tags:

views:

84

answers:

1
Q: 

What 's the best way to protect product from cracking by using Public key token in .Net Assembly?

I know it is impossible to 100% guarantee from cracking your real-world software. But I want only protect my product from unauthorized accessing of normal user.

.Net framework has feature about strongly-typed name that can be used to protect software because you can specific what assembly and public key token will be loaded.

So, what is the best idea for preventing product from cracking by using Public key token?

A: 

The purpose of strong-naming is to ensure that when you load an assembly, you are loading the assembly that you think you're loading. So if you load assembly with full name System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL the strong-name works to ensure that you load this assembly and that some evil corporation hasn't slipped another assembly in its place. Strong-naming will not help you prevent unauthorized access to your software.

Jason  2009-12-19 12:39:33
I know. But if you have some engine to load specified assembly, you can manage your application to be loaded or not without require other code and it is impossible to create fake assembly that has same public key token. So it should make your application hard to crack or abuse.
Soul_Master  2009-12-19 12:52:54
When I think of the word "crack" in reference to software, I think of circumventing security measures that are in place to protect the software. If someone has a copy of your application and a copy of the assembly that it's expecting, there is nothing in strong-naming to prevent them from copying those files and providing them so something else. This is not the problem that strong-naming was meant to solve.
Jason  2009-12-19 13:11:07
Soul_Master  2009-12-19 13:24:42
No. Once an assembly is strongly-signed with a certain private key it has a fixed public-key token.
Jason  2009-12-19 13:52:59
Yes. I know. I mean, if I generate assembly that can run only when machine has the same unique key and assembly must be signed with private key, application will run when user is authorized and normal user cannot create fake assembly that has the same public key token.
Soul_Master  2009-12-20 01:23:29

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?