How to protect a dll

* pe***@mclinn.com (Peter) scripsit:

I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.

That's possible "out of the box":

<URL:http://msdn.microsoft.com/library/en-us/cpguide/html/cpconlicensingcomponentscontrols.asp>
<URL:http://windowsforms.net/articles/Licensing.aspx>

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

I don't see how that protects the code.
Cannot one can still decompile and defeat the code that using the licensing
components listed below?

--
http://www.standards.com/; See Howard Kaikow's web site.
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:2g************@uni-berlin.de...

* pe***@mclinn.com (Peter) scripsit:

I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.
That's possible "out of the box":

<URL:http://msdn.microsoft.com/library/en...nlicensingcomp
onentscontrols.asp> <URL:http://windowsforms.net/articles/Licensing.aspx>

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

* "Howard Kaikow" <ka****@standards.com> scripsit:

I don't see how that protects the code.
Cannot one can still decompile and defeat the code that using the licensing
components listed below?

I didn't yet play around with them, but I think additional obfuscation
may be the way to go.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

Obfuscation just makes the task of decompiling harder.
In addition, using obfuscation adds another, needless, element that could
botch up a project.
What if the obfuscator screws up things?
It's hard enough to debug as is without having to worry about problems
caused by obfuscation.

Not to mention, using the built-in, or another commercially available,
obfuscator, means that those obfuscators are likely to be targeted and
cracked at some point, if not already.
--
http://www.standards.com/; See Howard Kaikow's web site.
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:2g************@uni-berlin.de...

* "Howard Kaikow" <ka****@standards.com> scripsit:

I don't see how that protects the code.
Cannot one can still decompile and defeat the code that using the licensing components listed below?

I didn't yet play around with them, but I think additional obfuscation
may be the way to go.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

* "Howard Kaikow" <ka****@standards.com> scripsit:

Obfuscation just makes the task of decompiling harder.
In addition, using obfuscation adds another, needless, element that could
botch up a project.
What if the obfuscator screws up things?
Depends on the obfuscator. There are AFAIK obfuscators available that
do not break reflection, for example.
Not to mention, using the built-in, or another commercially available,
obfuscator, means that those obfuscators are likely to be targeted and
cracked at some point, if not already.

I think there is big difference to what we had in VB6 or C. If the
algorithm itself should be protected, don't put it onto the
client. Provide a web service or something like that on a separate
server.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

In the real world, most apps run locally, not over a web.

--
http://www.standards.com/; See Howard Kaikow's web site.
"Herfried K. Wagner [MVP]" <hi***************@gmx.at> wrote in message
news:2g************@uni-berlin.de...

* "Howard Kaikow" <ka****@standards.com> scripsit:

Obfuscation just makes the task of decompiling harder.
In addition, using obfuscation adds another, needless, element that could botch up a project.
What if the obfuscator screws up things?

Depends on the obfuscator. There are AFAIK obfuscators available that
do not break reflection, for example.

Not to mention, using the built-in, or another commercially available,
obfuscator, means that those obfuscators are likely to be targeted and
cracked at some point, if not already.

I think there is big difference to what we had in VB6 or C. If the
algorithm itself should be protected, don't put it onto the
client. Provide a web service or something like that on a separate
server.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

* "Howard Kaikow" <ka****@standards.com> scripsit:

In the real world, most apps run locally, not over a web.

In real world, 99,99 percent of the users do not want the source code
and do not decompile the application.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

>

I didn't yet play around with them, but I think additional obfuscation may be the way to go.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

Obfuscation will help protect your intellectual property, but it won't
prevent someone from distributing the latest version of your software
free. All they have to do is decompile, and step through one line at
a time to remove license checks or other checks, and presto - free
code.

The ability to decompile and step through line-by-line will always
ensure that anyone who wants your software without paying will have
it without paying.

> Obfuscation will help protect your intellectual property, but it won't

prevent someone from distributing the latest version of your software
free. All they have to do is decompile, and step through one line at
a time to remove license checks or other checks, and presto - free
code.

The ability to decompile and step through line-by-line will always
ensure that anyone who wants your software without paying will have
it without paying.

However in my country there is a law, that when you steal a car, the car is
still be stolen when you repaint it. However maybe that is not everywhere
the same.

Cor

* do*****@telus-dot-net.no-spam.invalid (Doknjas) scripsit:

Obfuscation will help protect your intellectual property, but it won't
prevent someone from distributing the latest version of your software
free. All they have to do is decompile, and step through one line at
a time to remove license checks or other checks, and presto - free
code.

I am still waiting for somebody to show me a sample where this has been
done.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

> Cor Ligthertwrote:
[quote:843e7a2233]Obfuscation will help protect your intellectual
property, but it won't

prevent someone from distributing the latest version of your software free. All they have to do is decompile, and step through one line at a time to remove license checks or other checks, and presto - free
code.

The ability to decompile and step through line-by-line will always
ensure that anyone who wants your software without paying will have
it without paying.

However in my country there is a law, that when you steal a car, the
car is
still be stolen when you repaint it. However maybe that is not
everywhere
the same.

Cor[/quote:843e7a2233]

Yes, of course - I live in one of the civilized countries also. I'm
just saying there is no safeguard for people wanting to break the
law. It is unfortunately incredibly easy to steal software,
especially software written in .NET.

> Herfried K. Wagner [MVP]wrote:
"]* do*****@telus-dot-net.no-spam.invalid (Doknjas) scripsit:

Obfuscation will help protect your intellectual property, but it won't prevent someone from distributing the latest version of your software free. All they have to do is decompile, and step through one line at a time to remove license checks or other checks, and presto - free
code.

I am still waiting for somebody to show me a sample where this has
been
done.

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>[/quote:502c6bd431]

I see your point, but I'm just saying that (to the original poster),
you're deluding yourself if you think you can protect your .NET app
from being available to someone wanting it. Obfuscation protects
someone from understanding your intellectual approach somewhat, but
the 2-step mindlessly simple process of (a) running the app through a
decompiler and (b) stepping through the resulting source code in
Visual Studio line by line to identify and remove license checks
(even though obfuscation makes them unreadable) is so straightforward
that there is no point in worrying about protecting against it.

Read through the posts and then decided that I'll encrypt my code at
the source level with blowfish encryption. I'll lose some efficiency
but all in all that should make it at least misreable for someone to
figure it out.

I wish this issue would be resolved in the new framework release. We
can always pray.

Had a good laugh "..paint a diff...color." We are a country persons
obscured from a genetically criminal pool = True and Old complaint.
That's why we have the most $$$ floating through our economy....even
when it is bad....

Read through the posts and then decided that I'll encrypt my code at
the source level with blowfish encryption. I'll lose some efficiency
but all in all that should make it at least misreable for someone to
figure it out.

I wish this issue would be resolved in the new framework release. We
can always pray.

Had a good laugh "..paint a diff...color." We are a country persons
obscured from a genetically criminal pool = True and Old complaint.
That's why we have the most $$$ floating through our economy....even
when it is bad....

* pe***@mclinn.com (Peter) scripsit:

Read through the posts and then decided that I'll encrypt my code at
the source level with blowfish encryption. I'll lose some efficiency
but all in all that should make it at least misreable for someone to
figure it out.

Hopefully, it's not decrypted when loaded into memory...

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

* pe***@mclinn.com (Peter) scripsit:

Read through the posts and then decided that I'll encrypt my code at
the source level with blowfish encryption. I'll lose some efficiency
but all in all that should make it at least misreable for someone to
figure it out.

Hopefully, it's not decrypted when loaded into memory...

--
Herfried K. Wagner [MVP]
<URL:http://dotnet.mvps.org/>

Sorry to be late :)

Steps to protect your software:

1. Don't tell anybody you made it, not even to your mather

2. Don't allow anyone to uses your computer

3. Don't distribute your software (it comes from 1.)

4. Don't connect to internet using the computer where your software resides.

5. Place lots of intruder alarms in your computer room

hope this helps a bit?

Peter wrote:

I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.

Sorry to be late :)

Steps to protect your software:

1. Don't tell anybody you made it, not even to your mather

2. Don't allow anyone to uses your computer

3. Don't distribute your software (it comes from 1.)

4. Don't connect to internet using the computer where your software resides.

5. Place lots of intruder alarms in your computer room

hope this helps a bit?

Peter wrote:

I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.

pe***@mclinn.com (Peter) wrote in message news:<dc**************************@posting.google. com>...

I wrote a dll and now I want to protect from mass distribution. What
is the most COST software for doing this, or can it easily be done in
vb.net.

We offer two products that may help protect your .NET intellectual
property. We use them ourselves to protect shipping versions of our
products. You can download free trial versions of both of them from
our website at http://www.junglecreatures.com/ Our Decompiler.NET
product serves both as a decompiler and language translator, and an
obfuscator. The decompiler feature will help you understand how
exposed your obfuscated code may be. Our Deploy.NET product,
compresses your assemblies into a single encrypted archive resource
embedded in loader application that displays your version info. This
adds a second level of protection on disk by loading the unencrypted
obfuscated code in memory only for execution. This doesn't prevent a
memory dump of process memory, but it makes it much more difficult for
someone to hack your obfuscated code using a debugger. Deploy.NET will
take advantage of secure computing hardware when it is available so it
will be possible soon to load the executable unencrypted code into a
memory space held private by the OS that supports execution but not
read, and prevents other processes for loading concurrently with the
protected application.

Go ahead and try both products for free by downloading them from
http://www.junglecreatures.com/

Jonathan Pierce
President
Jungle Creatures, Inc.
http://www.junglecreatures.com/