To protect an MT4 or MT5 Expert Advisor from piracy, you need server-side license verification — not hardcoded account numbers, text file checks, or time-limited compiles. This guide covers why DIY approaches fail, what real protection requires, and how to implement it in under 10 minutes.
You spent months building your Expert Advisor. The backtests look great. Customers are buying. Then you find your EA on a pirate forum — uploaded the same week you released it. Every download there is a lost sale. And there’s nothing you can do about it. Or is there?
The Real Cost of EA Piracy
Most EA developers underestimate piracy losses. Conservative estimates suggest:
30-50%
of potential sales lost to pirated copies
Zero Support
of burden for pirates — they don’t contact you for refunds or fixes
Reputation Damage
when pirated versions carry bugs you’ve already fixed in current releases
At barmenteros FX, we’ve seen developers come to us after finding their EA on three separate piracy forums within 48 hours of launch. The pattern repeats regardless of where they sell — direct website, Gumroad, or client invoice.
The MQL5 Market provides some protection for products sold there, but if you sell through your own website, Gumroad, or directly to clients — you’re on your own.
Why DIY Protection Fails
Many developers try homegrown solutions. These approaches either don’t scale or are trivially bypassed.
Hardcoded account numbers
Account numbers are stored in the compiled `.ex4`/`.ex5` binary. Any trader with basic hex editing skills can locate and replace the hardcoded value in minutes — no MQL knowledge required. There’s no obfuscation in MQL compilation that meaningfully prevents this.
Text file licenses
Text file licenses travel with the EA. If the EA reads a local file for activation, that file gets copied alongside every pirated distribution. The “license” becomes useless the moment someone shares both files in a forum post.
Time-limited compiles
Distributing a new binary every 30 days creates an operational burden without deterring determined pirates. A cracked copy from month one remains a cracked copy in month six — the expiry is simply patched out of the binary.
Check broker name only
Broker name strings are trivially editable in the compiled binary. Checking “only allow Broker X” takes a motivated user roughly 90 seconds to bypass with a hex editor.
What Effective Protection Looks Like
Professional license protection requires:
- Server-side verification — License state stored externally, not in the EA
- Account binding — License tied to specific account number + broker
- Remote control — Ability to disable licenses instantly
- Automatic trials — Time-limited access for prospects
Building this yourself requires backend development skills, server hosting, database management, and ongoing maintenance. Estimated cost: $400-$1,500+ and weeks of development time.
For developers who need a fully managed version of this architecture, our MetaTrader license management service handles the infrastructure side end to end.
The 10-Minute Alternative
LicenseShield provides all of this as a self-service platform. No servers. No backend. No DevOps experience required.
If you want a broader walkthrough before diving into the integration, the companion guide on how to protect MT4 programs the simple way covers the full decision framework.
Integration is 3 lines of code:
#import "LicenseShield.ex4"
bool VerifyLicense(string vendorId, string apiKey);
#import
int OnInit()
{
if(!VerifyLicense("your-vendor-id", "your-api-key"))
return INIT_FAILED;
// Your EA initialization code
return INIT_SUCCEEDED;
}When the EA starts:
- It calls the LicenseShield API
- API checks if this account + broker is licensed
- Returns allow/deny with trial days remaining
- EA proceeds or exits based on response
From your dashboard, you can:
- See all active licenses
- Enable/disable any license instantly
- Track when each license was last used
- Monitor trial expirations
Getting Started
- Register at licenses.barmenteros.com (free)
- Copy your Vendor ID and API Key
- Download the `LicenseShield.ex4` (for MT4) or `LicenseShield.ex5` (for MT5) library
- Place the file in your `Libraries` folder (not `Include`)
- Add the import code to your EA — the step-by-step tutorial on adding license verification to an EA has the full walkthrough including error handling
- Done — Manage licenses from your dashboard
The Free tier includes 50 verifications per day —enough to test with real customers before upgrading.
Frequently Asked Questions
Can someone decompile my .ex4 or .ex5 file and steal my EA code?
Partial decompilation is possible. Tools exist that convert `.ex4` files back to readable MQL4 source — recovering variable names, function logic, and parameter values, though not always a perfect reconstruction. MT5’s `.ex5` format is harder to decompile but not immune to reverse engineering.
This is a separate problem from piracy distribution. Even if someone partially reconstructs your code, server-side license verification remains the practical defense: the EA won’t run on an unlicensed account without a valid API response, regardless of what someone extracted from the binary. Code obfuscation buys time; license verification stops execution.
Does selling on the MQL5 Market protect my EA from piracy?
Partially — and only for copies sold through the Market itself. The MQL5 Market binds purchased products to the buyer’s MetaQuotes ID, so files can’t be directly redistributed and activated on another account.
If you also sell directly — through your own website, Gumroad, or direct client invoices — those copies have no equivalent protection unless you add it yourself. Developers who use both channels need a separate solution for their non-Market distribution. The two systems don’t interact.
What is account binding in EA license protection?
Account binding ties a license to a specific MetaTrader account number and broker combination. When the EA initializes, it sends the account number and broker name to a verification server. The server checks whether that combination holds an active license and returns allow or deny.
The key difference from local checks: the binding state is stored server-side, under your control. If a customer disputes a chargeback, you revoke the license remotely. If someone shares a license key, the server detects multiple account bindings and can block the extras. Account binding enforced locally — such as hardcoded account numbers — provides none of these controls because the state lives in the binary, where you can’t touch it after distribution.
Can I add piracy protection to an EA I’ve already released without breaking existing customers?
Yes. The standard migration approach:
- Issue all current customers a license in your new system before shipping the updated EA
- Ship the updated EA with verification enabled
- Set a 7–14 day grace period in which the EA logs a warning but doesn’t block execution — gives customers time to activate
- After the grace period, enforce blocking
Customers who don’t activate receive an error message with activation instructions. Support load is typically low if you communicate the change clearly before shipping the update.
Conclusion
EA piracy is a solved problem. You don’t need to build your own license server or accept lost sales as inevitable.
Protect your EA in under 10 minutes. Focus on building great trading software —let LicenseShield handle the rest.
Ready to stop piracy?
Protect your EA in under 10 minutes. Focus on building great trading software — let LicenseShield handle the rest.
Leave a Reply