wayne wrote:
Thanks frans, you gave me alot of information and told me about alot of holes that i never ever considered. Never even thought about making my exe methods internal...
What obfuscator do you recommend?
I used the community edition of dotfuscator which comes with vs.net. As all methods and classes are internal, the obfuscation is very very good
Now, before you ask me, no I won't tell you how I protected LLBLGen Pro
He, he, he, But why?
So I assume you don't use a third party library? I was hoping to find some recommendations on good thridparty copyprotection librarys - i can't spent to much time on this - so no time for custom protection library.
No, these libs are very lame. It took me 2 minutes to crack the protection of Xheo's demo protection logic, just with reflector and it could have been even less than 2 minutes. I tried to crack it because I looked into it to protect our demo application. Before I decided to go with their solution I thought it would be good to see if I can circumvent the trial time period. That was very easy actually. Also, by setting back the system time worked! The oldest trick in the book.
There aren't many solutions for .NET though which is logical: a standard, turn key solution has a big downside: a lot of applications use it, so as soon as the inner workings are known, you can crack any application with that protection.
What disturbed me the most was that Xheo apparently didn't look into the flaw every trial protection has: where to store the starttime of the trial period? They went for the most easiest solution, which can be found with every registry key monitor and file monitor within seconds. So as soon as you have that, you can restart a trial period without problems, the one thing the protection has to prevent.
Also, a fancy protection is useless if you can simply comment out the call to the protection. So if the protection works like:
if(!CheckLicense())
{
// invalid, exit
HandleInvalidLicense();
}
// proceed, valid license.
and CheckLicense() uses a tremendous clever protection scheme, all I have to do is:
if(false)
{
// invalid, exit
HandleInvalidLicense();
}
// proceed, valid license.
or return true from CheckLicense always and I'm set. You can easily do that by first using ILDASM to export to a file, then alter the IL, and then use ILASM to get back the assembly. Of course, it's not signed then, so you have to remove the signed signatures of all referenced assemblies as well, as a signed assembly can't reference a non-signed assembly
wayne wrote:
Hey Frans are you sure you obfuscated your last release?
If i use a reflector tool i can see all the method names public and internal, and all classes - the names have not been mangled up at all - clever trick to keep all public method of an exe as internal - I really liked that one.
The official version is not obfuscated, the demo is. The official version requires a license to run, you can hack that out of the code of course, but you can only retrieve an official one if you buy it first. To hack out that check, you have to change the signature of the assembly, because they're signed and resigning them with my key is not possible. This will make it easy to track if the assembly is modified: check the signature of the assembly