Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   (Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8) (https://forum.exetools.com/showthread.php?t=15161)

delidolunet 07-28-2013 03:40

(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8)
 
Hello,

What is the best source code protection for .NET platform?

Im developing Windows Phone, Silverlight (.XAP) and Windows 8 apps and as well classical Windows apps.

I want to protect my source codes as possible. I know there is no guaranteed complete protection but I want to get the best protection.

Could you share your knowledge with me to protect my apps? And if there is a tutorial about your post, I'll be appreciative.

(I was using Eziriz and Smartassembly for protection but de4dot passing the protection as I can see.)

Thanks.

sendersu 07-28-2013 17:21

THere is a tradeoff (as usually :))

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later :)
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection :). I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.

delidolunet 07-28-2013 23:24

Quote:

Originally Posted by sendersu (Post 86001)
THere is a tradeoff (as usually :))

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later :)
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection :). I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.

I got your point and I think so.

There is no any big product that Im talking about. I'll develop a small game and I just dont want to everyone reverse it :) Actually a noob protection is okay for now. I think double protection could be stronger for noobs (for ex. eziriz + smartassembly protection).

What you think about that? And can you tell me any VM based protection product if you know?

sendersu 07-29-2013 00:41

well, I recommend you to apply protection and then use de4dot to see if it's a matter of 30 sec to unpack your double-triple-nth layer protection :)

regarding .net vm-ing
I could recall only one product - eazfuscator.net
probably there are some others, not sure.....
good luck

Av0id 07-29-2013 16:02

Any protection will slow down an already slow .NET. Better make money on quality support or something divorced from protection. Change your vector.

On the topic, obfuscate strings.

delidolunet 07-31-2013 09:27

Quote:

Originally Posted by sendersu (Post 86006)
well, I recommend you to apply protection and then use de4dot to see if it's a matter of 30 sec to unpack your double-triple-nth layer protection :)

regarding .net vm-ing
I could recall only one product - eazfuscator.net
probably there are some others, not sure.....
good luck

.net apps generally does not work after 3rd or more protection so... :)

we have no real protection on .net as I can see.

do you have a link full version of Eazfuscator?

Quote:

Originally Posted by Av0id (Post 86015)
Any protection will slow down an already slow .NET. Better make money on quality support or something divorced from protection. Change your vector.

On the topic, obfuscate strings.

Yes I saw that by myself but its okay.

NimDa2k 07-31-2013 15:09

are you test .NET Reactor?

.NET Reactor is a powerful code protection and software licensing system for software written for the .NET Framework, and supports all languages that generate .NET assemblies.

Code:

http://www.eziriz.com/

athapa 08-02-2013 10:33

I've used Codeveil and Crypto Obfuscator. The 2nd one is 10 times cheaper!

I won't say they are perfect but they've helped me deter the causal crackers.

The best I've seen so far is the "Salamander .net Protector". When you use reflection to see what is in the .net functions, it will appear empty so for most part you can't just use ildasm, update the il, and use ilasm which is possible with most other obfusctors.

I'm sure some of the members of this community can crack applications protected by Salamander as well but the bar is a lot higher!


All times are GMT +8. The time now is 20:59.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX