View Full Version : Windback detection not working...

11-25-2008, 10:08 AM
I've recentry noticed that a trial (generated from an asr) can be tricked by manipulating the system clock. Set the clock to lets say 2012, activate a 1-day trial (from an asr), set the clock back to normal. This results in a trial with ~1400 days remaining. Trust flags says **BROKEN** TIME but it's still possible to check out the feature. We've tested this last friday and it still works.

Trusted Storage-based Licensing Programming Reference, page 54:
When windback is detected, fulfillment records that have a limited duration (duration is not permanent) are marked as untrusted. These untrusted fulfillment records cannot be used until they are repaired.

I've never had to repair a time broken fulfillment, since it goes back to fully trusted when you set the clock back to normal.

11-25-2008, 10:46 AM
Does the client application have the LM_A_TS_CHECK_BADDATE attribute set (with lc_set_attr)?

11-25-2008, 11:32 AM

We made a quick test with LM_A_TS_CHECK_BADDATE set on my colleagues PC but it didn't help. It was still possible to checkout the feature. On his computer the fulfillments never got "broken time" whatever we made with the system clock. That's odd...
On my PC it gets "broken time" and goes back to fully trusted when setting back the clock to normal...

11-25-2008, 04:57 PM
Hmmm, on a Windows XP system, a similar quick test seems to work: set calendar forward to 2010, activate a one-day trial ASR with appactutil -local bd.asr, run appactutil -view and all is well, set calendar back to present, appactutil -view shows Trust Flags: **BROKEN** TIME.

Running default lmflex doesn't complain, but my test app with LM_A_TS_CHECK_BADDATE returns -170, LM_TS_BADDATE, "Invalid date format in trusted storage"...

11-26-2008, 04:32 AM
A checkout (on my PC with XP) with LM_A_TS_CHECK_BADDATE set returns -18, "License server system does not support this feature." That goes for a test checkout too. Did not get the -170, LM_TS_BADDATE, "Invalid date format in trusted storage"...

We've noticed that Trust Flags: **BROKEN** TIME only appears after a checkout. On my colleagues PC we now get -170, LM_TS_BADDATE, "Invalid date format in trusted storage"... On my PC it still returns -18, ...

Anyway, since it works correct on the other PC i'ts good enough, but still a bit strange.

11-26-2008, 12:11 PM
Yes, strange... Do you have servers on the license search path? Does running lmpath -override your_vendor_name "." and re-checking out make a difference?

12-01-2008, 02:43 AM
When I made a quick test this morning it returned correct message on my computer, "Invalid date format...".

Thanks Robert.