1. Overview of Software Protection & Licensing

Attackers often crack applications to:

Steal intellectual property, algorithms, or resources → damaging revenue and brand.

Bypass copyright & license protection → creating pirated versions with fake keys or bypassed license verification.

Common attack methods:

Static analysis: Using decompilers/disassemblers to reverse code and extract logic.

Dynamic runtime attack: Debugging, hooking, or injecting tools to trace execution, intercept communication, and remove license checks.

2. Software Protection Strategy & Target

Protection goals:

  • Prevent static & dynamic analysis.
  • Ensure application integrity (anti‑tampering, anti‑repackaging).
  • Block unauthorized access and usage.

Techniques:

  • Obfuscation & virtualization for critical algorithms.
  • Runtime detection: signature check, VM/debug detection, self‑protection.
  • Secure license verification: encrypt APIs, protect license files in secure containers.

Choosing the right solution:

  • Free tools vs. commercial protectors (appshielding/code hardening tools).
  • Latest generation, multi‑layer appshielding (encryption, obfuscation, virtualization).
  • Runtime protection with anti‑debug, anti‑injection.
  • GUI & CLI tools for CI/CD integration.
Virbox Protector (basic edition in Moway SDK) defends against static and dynamic attacks. For advanced security features, consider using Virbox Protector standalone.
Learn More

3. Essentials of Software Licensing

Licensing is both a commercial strategy and a security mechanism.
Implementing and issuing licenses to your users not only defends against software piracy, but also guarantees that commercial customers are running genuine software.
To design an effective licensing scheme, developers should consider three aspects:

3.1 Plan Your License Strategy

Well-plan your license strategy according to your application's sales model and market segment.

  • License terms: Subscription, perpetual, feature-based, or network licenses.
  • License forms: Soft license, cloud license, or USB dongle.
  • Market alignment: Define terms and forms that match your target customers and prevent piracy.

3.2 Licensing System / Platform Requirements

A robust licensing system should support:

  • Flexible license terms: Define usage by time period, features, or user groups.
  • Flexible license forms: License file, license key/code, or USB dongle.
  • Activation modes: Support both online and offline activation environments.
  • Lifecycle management: Issue, renew, update, and revoke licenses based on usage.
  • Integration: Provide secure APIs/libraries for validation during application execution.

3.3 License Containers

Developers can choose the right license container depending on requirements:

  • Hardware-based license: Secure USB dongle to store license, keys, and data.
  • Cloud license: SaaS platform to issue and validate licenses online.
  • Soft license: License bound to local machine via hardware fingerprint.

Enforcement Philosophy

When a licensed application runs:

  • The system checks if a valid license exists.
  • The application executes according to defined terms such as features, time period, and other usage rules.
  • If the license is invalid or expired, the application terminates execution.

4. Implement a Customized Licensing Scheme

Implementing a customized protection & licensing scheme requires both planning and technical integration.
Here we focus on using the Virbox Moway USB dongle as a secure license container.

4.1 Well-plan your license policy & form

  • Define license terms (subscription, perpetual, feature‑based, etc.).
  • Decide license form (USB dongle, cloud license, or soft license).
  • Align license strategy with your sales model and market segment.

4.2 Integrate License API with your application

Add and write code in your project to integrate the Moway USB dongle API.
This allows the application to operate the Moway device, verify/validate the license, and compile the project with license enforcement logic.

License verification process typically includes:

  • When the application executes, enumerate and detect the USB device.
  • Call the License API to access the dongle and read the stored license.
  • Verify license terms (validity period, features, usage scope).
  • If the license is valid → run the application according to defined terms.
  • If the license is expired or invalid → terminate execution and close the device.

For implementation details, refer to Moway SDK sample cases.

4.3 Compile & link your application

Compile the project, integrating the license API and verification logic, and link it to generate a new executable application.
This ensures the final build includes secure license validation before execution.

4.4 Use Virbox Protector

  • Protect your application code logic, especially license verification routines.
  • Prevent attackers from tampering with or bypassing license checks stored in the Moway device.

4.5 License distribution

  • Issue licenses using your existing license platform/system.
  • Alternatively, use the Moway Toolchain to download license files into the Moway device.

4.6 Deliver application & license container

  • Distribute your protected application together with the Moway dongle containing the license to users who purchase your software.

4.7 License enforcement in user premise

  • When the application executes, it checks the license stored in the dongle.
  • If valid → run application according to license terms.
  • If expired/invalid → terminate execution and block unauthorized use.

FAQ

Q1: Why should I use a USB dongle instead of a soft license?

A hardware dongle provides stronger protection against tampering and piracy, while soft licenses are easier to deploy but less secure.

Q2: Can I combine cloud licensing with USB dongles?

Yes, hybrid models allow flexibility: cloud licenses for online validation and dongles for offline enforcement.

Note: The Moway solution itself does not provide cloud licensing. It serves purely as a license container to store license files. If you want to implement cloud or soft licenses, consider using Virbox LM, which supports issuing licenses across multiple forms: Virbox Elite 5 (USB dongle), soft license, and cloud license.

Q3: What happens if the license expires?

The application will terminate execution, ensuring unauthorized use is blocked.

Q4: How do I integrate the license API?

Refer to the Moway SDK sample cases, which provide step‑by‑step coding examples.

Software Licensing

To against software piracy, there are enough reason to software developer to define license terms/policy and issue license to your software user to maximum software sales.

Flexible license terms: Issue license with different license terms to different market segment, to support multiple market strategy. To prevent software piracy and illegal using.

License system/platform No matter you decide to build up license platform by yourself (self establish license platform) or select the third party licensing solution in the market. The License platform should supports to define flexible license terms to meet your sales and marketing strategy; The license platform must capable to define and issue/renew/update/revoke the license based on the software usage, function, feature, time period, etc. So, here are some suggestion to developer when you find and select licensing solution in the market:

  • it is necessary to select a license solution support to define and issue the license with flexible license terms.

    Usually to avoid to select “key generator” which not contained and describe enough license terms and also can not be cracked/copied easily.

  • Support with multiple license form: License file, license code, to describe and present the license terms, which can be read and used/validated when application executed. with secure License API, library.
  • Support to activate the license in online, offline environment;
  • Support to multiple license container, then developer may flexible to select the suitable and right license container and issue to users. Developer may have following options be considered when you implement to your own software application licensing:

1. Hardware based, Use the secure hardware device(USB dongle) to store the license, data, key;
2. Cloud license, to store the license file in the third party license system in Cloud platform (SaaS);
3. Soft license, To generate the license and bind with local machine (generate the specific hardware fingerprinting correspondent with device)

The Philosophy of License enforcement: When user execute the licensed software application, the application will check if license available or not and read the license file and then application will executed followed by license terms defined: Function, feature, time period. etc.

Implement a customized protection & licensing scheme: Applicable scenario

Flexible license terms:

  1. Find and use the latest, multiple encryption layer protector to protect your apps.
  2. Plan & build up your customized license policy and license term, according to your software marketing & sales strategy: subscription, perpetual, network, feature based license. etc.
  3. Find and decide license system or other digital credential (key, data, code snippet or cryptographic algorithm) which stored in the USB device to validate the genie software or pirated.

  4. Select and decide right & proper license container to store the license, key, or relevant data, file; usually, following container, combine with license scheme can be used:

    Hardware based device: USB dongle; with secured hardware environment, when license store, license can be read and used, and can not copied and take out of USB dongle;

    Cloud license, by leverage the third party cloud base license platform, as a service platform, issue and store the license in cloud, or private online platform.

    if you want to prefer and select soft license or cloud license, you may refer Virbox LM solution or contact us to get more detail information.

  5. Implement license verification process in your project:

    Here we mainly focus to introduce the USB dongle, as a secure container to store the license, key or other data which used for license validation.

Add/write code in the software project:

Integrate related USB dongle API, to operate the USB hardware, verify/validate license inside and compile project;

Usually, the related coding will include following process:

When application execute, enumerate and find the USB device; Call related License API to access the USB device and read the license stored; Verify the license terms, if the license is valid, execute the application defined by license terms; if the license expired, the application will quit execution and close the device; etc..

for details, you may refer Moway sample case in the SDK;

Developer require to plan use the toolkits provided by USB dongle or employ the third party license platform to issue the license (file or key) and license update file and store it in the secure hardware USB dongle;

distribute the USB hardware dongle to your user who purchase the software;

Developer also require to plan/integrate the license issue process with existed e commerce system;

Explore Moway

Product Details

Specifications, features, SDK, APIs, toolchain, encryption capabilities.

Learn More

Solutions

Typical protection scenarios and licensing models using Moway.

Learn More

Trial & Buy

  • Codeless evaluation using PID + Protector
  • API integration samples (4 sample projects)
  • Moway pricing table
Learn More

Best Practice

Essential knowledge for software protection & licensing:

  • Common attack methods
  • Protection strategies
  • How to design custom licensing schemes
Learn More