1

Based on accepted answer of this post How can I create a product key for my C# application? I would better to investigate (for didactic scope) what really means with "security check skip" terms.

As far as I know, a simple boolean comparsion can be cracked within 5 seconds, for example: if(textBoxActivationKey.Tex == "123") ok...else ko. That represents a classic weakness of any secuirty system solution, so what really can be more efficient against simple comparsion?

Somewhere I remeber to have read to use some exception throwing for crash the application rather then use bool comparer, but I guess it cannot be enough.

Granted that (at least theorically) anything can be cracked, how make it really sofisticated secure activation system? Which can be a real deterrent?

Community
  • 1
  • 1
bit
  • 934
  • 1
  • 11
  • 32
  • 1
    I am not marking it as a duplicate but I answered a very similar question [here](http://stackoverflow.com/questions/11711446/how-to-protect-net-exe-from-decompiling-cracking/11711593#11711593) you may want to read over. It goes over some of the difficulties of protecting your code from being cracked. – Scott Chamberlain Jan 13 '13 at 19:14
  • I like your first recommended solutions, however it's not clear for me how it really should works. I'll make some search on the net. Thanks. – bit Jan 13 '13 at 21:07

1 Answers1

0

Are you looking for efficiency or effectiveness? Most applications phone home. That seems to be a pretty good activation method. However, this means that the user must be online to activate.

If you must be online, and the activation is done through a service (that you own) on a server somewhere, then you can instantly record that the activation key has been used (and invalidate it).

I'm not an expert on this subject, but I think if the shipped key represents only part of the full activation key and the rest must be received from a server, that might work.

Davin Tryon
  • 66,517
  • 15
  • 143
  • 132
  • 1
    I'm looking for both. Yes, I can build my activation service and it doesn't matters whether users need to be online. However, it seems to be lacking too, because some hacker could skipping my code section used to call my service and manage the response.. – bit Jan 13 '13 at 18:28