Protecting a .Net assembly

Question

Recently I started investigating what can I do to protect the app we develop from hacking it. We agreed that we will use local License Server (without internet connection) + Machine HW Lock. I found a lot of tools that are capable of doing this. I'm not searching here for a recommendation for a tool to use, but rather I want to know what kind of features I should expect there.

Our company really worried about guys who tries to crack the software (they had a lot of problems around that in the past), but this is the first .Net app in our company, which has a lot of specifics.

For me to check the license in my app with the tools I investigated so far, I need to insert single call to this library that checks the license in the code. Theoretically this call can be removed. Of course the app will be obfuscated and it will be really hard to do that, but I guess it is still possible. There is also an option for a cracker to substitute the tool with the dummy dll that does nothing.

Should I be worried about that? And what solutions do I have if I should?

If you put a minus - please explain your reasons. I've tried to make the question constructive - if you do not feel that way let me know what I can do with it instead of just voting down — Archeg, Jun 04 '14 at 09:04
@LexLi - This reads as protection against licensing/piracy instead of reflection/Intellectual Property to me — James, Jun 04 '14 at 09:16
Obfuscation primarily does not prevent cracking, it just makes your code less understandable. — Mare Infinitus, Jun 04 '14 at 09:17
I think you shouldn't worried abouth this. If your app will be poppular it will be cracked anyway. Main thing that protection shouldn't disturb regular users. Edit: In case of low popularity you can use hardware keys. — Suhan, Jun 04 '14 at 09:08
The app will not be popular. It is something that will be sold 100 times the best - but for very big price. As the price is huge - it is actually reasonable for the users to try cracking it. — Archeg, Jun 04 '14 at 09:31

score 3 · Answer 1 · answered Jun 04 '14 at 09:11

3

Best way to protect something is to relay some important logic onto remote applications, like a server.

answered Jun 04 '14 at 09:11

AgentFire

8,944
8
43
90

Yes. That is: Do not give away what has the most value. – Mare Infinitus Jun 04 '14 at 09:18
I fully agree - but unfortunately, we cannot use this. Our app runs in the environment fully disconnected from the internet. – Archeg Jun 04 '14 at 09:29
@Archeg in the case, there is no need to waste amounts of your time for protection which can be broken anyway. – AgentFire Jun 04 '14 at 09:50

score 1 · Answer 2 · answered Jun 04 '14 at 09:48

Learn to think like a .net hacker and check out all the sessions from Jon Mccoy about hacking .net apps. This guy has a couple of very useful tools on his site. You can inject your .dll's into running app. domains, modify and replace existing dll's...You could push a return true to your function that does licensse checking and easily bypass security.

Somewehre in his session from ndc 2012 he suggest to put all stuff that has value into a separate unmanaged c++ dll and make interop calls from .net.

It is not about making your app bullet proof it's about "raising the cost of the hack", so if you include unmanaged dll's in your project you will raise the cost quite a lot probably.

Protecting a .Net assembly

2 Answers2