混淆是一种方法,但它不能防止破坏应用程序的盗版保护安全性。如何确保应用程序不被篡改,如何确保注册机制不会被逆向工程?

此外,还可以将c#应用程序转换为本机代码,而Xenocode的成本太高。

c#提供了很多特性,是编写代码的理想语言,所以用c++重新编写整个代码库是不可能的。

安全证书可以很容易地从. net中的签名程序集中删除。


当前回答

是的。如果代码没有混淆,. net代码非常容易进行逆向工程。

混淆将给试图逆向工程您的软件的人增加一层烦恼。根据你得到的版本不同,你会得到不同程度的保护。

Visual Studio包括Dotfuscator的一个版本。因为它是一个捆绑版本,你肯定不会得到最强烈的混淆。如果您查看它们的特性列表,就会清楚地看到您遗漏了什么(以及应用程序将如何使您的代码更安全)。

还有其他一些免费或开源的。net混淆器(但我不能评论它们的质量或使用的各种方法):

Obfuscar 巴别塔。网上

最后,没有什么是完美的。如果有人真的想看看你的软件是如何工作的,他们会的。

其他回答

. net Reflector只能打开“托管代码”,这基本上意味着“。NET代码”。所以你不能用它来分解COM DLL文件、原生c++、经典的Visual Basic 6.0代码等。编译后的。net代码的结构非常方便、可移植、可发现、可验证等。net Reflector利用了这一点,让你窥探已编译的程序集,但反编译器和反汇编器绝不是。net特有的,它们和编译器一样早就存在了。

您可以使用混淆器使代码更难阅读,但是您不能在不使. net无法读取的情况下完全阻止它被反编译。市面上有一些产品(通常价格昂贵)声称可以将托管代码应用程序“链接”到本地代码应用程序,但即使这些产品真的可以工作,有决心的人总能找到方法。

然而,当涉及到混淆时,一分钱一分货。因此,如果您的代码是如此专有,以至于您必须竭尽全力来保护它,那么您应该愿意在一个好的混淆器上投资。

However, in my 15 or so years of experience writing code I've realized that being over-protective of your source code is a waste of time and has little benefit. Just trying to read original source code without supporting documentation, comments, etc. can be very difficult to understand. Add to that the senseless variable names that decompilers come up with and the spaghetti code that modern obfuscators create - you probably don't have to worry too much about people stealing your intellectual property.

广义上讲,有三种人。

Those who will not buy your software and resort to cracks, or if they don't find any, not use your software at all. Don't expect to make any money from this group. They rely either on their own skills or on crackers (who tend to prioritize their time depending on your useful and how big your audience is. The more useful, the sooner a crack will be available). The group of legitimate users who will buy (pay for) your software, irrespective of what protection mechanism you use. Don't make life hard for your legitimate users by using an elaborate protection mechanism since they are going to pay for it in any case. A complex protection mechanism can easily spoil the user experience and you don't want this happening to this group. Personally, I'd vote against any hardware solution, which adds to the cost of your software. A minority who will resort to "unethical" cracking and will only pay for your software because its features are protected by a licensing mechanism. You probably don't want to make it exceedingly easy for this group to circumvent your protection. However, all that effort you spend on protecting your software will pay back, depending on how big this group of people is. This entirely depends on the type of software you're building.

根据您所说的,如果您认为有足够多的少数人可以被推动购买您的软件,那么请继续执行某种形式的保护。考虑一下你能从这些少数人身上赚到多少钱,与你花在保护上的时间相比,或者你花在第三方保护API/工具上的钱。

如果您想实现自己的解决方案,那么使用公钥加密是防止容易被黑客攻击的好方法(与对称算法相反)。例如,您可以对您的许可证(序列号或许可证文件)进行数字签名。解决这个问题的唯一方法就是反编译、修改和重新编译代码(你可以使用Simucal回答中建议的技术来增加难度)。

Here's one idea: you could have a server hosted by your company that all instances of your software need to connect to. Simply having them connect and verify a registration key is not sufficient -- they'll just remove the check. In addition to the key check, you need to also have the server perform some vital task that the client can't perform itself, so it's impossible to remove. This of course would probably mean a lot of heavy processing on the part of your server, but it would make your software difficult to steal, and assuming you have a good key scheme (check ownership, etc), the keys will also be difficult to steal. This is probably more invasive than you want, since it will require your users to be connected to the internet to use your software.

根据微软博客中的以下问题:

https://blogs.msdn.microsoft.com/amb/2011/05/27/how-to-prevent-ildasm-from-disassembling-my-net-code/

如何防止ILDASM分解程序集?

. net有一个名为SuppressIldasmAttribute的属性,它可以防止分解代码。例如,考虑以下代码:

using System;
using System.Text;
using System.Runtime.CompilerServices;
[assembly: SuppressIldasmAttribute()]

namespace HelloWorld
{
    class Program
    {
        static void Main(string[] args)
        {
            Console.WriteLine("Hello world...");
        }
    }
}

如你所见,只有两个不同之处:

我们添加了System.Runtime.CompilerServices命名空间减速。 我们添加了[assembly: SuppressIldasmAttribute()]属性。

在Visual Studio中构建应用程序后,当我们尝试在ILDASM中打开生成的EXE文件时,现在我们得到以下消息:

如果微软能想出一个解决方案,我们就不会有盗版的Windows版本,所以没有什么是非常安全的。下面是来自Stack Overflow的一些类似问题,您可以实现自己的保护方式。如果你正在发布不同的版本,那么你可以针对不同的版本采用不同的技术,这样当第一个版本被破解时,第二个版本就可以接管。

基于许可证管理c++应用程序的特性 使用license文件保护DLL文件 授权/保护软件?