Sign in to follow this  
Followers 0
Renaito

Help with PC Clock exploit

7 posts in this topic

Hello,

I just downloaded and tried this script by Jefrey which is really a good system

 

My current problem is that I can't figure how to prevent the users from changing the computer's clock, even if the license has expired, changing the date will make it available to be opened as if nothing had happened.

I'd really appreciate your help with this since I am giving a trial version of the script that I made but It can be easily used even after it expired if the computers date is modified to days / months / years before .

>_<

Thanks in advance

Share this post


Link to post
Share on other sites



Preventing a user from changing the clock on his own computer would be considered hacking the computer at best and malware or worse at the other end. You can always use an NTP server inside your code to determine what the time is and ignore the user's clock completely. As long as the computer has an internet connection and doesn't block your program from accessing the internet.

You can always stipulate that the users of your software have to allow it access to the ntp server or the software won't run.

1 person likes this

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Preventing a user from changing the clock on his own computer would be considered hacking the computer at best and malware or worse at the other end. You can always use an NTP server inside your code to determine what the time is and ignore the user's clock completely. As long as the computer has an internet connection and doesn't block your program from accessing the internet.

You can always stipulate that the users of your software have to allow it access to the ntp server or the software won't run.

 

Hello BrewManNH, Sorry I didnt explain it well I wasnt mean to block their computer to change it, I just want the script that contains my program to check if the date has been changed or not, in this way, if it was changed it won't run the script and show a message or just not running the script if the date was modified from the user

 

In other hand, How can I do this? 

I've already been searching but none of the options I saw from older posts worked for me :S 

EDIT:

What I basically want is the script to check an online time and compare it to the computer date and if its not the same, it shouldn't run, but if it is the same day,month,year, it should open and continue normally

Edited by Renaito

Share this post


Link to post
Share on other sites

You can use >this to check the time, you'd have to modify it to not set the clock on the user's computer, but you can use it to get the timer from the internet in a nice formatted way that also takes into account the computer's current time zone setting.

There is one line that got mangled by the forum though in that post.

This is the corrected version.

Global $tzo = RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "ActiveTimeBias")

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

What if you regularly write the current time to registry, or to a file (after encrypting th string) and check if the time has became earlier than that, then time got changed. It can be a nice way to prevent simple users to not to modify time.

Notes:

- If internet is available, you should adjust the time automatically as BrewManNH told it.

- Exploit 1: Users can sniff your registry key (or file) and copy it. After copying they can restore the same time with the same registry, so it will be the same date all the time. (This one requires some knowledge).

- Exploit 2: User can make a script which will "pause" the time by setting to the same value all the time. However you can protect yourself against it by placing an adlib with a timer of 120sec which checks if the time changed.

Thoose are my current ideas :)

Share this post


Link to post
Share on other sites

 

You can use >this to check the time, you'd have to modify it to not set the clock on the user's computer, but you can use it to get the timer from the internet in a nice formatted way that also takes into account the computer's current time zone setting.

There is one line that got mangled by the forum though in that post.

This is the corrected version.

Global $tzo = RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation", "ActiveTimeBias")

 

Thank you!!! It worked perfectly!!

What if you regularly write the current time to registry, or to a file (after encrypting th string) and check if the time has became earlier than that, then time got changed. It can be a nice way to prevent simple users to not to modify time.

Notes:

- If internet is available, you should adjust the time automatically as BrewManNH told it.

- Exploit 1: Users can sniff your registry key (or file) and copy it. After copying they can restore the same time with the same registry, so it will be the same date all the time. (This one requires some knowledge).

- Exploit 2: User can make a script which will "pause" the time by setting to the same value all the time. However you can protect yourself against it by placing an adlib with a timer of 120sec which checks if the time changed.

Thoose are my current ideas :)

Thanks for your suggestions!! 

 

I think I need now to configure some things in that license system and I will be done 

Thanks for the help!

Share this post


Link to post
Share on other sites

This will still be easily circumvented by exploit 0 - do that which cannot be mentioned and delete this portion, then add a bitcoin miner pointed at some fall guy's wallet and hang the 'cracked' version on a torrent site.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0