A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.
Anyone here do obfuscation for .net? I'm looking to add some extra protection to my key activation part of my program, as a co-worker was able to reverse-engineer a keygen in about an hour just using reflector...
Of course low cost is good :)
Anything I need to look out for while using one?
I'm a big fan of Xenocode postbuild:
You can get it to obfuscate the code so that method names, properties, etc. look like random text in Reflector. Another thing it can do is change the compiled code so that it functions the same but it alters the code flow to make it more confusing for the determined reader.
You can additionally get Xenocode to modify the header of .NET executables so they can't be loaded in Reflector at all.
Things to look out for include remembering that crash reports containing call stacks (if your software gives the option to send them back to base) will be obfuscated so you'll want to hold onto the map file Xenocode generates to unmangle them.
Also if you use any form of serialisation or reflection in your code you may want to exclude certain classes from obfuscation (which you can easily do) as that can really mess things up.
It's also worth saying that anyone determined enough will be able to reverse engineer your code but to thwart the casual hacker it'll do a good job.
Thursday, January 24, 2008
Check out .Net Reactor http://www.eziriz.com
It's got much better protection than overpriced obfuscators plus some additional nice features.
Friday, January 25, 2008
Wea re looking at .Net Reactor http://www.eziriz.com too. One thing to look at for is that for a while they could not be loaded on a 64-bit OS at all. Their app and anything protected with it would not run. I reported this when I first had it, but I do not know if they have fixed it at all.
>> Anything I need to look out for while using one? <<
Yes. Using obfuscation on its own won't stop keygens - the pirates will just use a black box approach instead.
If you use public/private key encryption for your serial numbers, this will stop original keygens completely, regardless of access to any form of your source code. But note that you should also encrypt the public key stored in your binary.
The easiest way around thus is for the pirate to replace the public key stored in your binary with his own public key. But this means that he has to create and host a patched binary, rather than just create a keygen. That's a significant extra overhead.
Saturday, January 26, 2008
Why don't you use .NET Encryption/Protection technique? Your .NET assembly will be encrypted then decrypted at run-time. A product that I would recommend to anyone to use is ElecKey 2.0 http://www.sciensoft.com
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz