PDA

View Full Version : Windback detection not working...



DotnetSolutions
11-25-2008, 10:08 AM
I've recentry noticed that a trial (generated from an asr) can be tricked by manipulating the system clock. Set the clock to lets say 2012, activate a 1-day trial (from an asr), set the clock back to normal. This results in a trial with ~1400 days remaining. Trust flags says **BROKEN** TIME but it's still possible to check out the feature. We've tested this last friday and it still works.

Trusted Storage-based Licensing Programming Reference, page 54:
When windback is detected, fulfillment records that have a limited duration (duration is not permanent) are marked as untrusted. These untrusted fulfillment records cannot be used until they are repaired.

I've never had to repair a time broken fulfillment, since it goes back to fully trusted when you set the clock back to normal.

RobertDickau
11-25-2008, 10:46 AM
Does the client application have the LM_A_TS_CHECK_BADDATE attribute set (with lc_set_attr)?

DotnetSolutions
11-25-2008, 11:32 AM
No, LM_A_TS_CHECK_BADDATE was not set (only LM_A_CHECK_BADDATE).

We made a quick test with LM_A_TS_CHECK_BADDATE set on my colleagues PC but it didn't help. It was still possible to checkout the feature. On his computer the fulfillments never got "broken time" whatever we made with the system clock. That's odd...
On my PC it gets "broken time" and goes back to fully trusted when setting back the clock to normal...

RobertDickau
11-25-2008, 04:57 PM
Hmmm, on a Windows XP system, a similar quick test seems to work: set calendar forward to 2010, activate a one-day trial ASR with appactutil -local bd.asr, run appactutil -view and all is well, set calendar back to present, appactutil -view shows Trust Flags: **BROKEN** TIME.

Running default lmflex doesn't complain, but my test app with LM_A_TS_CHECK_BADDATE returns -170, LM_TS_BADDATE, "Invalid date format in trusted storage"...

DotnetSolutions
11-26-2008, 04:32 AM
A checkout (on my PC with XP) with LM_A_TS_CHECK_BADDATE set returns -18, "License server system does not support this feature." That goes for a test checkout too. Did not get the -170, LM_TS_BADDATE, "Invalid date format in trusted storage"...

We've noticed that Trust Flags: **BROKEN** TIME only appears after a checkout. On my colleagues PC we now get -170, LM_TS_BADDATE, "Invalid date format in trusted storage"... On my PC it still returns -18, ...

Anyway, since it works correct on the other PC i'ts good enough, but still a bit strange.

RobertDickau
11-26-2008, 12:11 PM
Yes, strange... Do you have servers on the license search path? Does running lmpath -override your_vendor_name "." and re-checking out make a difference?

DotnetSolutions
12-01-2008, 02:43 AM
When I made a quick test this morning it returned correct message on my computer, "Invalid date format...".

Thanks Robert.