Bruniii Posted October 18, 2024 Report Posted October 18, 2024 Hi, I'm looking to license an application that will run exclusively on offline systems. I came across the "Third Party Licensing & Activation Toolkit API" available through JKI VIPM, but from what I understand, it requires an online activation process, which wouldn't work for my use case. Are there any other libraries or toolkits you’d recommend? I also checked out Build, License, Track from Studio Bods (link), but I’m not clear on what the free tier offers, or if it's even available. I realize the irony of asking for a free toolkit to license an application! However, I’m not looking to profit from this. I simply want to protect an application that I need to provide to a potential industrial partner while we finalize our collaboration. Unfortunately, I have to hand over the executable, but I want to ensure the application won’t run indefinitely if the partnership doesn't go through. Thanks, Marco. Quote
ensegre Posted October 18, 2024 Report Posted October 18, 2024 My 2c: I guess that the problem with an expiration date on an offline computer is that you have no means for the executable to verify that they didn't set the clock backwards to extend indefinitely their usage. If you don't expect them to be pro hackers, what about protection by simple obfuscation? E.g. the incremental time the program has run, saved periodically in obfuscated form in an essential key file, masked as "configuration"? With some mechanism to make more complicate to get through just by rewriting an older file in place of it? Quote
Bruniii Posted October 18, 2024 Author Report Posted October 18, 2024 I though about the hack to set the back the clock. I don't know, honestly: the application produce data where the real timestamp tagged with the data is very important. If they will change the clock of the system than everthing is compromised. Yes, it will always be possibile to compensate the offset in the log files or in the stream of data.... I don't want to make it pro hacker proof, I simply want to make inconvenient to keep using it and, most importantly, to go to a third party client and distributed the application forever even if our partnership doesn't go thorough. Regarding your suggested solution: I'm still pushing updates to the application, to solve bugs or add futures. I guess I could put the counter inside the main .ini file, between the entry generated by LabVIEW. Maybe as a second check, just in case they will start to change the system clock... Right now I was trying to generate a license file (with the expiration date), signed with a private key generated with OpenSSL. Now I'm looking for a way to read it using the public key in LabVIEW. Marco. Quote
LogMAN Posted October 18, 2024 Report Posted October 18, 2024 5 minutes ago, Bruniii said: I simply want to make inconvenient to keep using it and, most importantly, to go to a third party client and distributed the application forever even if our partnership doesn't go thorough. A couple of ideas: Include a license file that clearly explains what they can and cannot do (e.g., no distribution, no use without a valid license, 30 day trial period, etc.) Use a hardware dongle to prevent copies (you can just encrypt the executable, which can then only be started when the dongle is present. No programming required.) If the application is not licensed (e.g., during a 30 day trial period Automatically shutdown the application after 30 minutes Limit the number of data points they can collect (e.g., limit file size to 1 Mib or 100k samples) Turn off certain features (e.g., limit the types of reports that can be produced) Of course, it depends on what value the application represents and how "useful" it is outside your partnership. At some point, however, you will have to trust them enough to not misuse your software outside what is being agreed. If you don't trust them enough to uphold such an agreement, it is probably better not to go into a partnership... Quote
Michael Aivaliotis Posted October 19, 2024 Report Posted October 19, 2024 Do you have a contract in place with this customer? It sounds like no. If you DO have a contract, then does the contract allow for time-bombs in delivered software? Quote
ShaunR Posted October 19, 2024 Report Posted October 19, 2024 22 hours ago, Bruniii said: Now I'm looking for a way to read it using the public key in LabVIEW. You want EVP_PKEY_verify. Quote
Bruniii Posted October 21, 2024 Author Report Posted October 21, 2024 On 10/19/2024 at 6:15 AM, Michael Aivaliotis said: Do you have a contract in place with this customer? It sounds like no. If you DO have a contract, then does the contract allow for time-bombs in delivered software? We do not have one. We are discussing it...but, unfortunally, we also started collaborating (because we have to...) assuming we will, eventually, and I had to provide the application. The application started as a very basic and incomplete one but in the last weeks it started to became a little bit to "functional and usable" to be honest. Of course, if we will really have a contract I will remove the time-bomb. On 10/19/2024 at 1:58 PM, ShaunR said: You want EVP_PKEY_verify. Thanks! I used dotNET Cryptography Library, a package on VIPM. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.