What if the software requires an internet connection to dial back home & verify the software authenticity .. say once every 30 days? Is that too annoying for users?
I think it's quite obvious that the author is very well aware of how to implement DRM in such a way that it can't be circumvented, but it easily enters the territory of whether or not he would actually gain users from it.
Cobalt Strike isn't exactly a $100 copy of Office - potential users who are going to use it to its full extent are going to be willing to pay the steep cost of entry as it is.
In other words, while it would be possible to guard against piracy, the end result wouldn't be more sales of Cobalt Strike.
Oh, I was asking that for my knowledge. Since you can easily patch all licensing methods on a binary (I guess including checksums), the only way to verify integrity is to compare it with a trusted copy at the authors home.
I can only speak for my observations in the gaming community and there are more or less two camps, which can be summarized as:
No back-dialing, ever. Basically they do not want the company to have a remote-switch to disable the software after they've buyed it, do not want the risk to not be able to play a game anymore just because a company decided to put down the servers and want to be able to play everywhere without an internet connection (e.g. I sit at my laptop and cannot play your singleplayer game because you decided to need dial-back? No chance.)
The other camp doesn't care about it, more or less. Sure, they would like it if there was no dial-back for the games, but it doesn't hinder them from still buying and playing at platforms/games that require this as long as their playing experience isn't dimished by it. Steam is more or less the platform of choice for the second camp and seems to be growing all the time, so most users probably would acccept an dial-back connection once, every 30 days or even at every start. Quick note: Always-On is still something which is considered off-limits. Ubisoft tried it various times with their games and fell flat on the face. They've backpaddled to activate once by now.
That kind of DRM technique was broken a half decade ago. If your software calls home, a cracker can record/simulate that behavior if needed.
The result in the end then becomes that pirates will still use the software, but people without a stable Internet connection can't use your software.
It also ads a problem for businesses. Suddenly, they need to poke holes into VPN's, and risk that the software will also become unusable if their Internet connection ever become a problem (lets hope they don't plan to draw fiber). The millions of military personal will also be unlikely customers, as their Internet connectivity in the field is not know for it up-time.
Cobalt Strike isn't exactly a $100 copy of Office - potential users who are going to use it to its full extent are going to be willing to pay the steep cost of entry as it is.
In other words, while it would be possible to guard against piracy, the end result wouldn't be more sales of Cobalt Strike.