Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-28-2013, 03:40
delidolunet delidolunet is offline
Friend
 
Join Date: May 2012
Posts: 18
Rept. Given: 7
Rept. Rcvd 10 Times in 2 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
delidolunet Reputation: 10
(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8)

Hello,

What is the best source code protection for .NET platform?

Im developing Windows Phone, Silverlight (.XAP) and Windows 8 apps and as well classical Windows apps.

I want to protect my source codes as possible. I know there is no guaranteed complete protection but I want to get the best protection.

Could you share your knowledge with me to protect my apps? And if there is a tutorial about your post, I'll be appreciative.

(I was using Eziriz and Smartassembly for protection but de4dot passing the protection as I can see.)

Thanks.
Reply With Quote
  #2  
Old 07-28-2013, 17:21
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 828
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 167
Thanks Rcvd at 342 Times in 192 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
THere is a tradeoff (as usually )

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection . I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.
Reply With Quote
  #3  
Old 07-28-2013, 23:24
delidolunet delidolunet is offline
Friend
 
Join Date: May 2012
Posts: 18
Rept. Given: 7
Rept. Rcvd 10 Times in 2 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
delidolunet Reputation: 10
Quote:
Originally Posted by sendersu View Post
THere is a tradeoff (as usually )

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection . I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.
I got your point and I think so.

There is no any big product that Im talking about. I'll develop a small game and I just dont want to everyone reverse it Actually a noob protection is okay for now. I think double protection could be stronger for noobs (for ex. eziriz + smartassembly protection).

What you think about that? And can you tell me any VM based protection product if you know?
Reply With Quote
  #4  
Old 07-29-2013, 00:41
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 828
Rept. Given: 324
Rept. Rcvd 216 Times in 110 Posts
Thanks Given: 167
Thanks Rcvd at 342 Times in 192 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
well, I recommend you to apply protection and then use de4dot to see if it's a matter of 30 sec to unpack your double-triple-nth layer protection

regarding .net vm-ing
I could recall only one product - eazfuscator.net
probably there are some others, not sure.....
good luck
Reply With Quote
  #5  
Old 07-29-2013, 16:02
Av0id Av0id is offline
VIP
 
Join Date: Jan 2006
Posts: 399
Rept. Given: 112
Rept. Rcvd 111 Times in 69 Posts
Thanks Given: 0
Thanks Rcvd at 15 Times in 15 Posts
Av0id Reputation: 100-199 Av0id Reputation: 100-199
Any protection will slow down an already slow .NET. Better make money on quality support or something divorced from protection. Change your vector.

On the topic, obfuscate strings.
Reply With Quote
  #6  
Old 07-31-2013, 09:27
delidolunet delidolunet is offline
Friend
 
Join Date: May 2012
Posts: 18
Rept. Given: 7
Rept. Rcvd 10 Times in 2 Posts
Thanks Given: 2
Thanks Rcvd at 2 Times in 2 Posts
delidolunet Reputation: 10
Quote:
Originally Posted by sendersu View Post
well, I recommend you to apply protection and then use de4dot to see if it's a matter of 30 sec to unpack your double-triple-nth layer protection

regarding .net vm-ing
I could recall only one product - eazfuscator.net
probably there are some others, not sure.....
good luck
.net apps generally does not work after 3rd or more protection so...

we have no real protection on .net as I can see.

do you have a link full version of Eazfuscator?

Quote:
Originally Posted by Av0id View Post
Any protection will slow down an already slow .NET. Better make money on quality support or something divorced from protection. Change your vector.

On the topic, obfuscate strings.
Yes I saw that by myself but its okay.
Reply With Quote
  #7  
Old 07-31-2013, 15:09
NimDa2k's Avatar
NimDa2k NimDa2k is offline
Friend
 
Join Date: Jan 2005
Posts: 123
Rept. Given: 3
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 1
Thanks Rcvd at 5 Times in 4 Posts
NimDa2k Reputation: 3
Thumbs down

are you test .NET Reactor?

.NET Reactor is a powerful code protection and software licensing system for software written for the .NET Framework, and supports all languages that generate .NET assemblies.

Code:
http://www.eziriz.com/
Reply With Quote
  #8  
Old 08-02-2013, 10:33
athapa athapa is offline
Friend
 
Join Date: Jul 2013
Posts: 22
Rept. Given: 4
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 4 Times in 3 Posts
athapa Reputation: 1
I've used Codeveil and Crypto Obfuscator. The 2nd one is 10 times cheaper!

I won't say they are perfect but they've helped me deter the causal crackers.

The best I've seen so far is the "Salamander .net Protector". When you use reflection to see what is in the .net functions, it will appear empty so for most part you can't just use ildasm, update the il, and use ilasm which is possible with most other obfusctors.

I'm sure some of the members of this community can crack applications protected by Salamander as well but the bar is a lot higher!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
C# (Classic .exe, Windows 10, Windows Phone etc.) Protection delidolunet General Discussion 7 10-11-2016 01:10


All times are GMT +8. The time now is 11:10.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX