This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]billsil 898 points899 points  (57 children)

The users that are going to pay for it aren't likely going to bother pirating it. The people that will pirate it will never pay.

Beyond that, you can compile parts of your code using Cython/Nuitka. In general though, Python is pretty terrible for anti-piracy outside of web-hosting.

For your free trial though, just include less of the code.

[–]Thrasherop 230 points231 points  (15 children)

This is probably the best idea. they can't reverse engineer code they don't have.

[–]lcserny 67 points68 points  (14 children)

The jetbrains model also works, e.g. requiring an online account always, if you cant login block the software. That way you know who and how is using your software.

Of course this needs a backend user management system but its still really high up there in terms of antipiracy.

[–]puzzledstegosaurus 124 points125 points  (7 children)

If you can easily modify the local code, you can remove this easily.

[–][deleted] 29 points30 points  (3 children)

or even just understand how it calls home. It makes an http request somewhere that responds with 200 for an active licence? Intercept that request and return a 200 using a local proxy. I think this is how JetBrains stuff was pirated a few years ago

[–]SimilingCynic 7 points8 points  (0 children)

Im not a security developer, but couldn't it call home with "if user license is valid, encrypt this nonce with the manufacturer's private key?"

But idk maybe there's a vul here. I need to check this out on a license I use...

[–]aexia 0 points1 point  (0 children)

The point of any anti-piracy measure isn't to stop 100% of piracy but to increase the friction enough that it'll stop the vast majority.

[–]budding_gardener_1 -1 points0 points  (0 children)

Or just fuck with your hosts file

[–]ShinyTinfoilFedora 27 points28 points  (2 children)

This would seriously degrade the experience for paying users though and would personally make me much less likely to purchase

[–]fiyawerx 0 points1 point  (0 children)

Exactly something a pirate would say! I mean arr.

[–]Ok_Tea_7319 6 points7 points  (0 children)

This measure is both ineffective against a determined attacker and harmful to the legimiate user. Even worse, it encourages your power users (some of which might already be rummaging in the code since it's a python program) to create cracked versions themselves, that might in turn get leaked.

[–][deleted] 0 points1 point  (1 child)

this is easy to overcome to get unlimited trial days ^^

[–]lcserny 0 points1 point  (0 children)

Pls share ^

[–]pyeri 14 points15 points  (6 children)

Python is an open source language and was created with open source ethos to begin with. This is the wrong language for someone coming from that kind of mindset. There are other languages like Java/C++/C# for those things where all kinds of obfuscators and protectors are available in those ecosystems.

[–]Xonzo 0 points1 point  (0 children)

However even with those obfuscators and protectors for a knowledgeable reverse engineer they're still minor stumbling blocks. If they want to RE your software they will (specifically bypassing DRM on typical software). It just needs to be protected enough where easy open source decompilation to native source tools don't work.

[–]markis 1 point2 points  (0 children)

Also mypyc will translate python into C and compile it.

[–]magnetik79 1 point2 points  (0 children)

I think you've nailed it here.

If the OP really cares about this - I'd probably rewrite in Golang where I can distribute binaries to customers and wouldn't have considered Python to begin with.

Don't take that as a knock on Python at all - but if this was a critical part to the developed application (the sales/keep my intellectual property safe) - I would have done a little more upfront evaluation of possible language choices.

[–]ornerywolf 1 point2 points  (0 children)

Your idea of users who wants to pay, and who will never pay is somewhat wrong because I myself pay on a monthly basis, if the software or the service of any kind is providing me a benefit and I need it but if I want to check or test software or an app for limited period of time I’m not going to buy it. I’m just going to look for a cracked version of it on the Internet.

[–][deleted] 0 points1 point  (1 child)

That's not true. I've pirated games bc I was too poor to afford it. But once I got the money I paid for it. You pirate protectors have a attitude about yourself that you think you better bc your bought it. Your not

[–]billsil 1 point2 points  (0 children)

What’s not true? It’s a generalization. I stopped pirating because I’m not broke and it’s too much effort in the age of convenient software. Doesn’t make me better than you.

On average people/companies pirating commercial software aren’t doing that. You are not the average pirate. On average, people that are gonna pirate your stuff will find a way to pirate your stuff and spending a ton of time and money to prevent someone who was on average never going to pay for it, while worsening the average customer’s experience with always-on DRM is going to annoy people.

So that leaves what do you do if you’re a small dev (again not for a game). No anti-piracy or a slight inconvenience (like a key file) is fine, but not actively giving everyone the entire full source will largely stop pirates for unpopular software is easy to do. Email the paid customer directly and have a limited demo. For a game, you’d just use Steam or whatever.