1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can I make my .NET software tough to crack

Discussion in 'General Programming Chat' started by boffmaster, Sep 21, 2009.

  1. boffmaster

    boffmaster Junior Member

    Joined:
    Jun 1, 2009
    Messages:
    144
    Likes Received:
    32
    I have 2 Windows applications done in .NET that are ready to be released to the market.

    Any advice on how to protect them from being cracked? Can you encrypt the code somehow? I have some ideas but that area isn't really my strong point so I'd appreciate any ideas. They can be enabled/disabled with a registration code from a registration server but if that is somehow bypassed it would suck to be me,

    Thanks in advance for any tips, URLs, etc.
     
  2. xcubic

    xcubic Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 24, 2008
    Messages:
    440
    Likes Received:
    582
    Location:
    Internet
    You should have your own hosting with a database with all the user and the app should check the db for the user. And you need to engrypt the app too...

    Pm me to talk if you want ;)
     
  3. boffmaster

    boffmaster Junior Member

    Joined:
    Jun 1, 2009
    Messages:
    144
    Likes Received:
    32
    Any suggestions on what to use to encrypt the apps?
     
  4. l0l0

    l0l0 Registered Member

    Joined:
    Dec 17, 2008
    Messages:
    90
    Likes Received:
    38
    Home Page:
    I heard there is no good encryption for .net apps.
    By the way think about the pricing, what's reasonable.
    Do you want to pay $1900 for a $10 app?
     
  5. minute80

    minute80 Regular Member

    Joined:
    Dec 3, 2008
    Messages:
    310
    Likes Received:
    81
    Protecting .NET applications is notoriously difficult. My best advice to you as fellow developer is to implement reasnoable amount of protection, and just ignore everything else. I don't know what type of applications you have made, but best protected apps are those whose functionality is dependable on your server. This way, you can control illegal usage. For offline apps, people who get cracked version of your application, probably would not buy it at first place, so once again, don't worry about them at all.
     
  6. zackster

    zackster Registered Member

    Joined:
    Jan 9, 2009
    Messages:
    66
    Likes Received:
    33
    There are some.. Um... Questionable programs that can encrypt .net programs but those programs are very gray area stuff.

    There are other options like making the program check its hash for changes.
    Posted via Mobile Device
     
  7. luxint

    luxint Registered Member

    Joined:
    Jun 16, 2008
    Messages:
    68
    Likes Received:
    22
  8. LilWayne

    LilWayne BANNED BANNED

    Joined:
    Aug 20, 2009
    Messages:
    34
    Likes Received:
    12
    Trust me no matter what you do.. most likely it will get cracked.


    Even win license the latest one can be cracked.
     
  9. nycsavage

    nycsavage Junior Member

    Joined:
    Mar 31, 2008
    Messages:
    181
    Likes Received:
    62
    Gender:
    Male
    Occupation:
    Web Designer
    Location:
    UK
    Home Page:
    How about adding code that limits the software to one MAC address, when installation is complete, user MUST register, this will activate his/her software and save the MAC address in your database, then someone else comes along with the same serial number would not be able to activate the software.

    Obviously there are ways around this method, no method is 100% proof, but its as close as you can get IMO
     
  10. pyronaut

    pyronaut Executive VIP

    Joined:
    Dec 9, 2008
    Messages:
    1,229
    Likes Received:
    1,422
    If you have a real version of VS2008 (Not express etc), Then it comes bundled with dofuscator which will ob your apps. Thats probably the closest you will get to encryption.

    If you dont know what obfuscation is. It basically takes a method name like

    public void CheckUsername()
    {
    }

    and changes it to

    public void a()
    {
    }

    It doesnt exactly encrypt it. Just makes it a bit of a mission to read through the code and work out what everything does since nothing is descriptive anymore. Does this with all variables (Including things like enum's, structs), classes and methods.

    Do note its a bit of a mission to obb code that is within a Installation file , whether that be clickonce or otherwise. For this reason you will likely have to give out just the simple EXE instead of an installation. Kind of a pain for automatic updates etc.

    On top of that you also want to use variables within Checking of the login. So like variable++;. Then later on in the app check the value of that variable. If the variable is still set at 0. Then you know that the checking procedure never ran (Whether it be commented out etc), and then you can crash the app.

    On top of that. With your logins, for starters obviously make them a post request so that someone cant sit there fiddling with URL's. Then from your app you want to set the webrequest to hold certain cookies, referrers, useragents etc. And record all this in a database for whoever hits the server. That way you can tell mostly if someone is trying to crack it, because the referrer wont be set or the useragent has changed etc.

    All in all, you cannot protect apps 100%. All you can do is piss off the cracker enough with clever little traps that he will just give up alltogether.