How to create a trial version of a Java program [closed]

Question

I'm coding a software on java and i almost finished, i would like to know how can we create a trial version which work for example for 30 days, because i will to send it to some companies

so how to make it like shareware or trialware, also can we block access to the .class in the jar file?

Thank you

Answer 1

There's a product called Rampart that lets you make a trial version for your Java app. It only takes a couple of minutes and it works pretty well.

You can find it at http://Rampartlicensing.com

Answer 2

Here is an idea:

1. Create a database (such as a SQL Server database) that is publicly available on the web. It will keep a list of "trial version" license keys. You can use the same system for full-version license keys when your product is purchased.

2. When your Java software is first run, it'll cause a trial license to be created which will be stored in the database

3. The Java software checks for a valid license each time it is run. The date that the license was created is stored in the database so it doesn't matter what the client clocks are set at.

4. The software stops functioning when the license is expired

Standard windows software can look up the CPU ID and use that as part of the license, so that each computer can only run the trial software once. Does anyone know if there is a "JVM ID" of some kind that can be used for this purpose?

Maybe there is free or open-source license-related code out there already?

Answer 3

Why not just hard code an expiry date into the trial program so that you don't have to continue to support it? You could put this in main().

// Die after October 1, 2010
Calendar expireDate = Calendar.getInstance();
// January is 0 (y, m, d)
expireDate.set(2010, 9, 1);
// Get current date and compare
if (Calendar.getInstance().after(expireDate)) {
  // Die
  System.exit(0);
}

This is how Microsoft distributes their large scale beta software. They just give it an expiry date.

If you're talking about preventing reverse engineering or modifying the code, you can't. You could obfuscate the compiled program, but this won't stop the people who would be reverse engineering your code anyway.

Answer 4

I would just do something really simple and just hard enough such that non-programmers wouldn't be able to figure it out.

I would something like write to a file the number of milliseconds when the program was first installed in a 64-bit long in binary to a file. And have your main class check and enforce the time limit. Yes people can change their clocks to work around this, but really you don't want to sell to those people anyways. Also ensure the current time is strictly within 30 days of the install. Most users will just set their clocks back one year and it works with most programs because they just did a simple less than the difference check. You should also check that the difference in number of days from current to install is also greater than 0.

If you feel you need more protection than that, then you have a business model problem more than a software one. Its basically impossible to make it unhackable, especially since you can just extract and disassemble the class files.

Answer 5

The problem with trying to limit the dates is that the naive solution of just checking the date is easily fooled if the person sets back their system clock. I worked with a guy who kept a VMWare virtual box just for running time limited software. A better approach would be to record the time of the last time it was run, and if the time ever goes before that time, you know the clock was set back and you can abort. The problem is figuring out how to stash that file somewhere where the user can't find it an overwrite it. Again, in the the VMWare or VirtualBox environment, the user could just roll back to an earlier snapshot.

In other words, you can limit some of the people some of the time, but not all of the people all of the time.

Answer 6

I work on a commercial Java software and it is protected.

Is mandating an Internet connection acceptable in your case? In our case, our software only makes sense if there's an Internet connection and hence we can make reverse engineering impossible by simply following this mantra:

make sufficient part of the computation happen on the server side

There's nothing against this an attacker can do besides:

• rewrite the part of your software that is happening on the server side

• pirating your server

If our potential users are not happy with the fact that our software mandates an always-on Internet connection they can either buy or pirate one of our competitor's inferior product.

Think of it this way: nobody ever succeeded in playing on Blizzard's battle.net using fake/generated license keys.

Sure, a pirate could try to fake the whole battle.net, but then the pirated version wouldn't allow people to play in, say, the real WoW economy nor to compete on the real Starcraft ladder, etc.

Why did no-one managed to do that: because Blizzard made sufficient part of the computation happen on the server side.

Sufficient part of the computation happening on the server side effectively means: "good games pirates".

The more we move to an always-connected world, the easier it is to protect apps against piracy. Same for content (DRM), for the better or the worse.

Answer 7

I check date from what an atomic time server will send me at the beginning at the code. Then, I will compare that date with a specific date. If the atomic time is less, then System.exit(0).

public static GregorianCalendar getAtomicTime() throws IOException {
    BufferedReader in = null;

    try {
        URLConnection conn = new URL("http://64.90.182.55:13").openConnection();
        GregorianCalendar calendar = new GregorianCalendar();
        conn.setConnectTimeout(1000);
        in = new BufferedReader(new InputStreamReader(conn.getInputStream()));

        String atomicTime;
        while (true) {
            if ((atomicTime = in.readLine()).indexOf("*") > -1) {
                break;
            }
        }
        //System.out.println("DEBUG : " + atomicTime);
        String[] fields = atomicTime.split(" ");

        String[] date = fields[1].split("-");
        calendar.set(Calendar.YEAR, 2000 + Integer.parseInt(date[0]));
        calendar.set(Calendar.MONTH, Integer.parseInt(date[1]) - 1);
        calendar.set(Calendar.DATE, Integer.parseInt(date[2]));

        // deals with the timezone and the daylight-saving-time
        TimeZone tz = TimeZone.getDefault();
        int gmt = (tz.getRawOffset() + tz.getDSTSavings()) / 3600000;
        //System.out.println("DEBUG : " + gmt);

        String[] time = fields[2].split(":");
        calendar.set(Calendar.HOUR_OF_DAY, Integer.parseInt(time[0]) + gmt);
        calendar.set(Calendar.MINUTE, Integer.parseInt(time[1]));
        calendar.set(Calendar.SECOND, Integer.parseInt(time[2]));
        return calendar;
    } catch (IOException e) {
        throw e;
    } finally {
        if (in != null) {
            in.close();
        }
    }
}

Answer 8

Regarding the class files, you can't block access to them, but you can make their de-compiled version totally unreadable by obfuscation.

Answer 9

I've had success using True License in the past. It has a support for a trial period. Use it in combination with an obfuscation tool like ProGuard and it certainly makes it non-trivial to crack.

Answer 10

I recommend functional limitions. I have little post it note program. The program works fully, but you can create only 10 notes in unregistered mode. So i try to be nice to user. No date limitions, nag screens or someting else evil. Only small status line that has limition text and and register button.