Dumb question about application protection/cracking...

[Guest]

Hi,

If this is a stupid question, please accept my apologies!

I want to create 'trial' based software that expires after 30 days unless
the user purchases a licence.

However, it generally doesn't take long before some smartass has cracked the
software and posted in emule/edonkey, etc!

Generally these cracks come in the form of a replacement .dll that has
bypasses the checks made in the original .dll.

Since it is possible to strong name all libraries in your application and
make the application die if the correct strong name is not applied to one of
the libraries, does this make .net applications more/less/as secure than
'traidional' EXEs ?

I guess where I am leading is...

"What is the most effective way of protection applications from cracks?"

I appreciate that absolutely nothing will keep the crackers away if they are
persistent enough but I am looking for something that will make cracking my
app as difficult as possible.

Any ideas?

Best wishes.

 

[Guest]

Using a Strong Name is not a bad start, though it is possible for someone
nimble enough with ILDasm to copy with public key hash from the assembly
manifest before re-compiling an updated version of you're DLL.

You can also use some declarative security techniques to demand callers have
a particular identity...the PublisherIdentityPermission class comes to mind
(http://msdn2.microsoft.com/en-us/system.security.permissions.publisheridentitypermission.aspx)

Since CLR makes disassembly pretty easy, then there is also the prospect of
obfuscating your compiled code, which at least makes it a little more
difficult for someone to figure out. It's all about the level of effort
involved in cracking something vs the value of not paying for it.

 

[Guest]

Hi Casey,

Thanks for your reply. After I posted my question, I did a bit of reading
and found some useful stuff here:
http://www.atrevido.net/blog/CategoryView.aspx?category=Code

So far, from what I am seeing there just simply is no effective way of
protecting software!

Thanks

Sigol

 

[Goran Sliskovic]

....

So far, from what I am seeing there just simply is no effective way of
protecting software!

....

Yes, this can also be observed from the fact that there is a crack available
on the internet for almost every commercial product (if it's not cracked,
then probably it is not usefull). Some of the products cracked are property
of companies with billions of dollars in revenue, so if they cannot protect
it with all that money, how can anybody else?

Regards,
Goran

 

[Jarek Andrzejewski]

I appreciate that absolutely nothing will keep the crackers away if they are
persistent enough but I am looking for something that will make cracking my
app as difficult as possible.

different view on the question:
http://www.codeproject.com/gen/design/UnconventialWisdom.asp

 

[Hadi Hariri]

Yes, this can also be observed from the fact that there is a crack
available on the internet for almost every commercial product (if
it's not cracked, then probably it is not usefull). Some of the

Or as they say, you know how successful your software is based on how
fast and how many cracks are found on the net.

Sigol, it depends who you are trying to protect your application from
and how much it costs. you can add several layers of protection to your
application, depending on the target audience.