Is it possible to validate license keys on a client application in such a way that it becomes very difficult to crack?
Consider the following simple example:
var status = secure_function_that_checks_license();
if (status == "REGISTERED")
print("Welcome, user");
else
print("Access denied");
No matter how elaborate your function is, in the end you will always have to branch based on the result it gives.
This thread explains a bit more about generating and verifying keys but doesn't explain how to avoid the branching problem.
Is the only way to do this in a secure way to use some sort of online activation scheme?
First if all remember that there is no prevention when it comes to cracking there is just stalling, if you code is worth cracking it will be cracked
Now In the obfuscation process there is a practice named inlining, it simply replaces your function call with the actual function body, this way your code will be harder to crack since there are much more code to modify