Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Imagine, I create an application ASP.NET MVC for a customer. This application is running an a local server of my customer (I call it customer1). Is there a way to make this application impossible to run foranother customer if customer1 give application to customer2 ?
Thanks,
Why are you bothering and wasting your time with things like this? Make sure you license your code, probably obfuscate it, and sell it to a customer. If he violates the license agreement and gives it to someone else that's his problem. Sue their asses and that's it, end of the story. But remember that no matter what you do they will find a way :-)
So focus on delivering a good product and customers will come by themselves to you asking you to buy it.
You could hardcode in a check for the domain it's running on perhaps. Simple but crude.
I think adding some checking to application start is not a bad idea. checking Computer name and Mac address doesn't seem bad.
1- check in your code for a value placed in a file has an encrypted data.
this file generated on windows root or some root the customer1 not know it.
this file will generate in activating through online connection or by yourself.
in runtime read file and decrypt, you may read values for expired date, some configuration you want.
you may check for as friends said for computer name, ip address anything difference customer1 from customer2
2- also you need to protect dll files from decompilation methods
My Regards
It's a Web Application -- the easiest way is to host the application for your customer, that way they won't be able to get the source for it.
Most applications use business rules, naming conventions, assets, etc. that are unique to their business. Hard code those values into your app so that a shared app just doesn't apply to another customer.
Beyond that, you can look into a real copy-protection package like DeployLX, Infralution or Desaware.
Take a look at Rhino Licensing.
James Gregory wrote a nice post on how to get started with it.
Also the link to a post by Balsamiq in James' article is well worth a read.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I want to be able to control directly in my program, what other users can do or can not do. I have an ActiveDirectory where the users are saved in 4 different right groups: "User" (Basic function to start the program), "Sales", "Accounting" and "Management" (Administration). The program checks which rights the user has. So right now I have to change the Code and release a new version if I want to change the rights for example "Accounting". But in near future I want to be able to just go to a special window in my program for something like "RightsManagement" and change which group can use which feature. These "RightSettings" should be saved in a global file which will be loaded from every user in our company. That's for the theory...I would like to know if there is a perfect way to do this, I would like to get many different approaches to this problem so I can choose the best for me. Something like a read-only Xml file?
It could be a xml file which is placed in a network drive so the program can access the file from every pc in the company. And that file should be read-only for users so they cant change the settings in that file. Of course through code and the "special window" Admins can set these settings and therefore overwrite the file.
Thank you for your help!
There is no perfect way. You could use a file on a share; a database; AD itself, a web service etc etc. Each has advantages and disadvantages.
You need to ask yourself a set of questions:
Do you have a database server you could use for this, or can you set one up easily and cheaply? How knowledgeable with regard to SQL are you?
What kind of access do you have to AD and how comfortable are you with writing an admin app to manipulate it?
Do you have a suitable file share that everyone, save admins only has read access to and for which admins have write access?
and so forth, depending on which solutions you consider. Only you can ask the full set of questions and answer them and therefore come to a conclusion on which is best for you.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a question about changing an variable of an application from another application.
For example: If in 1.exe I have defined string a="a", how will I be able to change a="a" to a="b" by using another application?
Do I have to get the memory address of string and then change it's content to b? Or Is there any another easier way?
You can set up a shared resource for the two applications and read the values from there. It could, be a database, cache or even a simple text file.
Refresh the variables from the shared resource when appropriate.
Given the scenario you have mentioned (i.e. you do not control the code for the 1st application).. The general idea of opening the target process with admin privileges, finding the memory location you want to update, and then updating it applies..
However, be warned that it will generally not be that simple. For example,
It can be extremely hard to predict, how many copies, of the variable are maintained by the applications logic, and where?
Without disassembling the code (no way a trivial task.. none of this is), scanning for the value and guessing the memory location is the only option which comes to mind. But it has the risk of making wrong guesses, and corrupting the entire process.
PS - There are freely available software, which attempt to do exactly what I've described above.. I'd advise that you try to examine how they work (scenarios they support), to get better idea of what you are trying to accomplish.
PPS - Also be careful what you download.. Applications like these, if downloaded from un-reliable sites, can be damaging / security risk.
I think the easiest way is communication with network sockets in localhost via UDP or TCP. It gives you a good event mechanism so you can easily handle your data without checking the new data changes frequently, also will be doesn't matter how amount of application communicating each other in same time. Other solutions like shared memory etc. will be hard to control especially when you running three and more apps.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I release a bunch of tools for free, but recently I have began to sell an application, that has private research, and people have been able to get my source code, and one person publically released my entire source. I spent a lot of time on this program, just to have someone crack it, and release my entire source.
How can I go about protecting my program? I have tried HWID, but people are still able to crack it. I know I am limited by C#, but it the most convenient to use. I just need a way to protect my programs from people trying to do this.
You could have a look at the many obfuscation tools that are out there, for example these:
http://gapotchenko.com/eazfuscator.net
http://orangeheap.blogspot.nl
http://confuser.codeplex.com (succeeded by https://yck1509.github.io/ConfuserEx/ and then again by https://github.com/XenocodeRCE/neo-ConfuserEx)
http://ntoolbox.com)
Well, the problem with languages like C#/Java is that they are generally much easier to de-obfuscate. The way to secure this is generally to put this stuff into a webservice, but you said you couldn't really do that. What about porting specific non-trivial functions over to a language like C, and obfuscate that. Your C# program could then use reflection to make calls to this external/unmanaged dll. It would increase the difficulty for de-obfuscating, but the problem is that if someone wants it bad enough, they can figure it out as it is client-side.
It may be that legal action is the only real solution here, but this is not a site for legal advice, and I am not qualified to give it if it were.
Additionally, this could be a business decision. Consider Making your software open-source and post a donation link. I am also not qualified to give business advice, but this is worth considering. It may actually increase your revenue, not to mention the other benefits that come with releasing open-source software.
There's Dotfuscator (http://www.preemptive.com/products/dotfuscator/overview). But the best solution in some cases is to offer what you do as a web site (Software as a Service).
Consider this tool for example to convert VB to C#: http://converter.telerik.com/
Or this tool to format JSON: http://jsonformatter.curiousconcept.com/
This may or may not work for you. I don't know what the nature of the software you're trying to protect is.
No, your code needs to contain the information needed to decrypt itself, its an impossible problem to solve.
Your best solution is to put your intellectual property on a server in the cloud that only you have access to. Give your customers a unique login, audit their access to check for abuse, off load as much grunt work onto your customers machines, but keep your algorithms locked into the cloud.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 3 years ago.
Improve this question
Is there a way to obfuscate c# code (visual studio solution ) so that if soem one even get the project could not understand it ?
note: I'm not talking bout obfuscating assembly/Executable here..
I've not seen anything commercially, but you could probably write your own application to do this. I actually know someone once did this for some ASPX pages that were being deployed.
You'd have to take similar steps:
Rename all local variables to very similar names B___0, B_0 etc.
Rename all internal and private methods/classes and all their references.
Encode all your strings.
Insert random code/calls that don't do anything.
Consider why you want this though... It means:
You can't ever view your own code. You'll have the original somewhere - why not just password protect it?
You're going to screw with any source control you're running.
You're going to have some crazy "process my entire solution" everytime you save/publish it?
In short it's probably not a good idea, which is why you probably can't find a commercial solution.
Close the door and windows tight.
Disconnect your computer from Internet during the developement.
Obfuscate your assemblies when your done.
Save them a a disk.
Burn down your computer.
Keep hitting your head onto a wall until you fergot why you're doing it.
There, you're safe, nobody will ever have the same exact source.
I hope your application has no bug, though.
A more sensible alternative might be to just encrypt your hard drive using something like
BitLocker or
TrueCrypt.
Obfuscate the dll
Use a decompiler like ILSpy and decompile the dll
This way you get obfuscated C# code.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I've made a program that I need to license before selling it to customers. Since I'm not sure, that it will gain me at least the cost of commercial licensing software, I would not like to buy one.
So I'm looking for advice on how to implement licensing feature with following logic:
All license keys are validated on server side each time application starts (no licensing info is stored at userside except the license number).
There is only one application running with one license key at the same time.
What I do not know is how to protect my program from simple decompiling/disassembling and just removing a call to check license? Or making own server that will make a response true on each license? How does such security normally made?
I've searched for free SDKs or something like that, but could not find anything.
I'll be very thankful for your help!
P.S: I do not aspire to make the system "indestructible", but I would like to receive the protection that is more expensive to crack than paying $5.10 for a copy of the program.
P.P.S: Sorry for my bad english.
What I do not know is how to protect my program from simple
decompiling/disassembling and just removing a call to check license?
Or making own server that will make a response true on each license?
How does such security normally made?
You are confusing licensing and obfuscation. To prevent the above, you will need to obfuscate your exes and dlls using an obfuscator.
Since I'm not sure, that it will gain me at least the cost of
commercial licensing software, I would not like to buy one.
IMHO you are much better off focusing and spending time on your actual software than in developing a licensing scheme from scratch (re-inventing the wheel as they say).
If you do open up to paid solutions, take a look at CryptoLicensing (for licensing and copy-protection) and Crypto Obfuscator (for obfuscation and code-protection).
DISCLAIMER: I work for LogicNP Software, the developer of above mentioned products.
(Sorry can't comment on other people's posts???)
It depends on what your application is doing.
I'm currently faced with the same problem as you. I'm going for a log in system, simply fetch and compare to what's in the database. If not present do not launch app. Not that I need more, the application relies on my database and without it it is useless.
Then they can spend a couple of hours figuring out what my database looks like based on what they see on queries or practically rewriting my entire product. I'm going to spend little on in app security. The only protection I wish to have is not to show my server's data.