Is it possible to generate an encrypted function that can be used a limited number of times?
5 views (last 30 days)
DGM on 24 Jul 2022
Edited: DGM on 24 Jul 2022
I suppose one way would be to make a function that deletes itself, though this could be defeated.
% control parameter
maxruns = 5;
% keep track of runs
fn = mfilename;
runcount = 1;
if runcount > maxruns-2
runcount = runcount+1;
% do a thing
Even if the file is write protected in some way to prevent deletion, this shouldn't run any more than 5 times per session.
I'm sure someone will chime in with better ways, but this is what came off the top of my head.
John D'Errico on 24 Jul 2022
Edited: John D'Errico on 24 Jul 2022
Is it possible? It depends on how good or technically naive are your users. How determined would they be?
You can "encrypt" a function by converting it to p-code. While that is technically possible to un-encrypt (at least according to claims I have seen) it is not trivial to do.
Can you make your code more difficult to read, even if you have p-coded it, and someone manages to un-encrypt the code? Yes, you can obfuscate the code, using only long randomly generated variable names that are combinations of letters and numbers like the numbers 0 and 1, and only certain letters, perhaps a lower case l, an upper case I, and perhaps the letter O. Of course, that would make your code pretty difficult to read and debug, even for you.
Can you put in a counter? Again, there are easy ways... For example, you might use setpref and getpref to store and access a counter that tells the number of times the code has been used. You could even encrypt that counter using a hash of some sort, to make it less obvious what is being done, and perhaps technically more difficult to contravene. Of course, a competent hacker could easily access the preferences, and reset what was stored in the preference.
Can you make the code unusable after some number of uses? Again, difficult, but possible to do. Again, it depends on the determination, competence and skills of the person wanting to contravene what you are doing. For example, if you know the use counter has been exceeded, the code could just exit immediately. Or more aggressively, you could actively delete a crucial function called. But they could back up the code. Or put it in a read-only directory, or hack the use-counter itself as I mentioned above.
Can you have the code talk online to your own site, where the counter is then stored and incremented? Yes, as long as a connection exists. But then the determined hacker could find ways to watch the traffic, and modify the response you get.
The point is, pretty much whatever you do will work against the less than dedicated users, the technically naive ones. But it may fail against a highly skilled, knowledgable user. For everything you do, there will be ways to crack it.
Walter Roberson on 24 Jul 2022
In order to prevent attacks based on restoring the hardware or changing the clock, you will need to write the function to use an encrypted tcp connection to a server to authorize the action.
In order to prevent the user from putting in a debugging breakpoint and changing a "no" to "yes" you are going to make the protocol more tricky than that.
Often the easiest way is to move the computation to the server, and the server responds back with the calculated answer or the refusal.