I am making an educational game in Unity for a client, the client wishes the file to be password protected and then lock after 30 days, so anyone leaving the company cannot continue to use it if they have it on their machine (it is a training tool for internal use only).
Password protecting the file is not really a problem, I can use either a password protect on the file itself or implement one in-game (with the UI tools) when you start it.
The problem is getting it to ‘expire’ and then lock the user out.
So my question is, how do I get the game to know when 30 days have passed since the user first opened the file? I’m guessing it would need to read the system time to determine what the date was, or something similar? Or maybe have some kind of timer going, that will essentially count down to the expiry time.
Essentially I just need to be able to trigger a UI popup that tells the user they cannot use the application any more (and at the same time just deactivate the play button or something similar).
I am more of an artist than a programmer, so this sort of thing is a little above me, so I would really appreciate some pointers.
Is there a quick and easy way to do this or is it something that is going to be really complicated to set up?
If it is not possible, if anyone has any ideas of alternatives it would be much appreciated!
A rudimentary solution involves measuring changes in the System.DateTime.
Store the Date the application first ran, and check against this value each time it’s run.
This may lead to issues with users who change time zones.
Also, this measure can be foiled by purging the registry values created by the program, or by manipulating the system’s date and time settings.
The “right” way to overcome this is by linking access to a user account, and handling all login / access requests through your company server. The application waits for your web service to verify the login and passage of time, then allows or rejects the access attempt based on whatever criteria e.g. bad password or 30 days expired.
Assuming nobody hacks into your server and messes with these values, average users will have much greater difficulty circumventing the lockout.
As an additional protective measure, (to discourage desperate parties from using various “hacking” tools to “spoof” a login) your application and server might exchange some kind of key, on which mathematical operations are performed and verified, to allow or disallow access.
There’s a whole industry built around creating these security measures. I expect you may get better, more cost-effective results by purchasing some kind of turnkey solution. In any case, UA is not the place to continue such a line of questioning.
You could also use a simple self-checked serial key which you hand out to a user. Something like this:
However you might want to additionally keep track of the time “already passed” or use a web-time source in case the user tries to spoof the system time.
Keep in mind that all those security things are pointless if your users are intermediate / professional programmers. Unity compiles the scripts to .NET / mono assemblies which can easily be decompiled / manipulated. It also doesn’t matter which platform your tool runs on. Even a webbuild or android app can be cracked without much efford.
If your users are “just users” any kind of time check (that doesn’t store the timestamp as plain text next to the application or in the registry) will do.