Hey guys,
I've been reading Stack Overflow for quite some time, but this is my first posted question.
I have this tracking program written in C# which collects information about local computer usage and sends them to a server. The data is XML-formatted, sent once per ~10 minutes.
My problem: no matter how I encrypt the XML data (be it symmetric or asymmetric), someone could always decompile my C# tracking program, figure out the key/certificate/encryption conventions I use and write another program that sends fake reports to the server.
The tracking program works under the assumption that the user running it may be interested in sending fake reports.
Questions: 1) how can I make sure (as sure as possible) that the data is send from the real tracker instead of a clone/faker ? 2) how can I obfuscate the code badly enough that recovering keys/certificates/encryption conventions becomes hell/next to impossible ?
I want to spend little or preferably no money on the solution (so 500$ obfuscators are out of the question. I'm a university student and I'm cheap :)
Thanks in advance.