- NSIS Discussion
- Automatically Expire software
Archive: Automatically Expire software
tudza
23rd September 2005 02:38 UTC
Automatically Expire software
I would have thought this was the job of the software being installed, but I was asked whether NSIS supported a mechanism by which a piece of software could be disabled after a certain amount of time has passed since installation.
deguix
23rd September 2005 03:22 UTC
Well, there is one thing you could try. You can create an "extractor" that extracts the original file to somewhere in the computer disguised as the original program. Then, you can use NSIS codes to retrieve information for the installation and expiration date, and to stop the execution of the program if it's desired. This wouldn't need any changes to the original application.
The only problem with this simple method is that you need to extract it to somewhere in the users computer. I just don't know if there is a way to extract the application directly to the RAM so that there would be rarely a way of copying the extracted file and removing the expiration time. This area is quite unknown for me, though...
Thus, I recommend changing the program's source for this or to use other tools. NSIS is not used for tough security, you know. NSIS is in continuous development and it is open-source.
finx
1st March 2006 02:09 UTC
Re: Automatically Expire software
Originally posted by tudza
I would have thought this was the job of the software being installed, but I was asked whether NSIS supported a mechanism by which a piece of software could be disabled after a certain amount of time has passed since installation.
What I would like to have is an expiration date lock _in_ the installation program. I mean if the the date has expired, the installation program will not work anymore. It just gives a message "The installation program has expired"
How to script this in NSIS?
Takhir
1st March 2006 07:23 UTC
Use Manual, 5.2 Predefines {__DATE__} for compillation date, E.1.6 GetTime sample for installation time, show message box if difference is bigger then your limit.
dandaman32
1st March 2006 07:43 UTC
I wrote a library to do this with NSIS, including an activation key system that allows for expiring keys. If I can modify it enough to post it here without giving away the original algorithm at all I can post it here.
You can do some cool stuff with this. What I do is I code installers for people, and I protect the installer with a 30-day trial period (what you're looking for) but I also use DcryptDll to encrypt the installer's source code and package it into the installer. When my client buys a license to use the installer commercially, I send them an activation key (which expires after a set number of days) and a decryption key, which unlocks the installer's source code. When the activation and decryption keys have been validated, the installer decrypts/extracts the installer's source code, spawns an NSIS compiler (about 500kb packed with LZMA compression) and rebuilds an installer without the protection, encryption, or 500 extra kb of overhead.
If all that sounded a little complicated, don't worry. The secure clock library (affectionately called "ClockLock") is relatively easy to implement and can allow for custom code upon validation success/failure. It also protects against clock set-backs (an old cheat) and fraud keys. It even confuses registry-monitoring programs like SysInternals Regmon.
Again, I cannot post it here unless I drastically change it, because then my clients can steal the installer sort of. I can privately license it to you for a negotiable price (it took me a long time to develop) and provide tech support, examples, a keygen, and several other tools or I can just post the thing here but I can't provide any considerable help for it.
One major bug: Nothing works across years. Of course this is March, so this isn't a problem for now.
Here's a working example: http://www.freewebtown.com/dandaman3...ureNotepad.exe
This example only has one big vulnerability: it extracts the program file and runs it. User can copy it to another folder and rename it, voila no time limit. But everything else seems to work fine.
Unlock key: 635433-955166-776584-010880-182012 (expires 90 days from this post)
To do some cool stuff with registration: run SecureNotepad.exe /RegInfo.
I have a sample encrypted installer too, if anyone wants to see that...
-dandaman32
Contains windows notepad, (c) micros0ft
dandaman32
1st March 2006 08:17 UTC
OK all, here is an encrypted installer.
Activation key:
635448-027515-102882-028320-224000
(expires 120 days from this post)
Decryption key:
7F12DBEA-8C6DA3D3-863AD317-9D11EB85
Importable key package attached, unzip before using.
Download binary: http://www.freewebtown.com/dandaman3...dInstaller.exe
BTW, do NOT use the ExperienceUI version included with this. I realize that I am giving an unofficial beta of XPUI 1.11, but be warned: this is undocumented and I had to modify it just to get this script to compile properly.
Disclaimer: while this installer does not contain any malcious code, it does contain unreleased, pre-alpha builds of certain tools, including ExperienceUI 1.11 and Component Manager 0.3. If this shreds your system, I am not responsible for it. Period.
The source for the installer (minus the trial library) is included. To compile, you will NEED to move the ExperienceUI language file insert (!insertmacro XPUI_LANGUAGE English) up before pages unless you use the pre-alpha version of the XPUI included with this package. (edit: Well, sort of included. You have to decrypt the thing first :) )
-dandaman32
Contains windows notepad, (c) micros0ft
dandaman32
1st March 2006 08:35 UTC
Sorry, forgot to attach...
-dandaman32
finx
2nd March 2006 22:02 UTC
Expiration date checking
Thanks for your hints!
After reading the manual I tried to write the most simple expiration checking code there can be, I think... What I'm looking for just now is just a very simple static expiration date checking.
This seem to work for me. What do you say?
By the way, what's the difference between "Local time" (getTime option 'L') and "System time" (getTime option 'LS')really?
SAMPLE CODE **************************
;for getTime function:
!include "FileFunc.nsh"
!insertmacro GetTime
;for StrCpy function:
!include "StrFunc.nsh"
;greate variable for installation day
VAR /GLOBAL MYINSTALLDAY
;greate variable for static expiration day
VAR /GLOBAL MYEXPIRATIONDAY
;=== get date =====================
Section
${GetTime} "" "L" $0 $1 $2 $3 $4 $5 $6
; $0="01" day
; $1="04" month
; $2="2006" year
; $3="Friday" day of week name
; $4="16" hour
; $5="05" minute
; $6="50" seconds
;The day when user executes the installer.
;It's "20060401" in this sample.
strCpy $MYINSTALLDAY "$2$1$0"
;my static expiration day 31th of march 2006
strCpy $MYEXPIRATIONDAY "20060331"
;expiration checking.
;If the installing date is
;bigger than expiration date
;installer quits. Otherwise it goes on normally.
${if} $MYINSTALLDAY > $MYEXPIRATIONDAY
MessageBox MB_OK "Sorry! Installer expired. Please update the program"
;quit installer
Abort
${EndIf}
SectionEnd
;==================================
END OF SAMPLE CODE ************************
Thanks for your feedback!
dandaman32
3rd March 2006 06:07 UTC
If you really want go go secure, make the program check the time on the Internet. In NSIS:
; User should be connected to the 'net at this point.
; Use Dialer plugin and ConnectInternet function
; (function is in Dialer docs I believe) to connect.
nsisDl::download_quiet "http://www.mysite.com/time.php" "$TEMP\timecheck.ini"
StrCpy $MYEXPIRATIONDAY "20060331"
ReadINIStr $0 $TEMP\timecheck.ini "Time" "CurrentTime"
Delete $TEMP\timecheck.ini
IntCmp $0 $MYEXPIRATIONDAY good good bad
bad:
; Time expired
MessageBox MB_OK "Expired!"
Return
good:
; continue installer
And in
http://www.mysite.com/time.php:
<?php
$date=date("omd");
echo "[Time]\nCurrentTime=".$date."\n";
?>
I just realized how buggy the encrypted installer is. It's fixed now.
http://www.freewebtown.com/dandaman3...dInstaller.exe
New decryption key: AD378091-0952C988-340E0CF3-D2BC7201
Activation key (same as before): 635448-027515-102882-028320-224000
Updated key import file attached (hopefully).
-dandaman32
Takhir
3rd March 2006 07:10 UTC
Local time includes _timezone and _daylight (summer) shifts. "The /GLOBAL flag is not required (if var declared) outside of sections and functions."
By default, internet connection request from new program first displays Windows Firewall window, a bit disturbing for user, so it might be better to use internet if this is really need only.
sissy
3rd March 2006 08:40 UTC
this thread is quite interesting :)
dandaman32 - id certainly like to see some source if you can change enough not to effect your algorithm from being exploited, thats is if your willing to share of course.
Quote:
dandaman32
11th March 2006 06:44 UTC
@sissy: The library I used for that is not open source because I use it for my installer development services. If you're interested in privately licensing it you can contact me.
I have a lot of projects going on right now, so it will be awhile before I have the time to rewrite that library. Essentially what you would get by privately licensing it (assuming you're interested) is priority.
And I see the key package still isn't attached on the last post. Forum admins, if you're reading this, vB 3.5 is out, maybe you should upgrade...
-dandaman32
karabey
18th May 2006 02:34 UTC
@dandaman
I have downloaded the DcryptDll Script and its looking a little bit hard for me with NCrypts (i am a beginner with NSIS). I need myself also a Protection with Serial or 30-Days Evaluation. The NOTEPAD.exe you have created is really wonderfull. Is there a way to get written Script for it?
Hope to hear from you. Thx
Originally posted by Takhir
By default, internet connection request from new program first displays Windows Firewall window, a bit disturbing for user, so it might be better to use internet if this is really need only. dont you mean local time, since the windows FW popup is going to scare the user?
i can certainly see the internet one will be secure as system time fiddling will have no effect :)
all in all learnt a couple of new tricks thanks to you guys. |