views:

1166

answers:

12

Hi,

We are planning to develop a client server application using C# and MySQL. We plan to sell the product on the shelf like any other software utility. We are worried about the decompilation of our product which does have some sort of edge over our competitors in terms of usability and bundled functionality.

How can we prevent our software from decompilation, so the business logic of the product remains intact?

We have heard about Reflector and other decompilers which makes our code very much vulnerable for copying.

Our customer base is not Corporates by medical practitioners who themselves may not do it but our competitors may want to copy/disable licensing so value of our software goes down.

Any suggestion to prevent this is most welcome.

regards..

Obelisk

+1  A: 

try .NET Reactor

".....NET Reactor is a powerful .NET code protection & licensing system which assists developers in protecting their .NET software. Developers are able to protect their software in a safe and simple way now. This way developers can focus more on development than on worrying how to protect their intellectual property."

It is an excellent choice.

RRUZ
"Is a Excelent choice" should be "It is an excellent choice".
cdmckay
thanks, cdmckay
RRUZ
A: 

Google for .NET Obfuscator. You will find a lot of products that will help in this. Also there are related questions already asked in Stack Overflow.

Ganesh R.
We tried a couple of obfuscators but they all fail in some or the other case. We are using some 3rd party dll developed in delphi. So some obfuscators have a problem with that. So obfuscators have a problem with dropdowns populated from database.I donno if we are doing it wrong but definately we have tried 4-5 obfuscators and none made the product work as it works in Visua studio.Also we are logging using log4net. What do we do about the messages.
Kalpak
Ganesh R.
I've heard that some and probably many of the obfuscators have been hacked and are worthless. I'm sure it's only a matter of time for the others. The best defense is a good offense and move your product forward.
kenny
+1  A: 

The last time I looked into this, Spices.Net Obfuscator looked like the best thing on the market.

No, I don't work for them. :)

amdfan
"Looked like" - did you actually try it?
Jason Short
A: 

I use smartassembly. It is simple to use and also has the ability to send crash reports back too you built in.

geoff
A: 

Here´s a similar question about Obfuscators. May be it provides some good information for you.

Jehof
A: 

The obfuscators others have mentioned are likely very good.

An alternative approach you might not have considered is to code some of the core business logic using a language that is fully compiled to machine code, such as C++.

The benefit of doing this is that it makes it far more difficult for someone to decompile your code. A drawback to this is that you have code in two languages to maintain. This might not be the best approach for your situation, but is useful in cases where only a small part of the code needs to be obfuscated while the remainder of the code is UI fluff.

As an example, your medical software package might be performing edge detection of say, certain glands for the purpose of telling a doctor the size of said gland. The algorithm for calculating the size of the gland from a bitmap image would be contained in a DLL written in C++.

Charlie Salts
Of course doing this violates your ability to run 100% managed code, and that will also prevent you from running in Medium Trust, etc, etc.Depends upon your scenario I suppose.
Jason Short
A: 

Hi,

We have created .Net dll for licencing (our own code written to generate the licence key using the disk Serial No, so that the exe cannot be copied & executed across machines). The whole business logic is then stuffed into .Net exe itself though we have namespaces to separate the 6 tiers architecture.

The whole licence info and registered company name and address is stored in encrypted way in the database and only this licence dll can decrypt it and pass it back.

Which approach do you suggest.

OK let me ask a small question. Can we create a wrapper exe in C++ around the .Net exe so it stops the decompilation. Or can we create a C++ dll wrapper which encapsulates the C# dll so the business logic gets hidden.

regards..

Obelisk

Kalpak
Replies are best written as comments, not answers. There is an "add comment" link under every answer.
musicfreak
why is that? just curious :)
Ganesh R.
Can we access/use .net object which we might use as return parameters from a method in the C++ dll
Kalpak
A: 

to answer your question about the C++ wrapper around the .net code; I dont think it would work, because when you deploy the application the final c++ dll and .net dll containing the business logic code will be separate entities and the ones who want to get to your business logic would still be able to just pick out the .net dll and peek inside.

+2  A: 

If you deploy .NET assemblies to your client machines, some kind of decompilation will always be possible using reflector and similar tools.

However, this situation isn't materially different to what you'd encounter if you wrote the application in native C++. It is always possible to decompile things - if it were impossible, the processor couldn't understand it either.

You're never going to defeat the expert cracker - they'll treat your security as an intellectual puzzle to be solved for the challenge alone.

The question revolves around how hard it is to defeat your licensing practices and the return on investment.

Sit down with a spreadsheet and look through the possible scenarios - the danger is probably less than you think.

Factors like "ease of use" are visible in your software for any user to observe - so you'd think it easy to copy. But, good User experience is rare (and seldom copied well), because most developers (myself included) are nothing like typical users.

I'd suggest you concentrate on making the job of a cracker harder, cause you can never make it impossible, just non-profitable.

One possibility to try: It's possible to pre-compile assemblies into native code as a part of the installation process. Paint.NET does this for performance reasons. I believe that once you've done this, you can discard the original assemblies and use the optimised, native code editions.

Bevan
Hi,I have heard that there could be issues using precompiled with normal dlls. We ourselves are using some 8-9 3rd party dlls for our functionality.Any idea in those lines.
Kalpak
@Kalpak - sorry to say, but I have no idea. Precompilation of assemblies is something I've read about, but never tried.
Bevan
+1  A: 

If it were me, I wouldn't be attempt to obfuscate; I would:

  1. Not worry about it and aim to continually improve and stay in front

But secondly

  1. Consider providing the 'secret' services over the Web. It's up to you to decide how critical and possible this is; but it does "prevent" decompilation, because the end user doesn't even have the code.
Noon Silk
I liked this idea. Just before any one uses the service he could be authenticated so that he is a licence holder.
Kalpak
Exactly.
Noon Silk
+1 especially to continually improve and stay in front.
kenny
A: 

Hello you might want to consider www.remotesoft.com protector this is much better than anything else in that it makes it impossible to decompile to the high level languange.

Of course, anybody who is an expert can spend enough time with your software and figure it out because it does decompile some,but it hides all the set and get methods

So, they can get a peak,but that is about it. they have to figure out the rest which lowers the probability of anybody just cracking it.

hope this helps

Spencer
A: 

Hi,

Writing on this thread after a long time. We have purchased a software called Intellilock which is helpful in preventing decompilation, obfuscation and also has a strong licencing module.

We did not go for .Net Reactor even though it has more prevention controls as Intellilock was serving our purpose well enough.

Thanks for your views.

Kalpak Luniya

Kalpak