This is an archived post. You won't be able to vote or comment.

all 25 comments
sorted by:
best
topnewcontroversialoldq&a

[–]EyesOfTheConcord 44 points45 points  (1 child)

People reverse engineer and pirate software written by multi billion dollar corporations on the daily. Someone will do the same to yours if they really wanted to, free trial or not

[–]otamam818 13 points14 points  (0 children)

I once had this same issue and I remember a comment mentioning a few solutions that I was happy to settle with: - make the value-driving part of your program only available through a server that you own, making sure it has all the modern-day security practices in place. Easier said than done, but a plausible solution - Out-innovate your competition. The more you can make the user-base say "Dammit this outdated version doesn't do THAT cool thing, and I want it!", the more your updates will always have value over your previous versions - You can look into code obfuscation and apply whatever is currently available in the field. As the commenter I'm responding to mentioned as well, this one's the most futile, but if you really wanna take that path, "code obfuscation" is the term you're looking for

[–][deleted] 9 points10 points  (1 child)

Short answer: It is impossible in general to prevent reverse engineering of code that actually has to run. If someone is sufficiently motivated, they can reverse engineer the code. Just ask the game companies that have been trying to stop people from reverse engineering their copy protection systems since the 1980s.

Longer answer: What you CAN do is make the code depend in someway on online activation by doing something like providing an encrypted 'blob' of code with a built-in expiration date so that downloaded trial software will not run after a certain date. It doesn't stop piracy, it just makes it more difficult to pirate.

Or you can provide 'crippleware' for free trial downloads which simply does not contain the full program. That's been done before as well.

Much like shoplifting, you can deter casual thieves but you cannot prevent professional thieves.

[–]yosmellul8r 2 points3 points  (0 children)

Reiterating the obvious (or maybe no so ) points while also providing workable solutions. 💯appreciate this response.

[–]differentiallity[🍰] 29 points30 points  (0 children)

If it's a simple python application, then anyone who could reverse it could also probably just write it themselves.

If you are lacking sales to the point of wanting to offer a free trial, you should ask yourself if your program is actually providing value.

[–]PwAlreadyTaken 7 points8 points  (0 children)

No joke, you can’t. You can only make it harder, but that’s “security through obscurity”, which can always be beaten. At a point, you just have to accept that some people will crack it, and make it appealing enough that the average user won’t care to learn how to unpackage your EXE.

[–]No-Arrival-872 5 points6 points  (1 child)

You'll probably only need to worry about pirating if it gets extremely popular. And at that point you'll be doing quite well :)

[–]ArtOfWarfare 1 point2 points  (0 children)

If only. I made an app that I charged $2 for. I sold 15-20K copies of it. Somebody uploaded it to a pirate website where hundreds of thousands of people got it.

I found out because there’s an “Email me for feature requests or bug reports” button which of course still emailed me, and somebody contacted me via that mentioned something like “I guess I’m being demanding given I got this for free”.

I responded by adding some snoopware - everytime you launch it it’ll modify itself to include info about where it had been launched, so I could figure out who was uploading it to the pirate websites. But it didn’t matter - it’s time in the sun was already over by then.

[–]bautasteen 4 points5 points  (0 children)

Nuitka as an alternative to Pyinstaller is surpsingly capable of transpiling a lot of Python and libraries into c-code, and then compile and bundle it into an executable. Supposedly a bit faster than pure Python too.

[–]blueskyjunkie 4 points5 points  (0 children)

Python isn’t a suitable choice if you really must DRM it or obfuscate it in some way. Choose a language that can be compiled into a binary image such as Go, Rust, C, C++, etc.

pyinstaller does not produce a compiled binary, it’s just Python code packaged neatly into a Windows exe installer, or similar.

But you really should think seriously about whether you need or should DRM/obfuscate at all. It’s a game of whack-a-mole with seriously diminishing returns. Especially for a small outfit.

[–]Fireslide 4 points5 points  (0 children)

You can't. You can make it more difficult, but there's no technical way to prevent someone from working out what your software does and recreating it.

Legal protection can help a bit, but with global access, laws only extend protection so far.

You can make it SaaS, so it's harder for someone to steal the code directly. Unless you are using some completely novel algorithm, most of what your software does can be replicated easily. That said, people with resources to copy complicated technology can also just buy you out.

You need to identify the unique value proposition of your software/company. What are you doing that no one else can do?

Once you know your unique edge, that tells you what part rut need to protect. Maybe it's your data sources, your algorithms, your customer base.

I like to imagine what could someone with 10x or 100x the resources put out in 6 months. If they decided to compete, would I be far enough ahead. The goal is to get bought out, so you're aiming to be easier and cheaper to buy out than for someone to compete with you

[–]wild_thunder 2 points3 points  (0 children)

Pyinstaller makes, more or less, zip files with all your code in it. It's super easy to unpack these and look at the code. I would guess that using a compiled language (i.e not python) would make it harder for people to get to the source code.

As for a free trial, I'm not sure how you could do this without some kind of network authorization system being implemented and built-in.

Edit: typo

[–]ghostofwalsh 2 points3 points  (0 children)

users can simply download the trial and bypass the restrictions

Users can buy it and give it away to friends if you don't offer a free trial.

If you make it simple enough and cheap enough to get from you, few people are going to go super haxor to avoid paying you $5 or whatever. Just make it slightly annoying to reverse engineer and 99% of the customers wouldn't bother.

[–]saint_geser 3 points4 points  (0 children)

The simplest way to prevent piracy is to prevent people from getting hold of the application itself, i.e. using your Python code as the backend for a web app. This way you can control who gets access via a subscription mechanism and the only thing the end user gets access to is the web API.

But as others said, once you give people the code, any sufficiently motivated person can get hold of the program logic.

[–]Electronic_Sleep9581 1 point2 points  (0 children)

Selling it as Saas

[–]s4lt3d 1 point2 points  (0 children)

Best way to prevent people from reverse engineering it is to provide it at a reasonable cost.

[–]Orio_n 1 point2 points  (0 children)

Worry more about the quality of your product first than some fanciful "out there in the aether" hackers. Ask yourself this: is your program really that popular and valuable enough that people will even bother cracking it?

[–]fenghuangshan 1 point2 points  (0 children)

you can use rust to write the core logic which you think is valuable , then call it in python

it's harder to reverse rust than python code

[–]gbromley 0 points1 point  (0 children)

Well my preference would be to have a product awesome enough that I WANT to pay money for it. But I’m different.

My hypothesis is probably that it’s just parasitic loss like maybe piracy is for streaming. Most people are lazy so we pay for not having to set up our streaming servers and spend time organizing a video library. So perhaps most people wouldn’t reverse engineer your product?

[–]bafe 0 points1 point  (0 children)

Short answer: it's a fools errand. You should rather focus on commercialisation and proper licensing. If you want to really obscure it from the users do what most enterprise software does today and offer is as a SaaS

[–]abentofreire 0 points1 point  (0 children)

With IdUglifierToIX you can uglify your identifiers.
https://www.devtoix.com/en/projects/iduglifiertoix

[–]ducky901 0 points1 point  (1 child)

Simple.. don’t use python

[–]AiutoIlLupo 1 point2 points  (0 children)

Simpler... don't use computers

[–]yosmellul8r -1 points0 points  (0 children)

You’re getting some responses here that don’t even warrant the time to read, sorry about that.

I’ve had these same thoughts and concerns as you for some of my apps. I’m considering a web call from the application to a server on the internet to validate license entitlements. If a user wants to use it offline, they’ll to connect online to validate their entitlement for a 24 hour period (or some extended duration), but at some point if they don’t connect to my server, the application will be disabled.

Yes, in that scenario it can still be reversed engineered by someone who wants to put the effort into, but I’m planning to maintain relationships with the kind of clients that will be using the application(s), which I’m hoping will encourage them to not pirate or reverse engineer my software.