tags:

views:

1166

answers:

12
+6  Q: 

Preventing decompilation of C# application

Hi,

We are planning to develop a client server application using C# and MySQL. We plan to sell the product on the shelf like any other software utility. We are worried about the decompilation of our product which does have some sort of edge over our competitors in terms of usability and bundled functionality.

How can we prevent our software from decompilation, so the business logic of the product remains intact?

We have heard about Reflector and other decompilers which makes our code very much vulnerable for copying.

Our customer base is not Corporates by medical practitioners who themselves may not do it but our competitors may want to copy/disable licensing so value of our software goes down.

Any suggestion to prevent this is most welcome.

regards..

Obelisk

+1  A: 

try .NET Reactor

".....NET Reactor is a powerful .NET code protection & licensing system which assists developers in protecting their .NET software. Developers are able to protect their software in a safe and simple way now. This way developers can focus more on development than on worrying how to protect their intellectual property."

It is an excellent choice.

RRUZ  2009-08-14 05:47:32
"Is a Excelent choice" should be "It is an excellent choice".
cdmckay  2009-08-14 05:57:11
thanks, cdmckay
RRUZ  2009-08-14 06:24:58
A: 

Google for .NET Obfuscator. You will find a lot of products that will help in this. Also there are related questions already asked in Stack Overflow.

Ganesh R.  2009-08-14 05:54:24
We tried a couple of obfuscators but they all fail in some or the other case. We are using some 3rd party dll developed in delphi. So some obfuscators have a problem with that. So obfuscators have a problem with dropdowns populated from database.I donno if we are doing it wrong but definately we have tried 4-5 obfuscators and none made the product work as it works in Visua studio.Also we are logging using log4net. What do we do about the messages.
Kalpak  2009-08-14 05:59:14
Ganesh R.  2009-08-14 06:10:53
I've heard that some and probably many of the obfuscators have been hacked and are worthless. I'm sure it's only a matter of time for the others. The best defense is a good offense and move your product forward.
kenny  2010-05-03 23:22:05
+1  A: 

The last time I looked into this, Spices.Net Obfuscator looked like the best thing on the market.

No, I don't work for them. :)

amdfan  2009-08-14 05:56:02
"Looked like" - did you actually try it?
Jason Short  2010-01-04 20:52:35
A: 

I use smartassembly. It is simple to use and also has the ability to send crash reports back too you built in.

geoff  2009-08-14 05:56:27
A: 

Here´s a similar question about Obfuscators. May be it provides some good information for you.

Jehof  2009-08-14 05:58:47
A: 

The obfuscators others have mentioned are likely very good.

An alternative approach you might not have considered is to code some of the core business logic using a language that is fully compiled to machine code, such as C++.

The benefit of doing this is that it makes it far more difficult for someone to decompile your code. A drawback to this is that you have code in two languages to maintain. This might not be the best approach for your situation, but is useful in cases where only a small part of the code needs to be obfuscated while the remainder of the code is UI fluff.

As an example, your medical software package might be performing edge detection of say, certain glands for the purpose of telling a doctor the size of said gland. The algorithm for calculating the size of the gland from a bitmap image would be contained in a DLL written in C++.

Charlie Salts  2009-08-14 06:09:45
Of course doing this violates your ability to run 100% managed code, and that will also prevent you from running in Medium Trust, etc, etc.Depends upon your scenario I suppose.
Jason Short  2010-01-04 20:53:27
A: 

Hi,

We have created .Net dll for licencing (our own code written to generate the licence key using the disk Serial No, so that the exe cannot be copied & executed across machines). The whole business logic is then stuffed into .Net exe itself though we have namespaces to separate the 6 tiers architecture.

The whole licence info and registered company name and address is stored in encrypted way in the database and only this licence dll can decrypt it and pass it back.

Which approach do you suggest.

OK let me ask a small question. Can we create a wrapper exe in C++ around the .Net exe so it stops the decompilation. Or can we create a C++ dll wrapper which encapsulates the C# dll so the business logic gets hidden.

regards..

Obelisk

Kalpak  2009-08-14 06:16:51
Replies are best written as comments, not answers. There is an "add comment" link under every answer.
musicfreak  2009-08-14 06:32:29
why is that? just curious :)
 2009-08-14 08:46:38
Ganesh R.  2009-08-14 10:05:00
Can we access/use .net object which we might use as return parameters from a method in the C++ dll
Kalpak  2009-08-19 09:57:54
A: 

to answer your question about the C++ wrapper around the .net code; I dont think it would work, because when you deploy the application the final c++ dll and .net dll containing the business logic code will be separate entities and the ones who want to get to your business logic would still be able to just pick out the .net dll and peek inside.

 2009-08-14 08:45:03
+2  A: 

If you deploy .NET assemblies to your client machines, some kind of decompilation will always be possible using reflector and similar tools.

However, this situation isn't materially different to what you'd encounter if you wrote the application in native C++. It is always possible to decompile things - if it were impossible, the processor couldn't understand it either.

You're never going to defeat the expert cracker - they'll treat your security as an intellectual puzzle to be solved for the challenge alone.

The question revolves around how hard it is to defeat your licensing practices and the return on investment.

Sit down with a spreadsheet and look through the possible scenarios - the danger is probably less than you think.

Factors like "ease of use" are visible in your software for any user to observe - so you'd think it easy to copy. But, good User experience is rare (and seldom copied well), because most developers (myself included) are nothing like typical users.

I'd suggest you concentrate on making the job of a cracker harder, cause you can never make it impossible, just non-profitable.

One possibility to try: It's possible to pre-compile assemblies into native code as a part of the installation process. Paint.NET does this for performance reasons. I believe that once you've done this, you can discard the original assemblies and use the optimised, native code editions.

Bevan  2009-08-16 10:22:42
Hi,I have heard that there could be issues using precompiled with normal dlls. We ourselves are using some 8-9 3rd party dlls for our functionality.Any idea in those lines.
Kalpak  2009-08-19 09:53:15
@Kalpak - sorry to say, but I have no idea. Precompilation of assemblies is something I've read about, but never tried.
Bevan  2009-08-19 10:31:43
+1  A: 

If it were me, I wouldn't be attempt to obfuscate; I would:

  1. Not worry about it and aim to continually improve and stay in front

But secondly

  1. Consider providing the 'secret' services over the Web. It's up to you to decide how critical and possible this is; but it does "prevent" decompilation, because the end user doesn't even have the code.
Noon Silk  2009-08-16 10:25:57
I liked this idea. Just before any one uses the service he could be authenticated so that he is a licence holder.
Kalpak  2009-08-19 09:54:29
Exactly.
Noon Silk  2009-08-19 12:26:55
+1 especially to continually improve and stay in front.
kenny  2010-05-03 23:24:56
A: 

Hello you might want to consider www.remotesoft.com protector this is much better than anything else in that it makes it impossible to decompile to the high level languange.

Of course, anybody who is an expert can spend enough time with your software and figure it out because it does decompile some,but it hides all the set and get methods

So, they can get a peak,but that is about it. they have to figure out the rest which lowers the probability of anybody just cracking it.

hope this helps

Spencer  2010-05-03 22:51:08
A: 

Hi,

Writing on this thread after a long time. We have purchased a software called Intellilock which is helpful in preventing decompilation, obfuscation and also has a strong licencing module.

We did not go for .Net Reactor even though it has more prevention controls as Intellilock was serving our purpose well enough.

Thanks for your views.

Kalpak Luniya

Kalpak  2010-05-29 11:19:53

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?