit, they’ll move on to a more exploitable software. They were never a potential customer in the first place.

New
SeaPeeKay
  • What is going on you guys, my name is, SeaPeeKay!...
  • Harmony Hallow SMP, Survive The Night and more!...

Sure, you could throw in Registry Keys and masqueraded DLL files into the mix along with aggressive code-obfuscation to make the software cracker’s life a living hell but, trust me, the only people who will suffer in this case are your genuine customers.

The reason your customers will suffer is that when a program tries to create registry keys in a machine, the anti-virus lights up like a fir tree during Christmas. Also, aggressive code-obfuscation makes your application more complicated and hence slower.

In the end, it all boils down to the return on investment your application offers. You need to decide if it is worth spending that extra couple of months perfecting your ultimate ninja-like protection technique.

Congratulations! You made it to the end, you’re amazing! I hope you enjoyed this article and got to learn something new.