I don’t think catching someone who is using a ripped theme is going to be possible I mean even if you add an installation, once installed someone could just package the installed file and share it
Why don’t you figure out WHO shared it in the first place, I mean you have their contact info… Someone had to pay for it using their info
So in each theme have some sort of bar code ID, and you look for a shared version of the file, find it, read the bar code number and track it down to who started it… if doesn’t even have to be a code, you can use an image in the theme that has like 90+ % chance of not being changed, like maybe a twitter icon, smiley face, etc just add some sort of miniature ID in there
I think if it makes it harder for honest users, don’t do it. Some software has gone too far down this road like Securom and DRM for MP3s. Dishonest users find a way around it, and the only people that it hurts are honest purchasers.