Best IT Recipes

How to prevent decompilation of any C # application

We plan to develop a client server application using C # and MySQL. We plan to sell the product on the shelf, like any other software utility. We are concerned about the decompilation of our product, which has some advantages for our competitors in terms of usability and functionality.

How can we prevent the decompilation of our software, so the business logic of the product remains intact?

We heard about the reflector and other decompilers, which makes our code very vulnerable to copy.

Our customer base is not corporate, but practical specialists who themselves cannot do this, but our competitors may want to copy / disable licensing or even copy code / functionality so that the cost of our product decreases in the market.

Any suggestions to prevent this are welcome.

Respectfully..

Obelisk

+18
c # licensing obfuscation decompiling
Aug 14 '09 at 5:44
source share
12 answers

If you deploy .NET assemblies on your client machines, then some kind of decompilation will always be possible using a reflector and similar tools.

However, this situation is not significantly different from what you came across if you wrote an application in native C ++. You can always decompile things - if this was not possible, the processor also could not understand it.

You can never defeat an expert cracker - they will consider your security as an intellectual riddle that will be solved only for a challenge.

The question revolves around how difficult it is to defeat your licensing practice and return on investment.

Sit down with a table and look at possible scenarios - the danger is probably less than you think.

Factors such as "ease of use" are visible in your software for any user to watch - so you think it's easy to copy. But a good user experience is rare (and rarely copied well), because most developers (including me) are not like ordinary users.

I would advise you to focus on making the cracker’s job more difficult, because you can never make it impossible, just unprofitable.

One opportunity to try: it is possible to precompile assemblies into native code as part of the installation process. Paint.NET does this for performance reasons. I believe that after you do this, you can abandon the original builds and use optimized native versions of the code.

+18
Aug 16 '09 at 10:22
source share

If it were me, I would not try to confuse; I'd:

  • Do not worry about this and do not strive to constantly improve and stay ahead.

But secondly

  1. Consider providing “secret” services over the Internet. You decide how important and possible it is. but it “prevents” decompilation because the end user doesn’t even have code.
+7
Aug 16 '09 at 10:25
source share

Google for .NET Obfuscator. You will find many products to help with this. There are also questions that are already asked in Stack Overflow.

Here are some of them:

EDIT : When searching for De-Obfuscating tools, I came across De4Dot , an open source tool. This tool supports decompiling obfuscated DLLs created by most commercial tools and does a pretty good job too.

+6
Aug. 14 '09 at 5:54
source share

The last time I looked at this, Spices.Net Obfuscator looked best on the market.

No, I do not work for them. :)

0
Aug 14 '09 at 5:56
source share

I am using smartassembly . It is easy to use and also has the ability to send crash reports back that you have built in.

0
Aug 14 '09 at 5:56
source share

Here is a similar question about Obfuscators . Maybe this gives you some useful information.

0
Aug 14 '09 at 5:58
source share

The obfuscators that others talked about are probably very good.

An alternative approach that you may not have considered is to code some basic business logic using a language that is fully compiled into machine code, such as C ++.

The advantage of this is that it is much harder for someone to decompile your code. The disadvantage of this is that you have bilingual code for support. This may not be the best approach for your situation, but is useful in cases where you only need to confuse a small part of the code, while the rest of the code is UI fuzz.

As an example, your medical software package can detect edges of, say, specific glands to tell your doctor the size of a specified gland. The algorithm for calculating the size of the gland from the raster image will be contained in a DLL written in C ++.

0
Aug 14 '09 at 6:09
source share

to answer your question about C ++ wrapper around .net code; I don’t think this will work, because when you deploy the application, the final dll dll dll and .net containing the business logic code will be separate objects, and those who want to get into your business logic can still just choose. net dll and look inside.

0
Aug 14 '09 at 8:45
source share

you can consider Remotesoft Salamander Protector is much better than anything else, which makes it impossible to decompile a high-level language.

Of course, anyone who is an expert can spend enough time on your software and understand it, because it decompiles some of them, but it hides the whole set and gets methods

So they can get a peak, but that’s all. they need to figure out the rest, which reduces the likelihood that someone will simply crack it.

hope this helps

0
May 03 '10 at 22:51
source share

Writing this topic in a long time. We purchased software called Intellilock , which is useful for preventing decompilation, obfuscation, and also has a strong licensing module.

We did not go for .NET Reactor , although it had more controls because Intellilock served our purpose well.

0
May 29 '10 at 11:19
source share

Intellilock has proven itself both in terms of obfuscation and licensing. But I would not recommend the product, since support is not relevant. We did not receive answers in time about the problem we encountered. We had to search and research independently or even change business requirements to achieve some goals.

With this answer, I’m not going to promote or downgrade any software, but I just want people to know about the product we use so that they can make a wise decision.

Obelisk

0
Dec 19 '12 at 5:32
source share

The obfuscator embarrasses the code, but the defender protects. You can use .Net protector: NetWinProtector

0
Jan 19 '15 at 1:43
source share


More articles:


All Articles