[R] Making a trial based Package for 30-days.

Barry Rowlingson b.rowlingson at lancaster.ac.uk
Mon May 12 17:21:32 CEST 2014


On Mon, May 12, 2014 at 3:45 PM, Spencer Graves
<spencer.graves at structuremonitoring.com> wrote:

>        One company I know installed an S-Plus or R package only on
> servers, so their customers had to use it on a server.  (In this case,
> the customers had a GUI and may not have known that it was S-Plus or R
> behind it.)  This company also developed techniques for encrypting their
> code.  I don't think it was perfect, and they eventually wrote it in C
> or C++ or Matlab.

 If the code runs on a server controlled by the company, and the user
uses the code via some network API, then it might be practical to give
a user a password that is revoked after thirty days. If the server is
controlled by the user, then all bets are off.

 Any "encrypted" code has to be decrypted in order to be executed, so
it is only obfuscated code. Even systems where the decryption keys are
hidden in hardware chips covered in resin have been cracked by
enthusiasts with a sharp blade, small probes, and a digital
oscilloscope. We are talking hardware encryption/DRM systems developed
by companies like SONY.

>        So part of the answer is you can write part of your package in a
> compiled language.  That part can check your web site to check the date
> and other things.

 Still easily circumventable (poke the code, preload a different date
library DLL, turn the clock back...), so why bother? You can't
consider how you'd have self-destructing code without having a debate
about the cost and effort you want to put in and the cost and effort
crackers want to put in. I the SONY case (or similar) crackers will
compete like mad to crack the DRM, even if only for fame and not
fortune or free access to pirated games.

 I think it would take me under an hour to write a package that
self-destructed. Its not difficult, you create a file somewhere when
the system first runs, then on subsequent runs check the date is less
than 30 days after the file, and run file.remove over the package if
its expired.

Barry



More information about the R-help mailing list