Prevent time cheating of Trial Product: Which Files to monitor?

Question

I was reading on trial products and the challenge of user forwarding time before installing the product so that it will not expire for long time. One of strategies I read is checking modified time for some files and compare to current time and see the difference if makes sense. My Question is, which are best files to use for the task in both Windows and Linux? Why do you think are the best for the task?

Since I don't remember the url of the site (was reading in a phone and I cannot reproduce url right now), I will appreciate any link on the subject or even SO answer in case I missed it!

Answer 1

Dynamically Embed the date and time of download with in your setup installer package.

Tell the customer to activate the trial product before 48 hours or so. (After activation he can use for entire trial period)

Then, at the time of installation, check whether system time (client machine time) is matching with date time of your installer.

If it is not matching, do not allow the installation.

EDIT:

It can be done in the following ways.

1. Using encryption:

Create an XML file with download time stamp when download button is clicked.

Create a private key using cryptography library such as OpenSSL

Extract public key from private key.

Encrypt xml file using private key, It generates signature file.

Ship EXE file, xml file, public key file and signature file to the client.

When client tries to install, your EXE verifies the signature and xml file using the public key.

If signature matches, it checks whether system time stamp is not greater by more than 48 hours. And it shouldn't be less than download time stamp.

If hack attempt is made to change XML, signature wouldn't match, there by preventing installation / subsequent usage of product.

2. Patching

Patching exe may be done although not recommended. Can a web server dynamically generate an executable on the fly?

It may be resource intensive.