Are there any ways to encrypted a project in ASP.NET, so my customers can not change change the function where it checks the license code?
A:
use Dotfuscator Community Edition that ships with VS. Also put checksum function to check if your EXE is changed or not.
Wael Dalloul
2009-10-04 07:21:07
It's a web app, no EXE. However still do-able by injecting the checksum function into onf of the core independent assembly (if any).
o.k.w
2009-10-04 08:11:30
+4
A:
No, it is not possible.
You can implement certain things that make it more difficult for customers to reverse or alter your program, in order such that it becomes cost-prohibitive to attempt such reversing or altering. But you cannot prevent them, if they are sufficiently determined, from reversing or altering your program.
Justice
2009-10-04 07:30:22
It is not very dangerous if they change the programs my really. This is the talk of CMS and webshop. But I would not want them to resell my products or to provide the further. Therefore, I wish to binne de against domains and license key.As he mentioned a few posts below here, so I could cool if an EXE file has been modified, but the vast majority or get web host does not allow execution of EXE files. And since I do this will be products that will have several vendors to have that product, is not this very well.What do you think is the best solution?
sv88erik
2009-10-04 08:05:19
You have to balance how much work you put into the deterent vs chances/amount of your losses if they indeed resell your software. I do not have an answer, it really depends on hte nature of you software/business/customer etc.
o.k.w
2009-10-04 08:09:30
My clients are businesses within the webshop for the most part. Within the CMS is the corporate and private customers. It is well to talk about a few hundred customers.
sv88erik
2009-10-04 08:25:19
+1
A:
Not if the customers are persistent and have even a modicum of skill. Obfuscation can only get you so far. Any .Net assembly can be decompiled.
See here for info: http://aspnet.4guysfromrolla.com/articles/080404-1.aspx
Added
Also, see this previous question: http://stackoverflow.com/questions/2525/best-net-obfuscation-tools-strategy
David Stratton
2009-10-04 07:30:58
+3
A:
Take a look at Eziriz's .NET Reactor. It's pretty good at protection. From ther site:
.NET Reactor prevents decompilation by a variety of methods which convert your .NET assemblies into processes which no existing tool can decompile ( and which are also very likely to prevent decompilation by any future tool). .NET Reactor builds a native code wall between potential hackers and your .NET assemblies by producing a file which cannot be understood directly as CIL. Because the CIL in your assembly is emitted intact only at run time or design time (in a form in which the source is completely inaccessible), no tool is capable of decompiling .NET Reactor protected assemblies.
The native code wall created by .NET Reactor between the hacker and your source includes industry leading NecroBit technology, which is exclusive to .NET Reactor. .NET Reactor's protection has never been broken since the first release in 2004. These technologies make reconstruction of your source code more difficult by so many orders of magnitude that NecroBit is by far the most effective protection you can use for .NET assemblies.
Druid
2009-10-04 08:09:16
Hey, that's good.. So it takes your MSIL and actually compiles some of it to native code... That would certainly be effective.
David Stratton
2009-10-04 08:11:31
Sounds like a good method. Though not 100% bulletproof, the deterence level is pretty high. Good find!
o.k.w
2009-10-04 08:13:59
The claims seem rather far-fetched when taken literally. No doubt the tool is a deterrent.
Justice
2009-10-04 15:32:12
Sorry about this, I can't seem to find a way to send a message privately. Do you have any experience with their other product, Intellilock? What's the significant difference other than the native code versus the 100% managed?
Some Canuck
2009-11-06 20:15:51
A:
A good obfuscation tool will hide your program logic (like the license checking code), symbol names, etc. Addiitonal settings such as tamper protection (the checksum function mentioned), string encryption, resource encryption should raise the bar further. This is enough to prevent 99% of people from tampering with your code and you should not lose sleep over the rest 1%. Take a look at Crypto Obfuscator which has all these features and protections.
logicnp
2009-10-22 04:40:01