混淆是一种方法,但它不能防止破坏应用程序的盗版保护安全性。如何确保应用程序不被篡改,如何确保注册机制不会被逆向工程?
此外,还可以将c#应用程序转换为本机代码,而Xenocode的成本太高。
c#提供了很多特性,是编写代码的理想语言,所以用c++重新编写整个代码库是不可能的。
安全证书可以很容易地从. net中的签名程序集中删除。
混淆是一种方法,但它不能防止破坏应用程序的盗版保护安全性。如何确保应用程序不被篡改,如何确保注册机制不会被逆向工程?
此外,还可以将c#应用程序转换为本机代码,而Xenocode的成本太高。
c#提供了很多特性,是编写代码的理想语言,所以用c++重新编写整个代码库是不可能的。
安全证书可以很容易地从. net中的签名程序集中删除。
当前回答
Use online update to block those unlicensed copies. Verify serial number from different modules of your application and do not use a single function call to do the verification (so that crackers cannot bypass the verification easily). Not only check serial number at startup, do the verification while saving data, do it every Friday evening, do it when user is idle ... Verify application file check sum, store your security check sum in different places. Don't go too far on these kind of tricks, make sure your application never crash/get into malfunction while verifying registration code. Build a useful app for users is much more important than make a unbreakable binary for crackers.
其他回答
当涉及到。net时,如果你正在发布Windows窗体应用程序(或任何客户端有可移植可执行文件的应用程序),它就有可能被破解。
如果你想坚持使用。net,并且想把你的源代码被窃取的几率降到最低,那么你可以考虑将它部署为ASP。NET应用程序,而不是使它成为一个Windows窗体应用程序。
广义上讲,有三种人。
Those who will not buy your software and resort to cracks, or if they don't find any, not use your software at all. Don't expect to make any money from this group. They rely either on their own skills or on crackers (who tend to prioritize their time depending on your useful and how big your audience is. The more useful, the sooner a crack will be available). The group of legitimate users who will buy (pay for) your software, irrespective of what protection mechanism you use. Don't make life hard for your legitimate users by using an elaborate protection mechanism since they are going to pay for it in any case. A complex protection mechanism can easily spoil the user experience and you don't want this happening to this group. Personally, I'd vote against any hardware solution, which adds to the cost of your software. A minority who will resort to "unethical" cracking and will only pay for your software because its features are protected by a licensing mechanism. You probably don't want to make it exceedingly easy for this group to circumvent your protection. However, all that effort you spend on protecting your software will pay back, depending on how big this group of people is. This entirely depends on the type of software you're building.
根据您所说的,如果您认为有足够多的少数人可以被推动购买您的软件,那么请继续执行某种形式的保护。考虑一下你能从这些少数人身上赚到多少钱,与你花在保护上的时间相比,或者你花在第三方保护API/工具上的钱。
如果您想实现自己的解决方案,那么使用公钥加密是防止容易被黑客攻击的好方法(与对称算法相反)。例如,您可以对您的许可证(序列号或许可证文件)进行数字签名。解决这个问题的唯一方法就是反编译、修改和重新编译代码(你可以使用Simucal回答中建议的技术来增加难度)。
net反应堆
更新
Jared指出de4dot声称能够反编译它。
.NET Reactor provides complete protection for your sensitive intellectual property by converting your .NET assemblies into unmanaged processes which cannot be understood as CIL, and which no existing tool can decompile. Hackers have no access to any intelligible form of your source. Powerful and flexible, the .NET Reactor licensing features allow you to enforce your license conditions and protect your revenue stream by using hardware and software locks. The license manager can build trial or permanent licenses, in a matter of seconds. A fully documented software development kit (SDK), complete with examples, allows you to call the licensing system directly from your code, allowing you to create custom extensions to the licensing system.
我也做了一些关于黑客安全的考虑,在我的设计中,我想添加他们,因为他们中的一些人似乎没有被提及:
我在我的应用程序中有一个脚本接口。为了确保,脚本只能调用(python)打算调用的方法-脚本i有一个scriptvisibilityattribute和System.Dynamic.DynamicMetaObjectProvider,它可以识别这些属性。
license使用公钥/私钥。
ViewModels需要被解锁,给解锁函数一个密码。
CoreRoutines可以在加密狗上实现。(周围有加密狗支持)
像包装这样的大解决方案并不是计划好的。
当然,这种脚本/viewModel方法并没有使我们不可能从代码中解锁和调用脚本不可见的函数,但它使这样做变得更加困难——就像所有与反黑客相关的工作一样。
坦率地说,有时我们需要混淆代码(例如,注册许可类等)。在这种情况下,您的项目不是免费的。在我看来,你应该花钱买个好东西。
Dotfuscator隐藏代码,. net Reflector在尝试反编译时显示错误。