How do I best obfuscate my C#.net app Product Key verification code?
Is it enough to place it in a "INTERNAL SEALED CLASS CLASSNAME { };" or do I need to do more?
Thanks!
+12
A:
Access modifiers like internal and sealed don't have anything to do with obfuscation or code security, they just tell other classes how to interact (or not interact) with them.
At the end of the day, there's nothing you can do to prevent piracy. Anything created by one human can be broken by another. There are loads of questions on SO that deal with product keys, keeping software secure, etc. which you can find if you use the search mechanism in the upper-right. All the answers cover a few basic ideas that anyone with a little sense will tell you:
- Only put enough effort into your anti-piracy measures to make cracking the software a little less convenient than breaking out the credit card. If that's really hard to do, you are charging way too much for your customer base.
- If you focus on building positive relationships with your customers instead of assuming they are criminals, they will be more willing to give you money.
- Most customers - individuals and especially companies - don't have any interest in cracking open your assemblies and trying to figure out how to get away with not paying you. For individuals, they wouldn't pay for it anyway so you're not losing a sale; and companies wouldn't risk mountains of cash in legal problems for the cost of some software licenses.
Research public/private and elliptic key cryptography and you'll find ways to secure your key algorithm, but it will only prevent cracking the key, not bypassing it.
Rex M
2009-02-02 01:44:48
What Rex M says is true. Use a public/private key encryption scheme to generate your keys. Obfuscate your code with something like Dotfuscator. But ultimately, people can still crack it if they want to by modifying some conditional jumps in the executable.
Simucal
2009-02-02 01:47:29
@Rex M, I agree to your 3rd point, but what about one individual/company buying only one license and using it on multiple machines, for this some protection is necessary right?
Akash Kava
2010-07-05 07:35:07
+1
A:
Rex is correct, internal sealed class won't hide anything. Use a one-way encryption hash (e.g. MD5CryptoServiceProvider) to protect passwords and keys.
Bob Nadler
2009-02-02 01:48:57
+1
A:
Use Microsoft Software Licensing and Protection service.
Software Licensing and Protection Services can help you protect, package, license, sell and control your software.
To protect your IP you can select certain functionality for one-way transformation, and this transformed code runs within a secure virtual machine (SVM), with each vendor receiving a unique SVM
Hasan Khan
2009-02-02 04:42:43
+2
A:
I agree with Rex M, you should consider using an asymmetric encryption algorithm such as elliptic curves cryptography to avoid keygens. And if you are interested in a commercial solution then try Ellipter - it uses elliptic curves and has some useful features like product info and expiration data embedding into generated serial keys.
Roland
2009-12-12 14:16:02
Or any PGP system, really. Put the public key in the application, and let the application developer (or company) hold the private key.
Arafangion
2010-07-05 07:57:27
A:
Making a class internal or sealed won't help your cause. The soure code can be viewed in Reflector anyway. You need to use an obfuscator such as Crypto Obfuscator. For product keys, use a licensing system such as CryptoLicensing.
logicnp
2010-04-02 09:55:13
A:
we are not getting what u r telling in this. we want the answer directly pls provide
hari
2010-07-05 07:29:50