THere is a tradeoff (as usually
)
1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later
both way has pros and cons (as usually)
you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)
2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....
that is my IMHO vision, so probably I'd be wrong in some parts
s.
P.S. there is a 3rd way - the best way to protect is 0 protection
. I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.