Protecting Code

[Typpo]

Hi all,

Because the programs I work on are intended to be limited to only
certain users, I have had several problems concerning people hex'ing out
authentication procedures and replacing strings such as the form title
with whatever they want.

I'm aware that there are many obfuscation and protection tools out
there, but I'm not really running on such a high budget for these tools.
Is there any way I can protect my code from hexing or reflection
without having to buy an extra program? I'm intrigued by Salamander,
which instead of obfuscators compiles to native machine code. Is it
possible to do this manually?

Thanks.

 

[Peter Bromberg [MVP]]

You may be confusing the Remotesoft Salamander product, which is their
decompiler with their "Protector"
product. That's the one that transforms assemblies into machine code like
compiled C++.

When you say "manually", if you are referring to doing it with the managed
code tools of Visual Studio.Net, no.
--Peter

 

[Michael C#]

You might be able to encrypt your internal strings using the built-in
encryption functionality in .NET. Or store your plain-text strings in an
XML file and perform a hash on them when the app loads. If the hash don't
match, shut the app down. Maybe a combination of both? There are
obfuscators that can also encrypt your plain text throughout the
application. Still not 100%, but with a combination of obfuscation,
plaintext encryption and a hash on your files to protect from mods, it would
seem like it would probably be a lot more trouble than it's worth to change
a Form Title... In fact, by the time someone figures it out, you might be
releasing the next version of your software...

 

[Michael C#]

P.S. - There are some free obfusctors out there. Not sure how well they
work, but I believe VS.NET even comes with a limited version of a product
called DotFuscator. Might be worth looking into if you're on a tight
budget.