0

My software (written in C#/.NET) have a simple key license system to activate certain resources. The way it works is: it creates a unique code based on the running computer's hardware, then mix this value with the client's activated licenses to create a password that will, on that specific computer, liberate access to the determinated resources. The key given to the client is a file with the password.

The way it verifies this is even simpler: the software calculates the expected password, and then matches with the password stored on the file. If it matches, the resources are liberated.

So, since the software itself calculates the correct password, I wonder if it's possible to someone take the software's DLLs and hack them to discover the calculation method.

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
André Santaló
  • 639
  • 1
  • 9
  • 24
  • Well, it's .NET, so it can be [decompiled](http://www.jetbrains.com/decompiler/) to get the general "gist" of the source code. – Arran Jan 10 '14 at 17:18
  • Obfuscate your software to make it at least difficult to understand. – Federico Berasategui Jan 10 '14 at 17:20
  • I found [this question](http://stackoverflow.com/questions/14658131/exe-comperession-for-the-net-app-algorithm-shows-strange-chars-with-the-real/14658504#14658504) particularly hilarious :) – Hans Passant Jan 10 '14 at 17:38

1 Answers1

2

Yes, and if you don't put effort in to obfuscating your code it is trivial to do.

There will always be ways to get around any protection you put in place, the only thing you can do is make it difficult enough that any attacker will get too frustrated and declare it is not worth his time to try and reverse engeneer your software. It is just a matter of how much time/money is it worth it to you to keep that one extra person from trying.

I wrote a fairly extensive answer to a similar question here that goes over what steps you can do to mitigate the problem, but there is nothing you can do to stop it.

Community
  • 1
  • 1
Scott Chamberlain
  • 124,994
  • 33
  • 282
  • 431
  • +1. As usual exactly the same applies to all other client-only licensing schemes in all languages (including native assembly). Also price tag would be much higher for one to crack reasonably designed license verification weaved into large code written in C++... – Alexei Levenkov Jan 10 '14 at 17:33
  • It is very trivial to crack such schemes using the proper tools. From the OP's description, I would not even have to "crack" the password at all, just replace the algorithm that checks for a match with code that s just returns the "password checks out ok" result. – Gary Walker Jan 10 '14 at 17:45