|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Dumb question about application protection/cracking...If this is a stupid question, please accept my apologies! I want to create 'trial' based software that expires after 30 days unless the user purchases a licence. However, it generally doesn't take long before some smartass has cracked the software and posted in emule/edonkey, etc! Generally these cracks come in the form of a replacement .dll that has bypasses the checks made in the original .dll. Since it is possible to strong name all libraries in your application and make the application die if the correct strong name is not applied to one of the libraries, does this make .net applications more/less/as secure than 'traidional' EXEs ? I guess where I am leading is... "What is the most effective way of protection applications from cracks?" I appreciate that absolutely nothing will keep the crackers away if they are persistent enough but I am looking for something that will make cracking my app as difficult as possible. Any ideas? Best wishes. Using a Strong Name is not a bad start, though it is possible for someone
nimble enough with ILDasm to copy with public key hash from the assembly manifest before re-compiling an updated version of you're DLL. You can also use some declarative security techniques to demand callers have a particular identity...the PublisherIdentityPermission class comes to mind (http://msdn2.microsoft.com/en-us/system.security.permissions.publisheridentitypermission.aspx) Since CLR makes disassembly pretty easy, then there is also the prospect of obfuscating your compiled code, which at least makes it a little more difficult for someone to figure out. It's all about the level of effort involved in cracking something vs the value of not paying for it. Show quote "Sigol" wrote: > Hi, > > If this is a stupid question, please accept my apologies! > > I want to create 'trial' based software that expires after 30 days unless > the user purchases a licence. > > However, it generally doesn't take long before some smartass has cracked the > software and posted in emule/edonkey, etc! > > Generally these cracks come in the form of a replacement .dll that has > bypasses the checks made in the original .dll. > > Since it is possible to strong name all libraries in your application and > make the application die if the correct strong name is not applied to one of > the libraries, does this make .net applications more/less/as secure than > 'traidional' EXEs ? > > I guess where I am leading is... > > "What is the most effective way of protection applications from cracks?" > > I appreciate that absolutely nothing will keep the crackers away if they are > persistent enough but I am looking for something that will make cracking my > app as difficult as possible. > > Any ideas? > > Best wishes. Hi Casey,
Thanks for your reply. After I posted my question, I did a bit of reading and found some useful stuff here: http://www.atrevido.net/blog/CategoryView.aspx?category=Code So far, from what I am seeing there just simply is no effective way of protecting software! Thanks Sigol Show quote "Casey Kramer" wrote: > Using a Strong Name is not a bad start, though it is possible for someone > nimble enough with ILDasm to copy with public key hash from the assembly > manifest before re-compiling an updated version of you're DLL. > > You can also use some declarative security techniques to demand callers have > a particular identity...the PublisherIdentityPermission class comes to mind > (http://msdn2.microsoft.com/en-us/system.security.permissions.publisheridentitypermission.aspx) > > Since CLR makes disassembly pretty easy, then there is also the prospect of > obfuscating your compiled code, which at least makes it a little more > difficult for someone to figure out. It's all about the level of effort > involved in cracking something vs the value of not paying for it. > > "Sigol" wrote: > > > Hi, > > > > If this is a stupid question, please accept my apologies! > > > > I want to create 'trial' based software that expires after 30 days unless > > the user purchases a licence. > > > > However, it generally doesn't take long before some smartass has cracked the > > software and posted in emule/edonkey, etc! > > > > Generally these cracks come in the form of a replacement .dll that has > > bypasses the checks made in the original .dll. > > > > Since it is possible to strong name all libraries in your application and > > make the application die if the correct strong name is not applied to one of > > the libraries, does this make .net applications more/less/as secure than > > 'traidional' EXEs ? > > > > I guess where I am leading is... > > > > "What is the most effective way of protection applications from cracks?" > > > > I appreciate that absolutely nothing will keep the crackers away if they are > > persistent enough but I am looking for something that will make cracking my > > app as difficult as possible. > > > > Any ideas? > > > > Best wishes. "Sigol" <Si***@discussions.microsoft.com> wrote in message Yes, this can also be observed from the fact that there is a crack availablenews:DA8061DD-62D8-4578-A5C6-A92B83CA1C66@microsoft.com... .... > So far, from what I am seeing there just simply is no effective way of > protecting software! > .... on the internet for almost every commercial product (if it's not cracked, then probably it is not usefull). Some of the products cracked are property of companies with billions of dollars in revenue, so if they cannot protect it with all that money, how can anybody else? Regards, Goran > Yes, this can also be observed from the fact that there is a crack Or as they say, you know how successful your software is based on how> available on the internet for almost every commercial product (if > it's not cracked, then probably it is not usefull). Some of the fast and how many cracks are found on the net. Sigol, it depends who you are trying to protect your application from and how much it costs. you can add several layers of protection to your application, depending on the target audience. On Fri, 2 Jun 2006 06:52:01 -0700, Sigol
<Si***@discussions.microsoft.com> wrote: >I appreciate that absolutely nothing will keep the crackers away if they are different view on the question:>persistent enough but I am looking for something that will make cracking my >app as difficult as possible. http://www.codeproject.com/gen/design/UnconventialWisdom.asp -- pozdrawiam, Jarek Andrzejewski  |
|||||||||||||||||||||||
Other interesting topics