Make money with PureBasic, What is The Road for NewBies ?

[TI-994A]

Is it possible to share the code for a time-bomb ?

Sure. It's just an implementation of a paywall. There are many ways to do this, mostly contingent on the platform. The config data could be stored in the registry or a database, and the triggers are usually time-based, with date-based hash keys to disable them. And we'd insert an easter egg somewhere in the main UI, activated by some keyboard/mouse combination, to disable the self-destruct when required.

For clarity's sake, this simplified demo utilises a run-count and a registration flag stored in a binary file with a hardcoded "kill" code. The easter egg is marked with a red square, and is activated by a control left mouse click on the square. The app will stop working after five runs if the self-destruct is not disabled.

Code: Select all

EnableExplicit

#allowedRuns = 5
#killCode = 123456
#disable = #True
#checkState = #False
#configFile = "app.cfg"

Global appQuit = #False
Global appTitle.s = "App Title"
Define.i x, y, event, wFlags, killCode.s

Procedure throwError()
  MessageRequester(appTitle,
                   "Critical error launching the application. " + 
                   "Please contact technical support for assistance.", 
                   #PB_MessageRequester_Ok | #PB_MessageRequester_Warning)
  appQuit = #True  
EndProcedure

Procedure selfDestruct(disable)  
  Define.i runs, licensed, runString.s
  If FileSize(#configFile) > -1   
    If OpenFile(0, #configFile)
      If disable
        WriteInteger(0, 1)
        WriteInteger(0, 0)     
        SetWindowTitle(0, "App Title (licensed)")        
      Else        
        licensed = ReadInteger(0)
        runs = ReadInteger(0)
        If licensed = 0          
          If runs => #allowedRuns
            throwError()  
          Else             
            runs + 1            
            If runs = #allowedRuns - 1 : runString = " run " : Else : runString = " runs " : EndIf            
            appTitle + " (unlicensed: " + Str(#allowedRuns - runs) + runString + "remaining)"            
            FileSeek(0, 0)
            WriteInteger(0, 0)
            WriteInteger(0, runs)
          EndIf
        Else 
          appTitle + " (licensed)"
        EndIf
      EndIf      
      CloseFile(0)
    Else 
      throwError()
    EndIf
  Else     
    If CreateFile(0, #configFile)
      WriteInteger(0, 0)
      WriteInteger(0, 1)
      CloseFile(0)
    EndIf
    appTitle + " (unlicensed: " + Str(#allowedRuns - 1) + " runs remaining)"
  EndIf
EndProcedure

selfDestruct(#checkState)
wFlags = #PB_Window_SystemMenu | #PB_Window_ScreenCentered
If OpenWindow(0, 0, 0, 600, 400, appTitle, wFlags)
  CanvasGadget(0, 0, 0, 600, 400, #PB_Canvas_Keyboard)
  
  If StartDrawing(CanvasOutput(0))
    Box(555, 55, 10, 10, #Red)
    StopDrawing()
  EndIf
  
  Repeat
    event = WaitWindowEvent()
    Select event
      Case #PB_Event_CloseWindow
        appQuit = #True
      Case #PB_Event_Gadget
        Select EventGadget()
          Case 0
            Select EventType()
              Case #PB_EventType_LeftButtonDown
                If GetGadgetAttribute(0, #PB_Canvas_Modifiers) & #PB_Canvas_Control
                  x = GetGadgetAttribute(0, #PB_Canvas_MouseX)
                  y = GetGadgetAttribute(0, #PB_Canvas_MouseY)
                  If x > 554 And x < 566 And y > 54 And y < 66
                    killCode = InputRequester("Disable Self-Destruct", "Kill Code: ",
                                              "", #PB_InputRequester_Password)
                    If Val(Trim(killCode)) = #killCode
                      selfDestruct(#disable)
                    EndIf                    
                  EndIf
                EndIf
            EndSelect
        EndSelect
    EndSelect
  Until appQuit
EndIf

Please ensure that the code is run from a folder with write permissions - otherwise the app will not be able to create the config file.

Enjoy!

[Erolcum]

Very good, thanks man. The binary file may stay in the same place with exe but for example as a company logo. If someone delete the logo, program will not run No one suspects from a logo.

[Piero]

What if the time-bomb was money itself?
Maybe I didn't study history enough

[Erolcum]

What if the time-bomb was money itself?
Maybe I didn't study history enough

Hi,
if you haven't received the money from the customer yet, this small program that creates a file to protect the code and writes a runs counter in it. on second thought, you need to write the counter in the registry.

[AZJIO]

you need to write the counter in the registry.

You can reset the counter to 0 before each launch. To do this, run regshot, take two pictures before starting the program and after. Then click the "Compare" button and get the difference. Your code must have its own method of protection and not tell anyone on the forum, otherwise the first thing to do is look for user messages on the forum with the text “protection”, etc. and so on.

[Erolcum]

Do you have a better idea ? you are right, but users are not always programmers fortunately. To bypass regshot, you can wait 30 minutes before writing to registry in your program where can we hide this counter in HKLM in registry ? registry.pbi module from ts-soft can write a value in HKCU. I don’t try to write to HKLM yet.

[TI-994A]

You can reset the counter to 0 before each launch ... Your code must have its own method of protection and not tell anyone on the forum...

This is just a simple POC. Nevertheless, I don't mind sharing the actual techniques that I employ for securing offline applications.

The hash of the kill code and the original installation/expiry dates are stored on the application's database. All entries into the database are then encrypted with the installation/expiry dates. Simply changing the installation/expiry date entries would render all the database entries unreadable. If the paywall is not deactivated with the original kill code before the expiry date, the application is disabled.

Not a secret.

[Erolcum]

I'm not quite clear in my head, can you tell more if possible.
Let's say you sent an exe and an encrypted db file to your customer on 01.09.2024. Let the installation date be 01.09.2024. Let the demo end of use date be 30.09.2024. The customer used this software for 25 days. Then he deleted the program from the disc and copied the files you gave on 01.09.2024 to the disc. What will prevent him from using the program for 25 more days? Hmm. I see now, he has lots of valuable datas in db file, right ?

[BarryG]

To bypass regshot, you can wait 30 minutes before writing to registry in your program

Don't forget that some users can be smart enough to run "Process Monitor" and filter the results by your exe's Registry access. So they can see after 30 minutes what got written to which Registry key with no effort at all. Same if they use "Sandboxie" and check the sandbox's access history later.

[TI-994A]

...you sent an exe and an encrypted db file to your customer .. What will prevent him from using the program for 25 more days? Hmm. I see now, he has lots of valuable datas in db file, right ?

Yes. If the application were to be reinstalled, all the data processed theretofore would be virtually lost. Even if the original db file were not deleted, the data, which was encrypted with the previous installation dates, would be illegible to the new installation.

Also, there's no need to distribute any db file with the executable binary. The database would be automatically created on the first run, at which time the installation/expiry dates would be recorded, along with the hash of the kill code, which could be hardcoded as a constant within the program, or appended to it as a data block.

However, these techniques are rarely used nowadays, since applications are usually connected to the internet. A phone-home feature, which is used to check for app and other updates, would also discretely perform the paywall validation. But again, this is feasible only if the app depends on the cloud for storage or backend processing. Otherwise, the classic time-bomb would still be implemented.