Again,
You cann't change the compiled IL
the assembly will fail executing
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL PROTECTED]
Only 10 kind of people understand me. Those who are and those who aren't.
Ido Samuelson/Israel/Contr/[EMAIL PROTECTED]
Sent by: "Moderated discussion of advanced .NET topics."
<[EMAIL PROTECTED]>
19/04/2004 05:30 PM
Please respond to
"Moderated discussion of advanced .NET topics."
To
[EMAIL PROTECTED]
cc
Subject
Re: [ADVANCED-DOTNET] Application registration
is simply circumvented by altering the IL a bit to simply skip the
'CheckLicense' routine which does the communication with your server and
it's cracked.
you can't changed an assembly. thats the point of security! add to it a
strong name assembly and it is imposible to fake either.
Best Regards,
Ido Samuelson
IBM Global Services (Israel)
Tel: 972-3-5313765, Mobile: 972-67-888150.
Fax: 972-3-5313500, E-mail : [EMAIL PROTECTED]
Only 10 kind of people understand me. Those who are and those who aren't.
Frans Bouma <[EMAIL PROTECTED]>
Sent by: "Moderated discussion of advanced .NET topics."
<[EMAIL PROTECTED]>
19/04/2004 12:01 PM
Please respond to
"Moderated discussion of advanced .NET topics."
To
[EMAIL PROTECTED]
cc
Subject
Re: [ADVANCED-DOTNET] Application registration
> I have nearly finished a new application and we want to
> protect our investment.
>
> What is the best way to implement product registration? Is
> there an example around?
>
> I have read that some people are using the HD Volume number
> as a key to ensure each installation is unique. Is this a good idea?
>
> We want registration to be such that the software generates a
> key (unknown to the user) and together with the serial number
> entered is used by our server to provide a license key.
>
> I would appreciate pointers on a satisfactory solution.
The only one I can give you is a reality check, I'm afraid: no
matter how protective you are, it is breakable. The system you envision
is simply circumvented by altering the IL a bit to simply skip the
'CheckLicense' routine which does the communication with your server and
it's cracked.
The harder you make this process (thus check on random spots for
a license will do, for example in encrypted code which is decrypted in 1
go and also contains vital code so it can't be hacked out, see CodeDom
for pointers) the better, but if your application is very popular, it
will be cracked no matter what you throw in: a cracker will simply NOP
the call to the check routine and will make the code to believe the
check was valid.
Decompilation prevention will help you in this, however an
obfuscator is often not that sufficient as public methods often aren't
obfuscated, so the obfuscator needs to re-arrange code as well (which
makes decompilation harder).
I recently remembered that back in the old days of the demoscene
we used .exe packers like upx. I tried that one with .NET code but it
obviously failed, but the idea is nonetheless interesting for
decompilation prevention: it picks up the .exe, compresses it and adds
it's runtime decompressor to it. This thus leads to a .exe which is not
decompilable with reflector for example. At runtime it then decompresses
the .exe in memory and passes execution to the actual start routine.
Because .NET .exe's are not native win32/pe format, this doesn't work,
but perhaps your team can look into the upx sourcecode and change it a
bit to have it work with .NET executables.
(http://upx.sourceforge.net/#download . Remember, this doesn't work with
.NET out of the box)
Frans.
--------------------------------------------------------------------
Get LLBLGen Pro, the new O/R mapper for .NET: http://www.llblgen.com
My .NET Blog : http://weblogs.asp.net/FBouma
Microsoft MVP (C#)
--------------------------------------------------------------------
===================================
This list is hosted by DevelopMentor® http://www.develop.com
Some .NET courses you may be interested in:
NEW! Guerrilla ASP.NET, 17 May 2004, in Los Angeles
http://www.develop.com/courses/gaspdotnetls
View archives and manage your subscription(s) at
http://discuss.develop.com
