views:

290

answers:

4

Possible Duplicate:
Protect .NET code from reverse engineering?

we just develop a application with C# winforms, is there any good encryption method to help us prevent from piracy ? I saw some software may need hardware support to protect their software, how to implement that ? Thanks in advance !

+1  A: 

I think that you're looking for obfuscation?

Carra
+2  A: 

Protecting the code is done usually through obfuscation (look up Dotfuscator). Licensing protection most of the time is better served by third party tools such as FlexLm or Xheo.

Otávio Décio
+13  A: 

Okay, you are mixing up a few different concepts here.

Encryption is geared towards keeping people out of your data.

Obfuscation is used to try and prevent reverse engineering your code.

Licensing is used to make sure the number of copies in use does not exceed the number purchased.


You will want to research both obfuscation and software licensing. Obfuscation because you will want to prevent them from reverse engineering your licensing scheme to either duplicate it or simply bypass it.

From a licensing perspective there are a number of different avenues. Hardware protection means that your app queries a dongle of some type to retrieve a valid key. If the dongle is present AND the key is good, then your app runs.

Software licensing can be a bit more complicated. You'll generally have some type of phone home code which should send an encrypted version of the human readable / type-able key to your licensing server to verify it. You'll want to include some type of additional machine information (such as hard drive serial number) in order to make sure the key isn't being activated multiple times for different boxes.

Sometimes the activation process downloads additional files to make the app run. I hope that gives you a start.

Chris Lively
+1 Good breakdown.
Robin Day
+9  A: 

Before you spend too much time and energy stopping piracy, make sure you have a clear set of goals for returns on the work that will justify spending the resources.

It's not a simple as it seems - there's a lot of evidence out there to indicate that most pirates just won't buy your product, no matter how good your security is. If they can't crack it, they'll just go somewhere else or do without. That means stopping piracy brings in very little in additional sales. More than that, pirates may even help to spread your software, so locking them out could actually lower your total sales.

So you need to think about why you're stopping pirates in terms of how it gives you or your company a net gain as opposed to just stopping the pirates from having a gain. This isn't a zero-sum situation, and so the way to maximize your own profits often involves allowing the pirates to have their moment as well. A basic obfuscator or naive product key (it doesn't have to be unbreakable) might be fine to catch some of the low-hanging fruit, but it's probably not beneficial to you to go much beyond that.

You might want to read these as well:
http://stackoverflow.com/questions/2338337/how-does-a-net-exe-work/2338556#2338556
http://stackoverflow.com/questions/651291/securing-a-net-application/651375#651375

Joel Coehoorn