-2

Possible Duplicate:
Need Advice on Implementing a Time-limited Trial

I have the need to add the trial period to my .NET application. I heard that cracking of .NET applications are easier than doing native exe applications. So I don't want to use paid third-party solution to do it, because I figure it's a little bit pointless: if someone wants to crack it he would do it anyway.

But what should I use to protect the application from cracking as strong as possible?

Community
  • 1
  • 1
Alexandre
  • 12,596
  • 35
  • 113
  • 173
  • You say "if someone wants to crack it he would do it anyway" and then you say "But what should I use to protect the application from cracking as strong as possible?" - paradox much? – Mahmoud Al-Qudsi May 13 '12 at 09:15
  • Nope, I just want to complicate the possibility of cracking. – Alexandre May 13 '12 at 09:21
  • Obfuscation. But if someone really wants to crack it, .NET makes it relative simple. – Matten May 13 '12 at 09:22
  • 2
    I think the concensus is to keep it simple. If you truly want to even just give crackers a real challenge, you'll spend more time working on licensing validation than your actual program. I think the average user will be more inclined to grab their credit card for a ~$5 app than to spend a sunday afternoon trying to break your system anyway. – Steven Liekens May 13 '12 at 09:51

1 Answers1

2

However you will pack or obfuscate your assembly, there will always be some people on the internet who will be able to crack it. If your program contains dynamic info received from a server, you should protect it using that server, verify if the specified user/machine is allowed to get the info, they can't crack any server-sided content (unless they hack into your server). A database is most-likely necessary to do this.

If you do not have any dynamic content (I think you should always have some, especially when using trial periods), I would go for obfuscation & if you have time, look how to make your own obfuscator, this way the cracker will need more time to crack your custom ways of obfuscating, if you use one of the popular obfuscators, crackers will have ton of programs to deobfuscate in 1 second.

If you store any information in registry or even your server, you should encrypt it. Encrypt & try to hide the encryption methods (these are the functions you should really obfuscate).

This question has some useful answers as well.

Community
  • 1
  • 1
Serge Morel
  • 166
  • 7
  • I would add to this that on top of encrypting the data, you should also encrypt the network traffic using SSL. I think it would be fairly easy to use a packet analyzer to figure out how the server authentication works, then somehow spoof it. – Steven Liekens May 13 '12 at 09:38
  • If you have SSL available at your server, you should use it, thanks for pointing that out, forgot it. If you do not have SSL, you could also just custom encrypt/decrypt the data, this way the cracker will need to figure out how you encrypt it once again & will start to get bored of it. – Serge Morel May 13 '12 at 09:40