?
Solved

Code protection(MSIL encryption, licensing) for .NET4/VS 2010 (C#)? What software can you recommend?

Posted on 2010-08-31
12
Medium Priority
?
1,059 Views
Last Modified: 2012-08-13
Please don't list any search results from Google. I need to hear from people actually using certain products what they think.

DeployLX from Xheo. Sounded good but found some pretty bad reviews about this product and their support.
CryptoLicensing from LogicNP Software. Seems to have all features needed but their webpage doesn't exactly give much confidence.

As I can not test the end result (encryption) myself so I have to rely on that it works. I have a small budget that should be enough for good software intended for this use.
Suggestions?
0
Comment
Question by:jerra
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
12 Comments
 
LVL 4

Expert Comment

by:kurian2z5
ID: 33574631
Statistically you are wasting your money. If advanced protections like SecuROM which go as far as to run the application in a virtualized sandbox with silent triggers that are integrated to the application code are cracked instantly on the release day, some lame generic .NET encryption doesn't stand a chance. There are generic dumpers for every one of these point and click .exe protectors.
0
 

Author Comment

by:jerra
ID: 33574764
I am more looking to protect the code from average Joe that want to peek at the code or against simple copying & ussing without licensing. It's not meant for protecting against the "scene". Obsfucators don't do enough in my opinion.
By the way, licensing does not apply, I am looking for protection of code only by encryption. No built-in licensing needed.
0
 
LVL 4

Expert Comment

by:kurian2z5
ID: 33575047
If licensing is not required there is almost nothing to be gained by encryption of the code. No one but a hardcore hacker will be able to reverse anything better than the standard .NET Obfuscator back to intelligible code.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:jerra
ID: 33575068
How about "const String" variables containing for example connection strings or sensitive info? Aren't these left as they are by the standard Dotsfucator?
0
 
LVL 4

Expert Comment

by:kurian2z5
ID: 33575076
If you're hardcoding connection strings and server names you've got much bigger problems.
0
 

Author Comment

by:jerra
ID: 33575093
Please answer my question. String variables in the code, are they left as is or not by the free edition of Dotfuscator?
0
 
LVL 4

Expert Comment

by:kurian2z5
ID: 33575118
You have to buy it for the string encryption feature. However standard practice is to use basic stream encryption on all your resource files to prevent hex editing. That's hardly an issue that should force you to pay for encryption software.
0
 

Author Comment

by:jerra
ID: 33575133
>However standard practice is to use basic stream encryption on all your resource files to prevent hex editing.
Do you have a web link explaining that in detail?
0
 
LVL 4

Accepted Solution

by:
kurian2z5 earned 0 total points
ID: 33575194
If you need to read values from a configuration file you can use a cryptostream with a hard-coded key to read and write to the file. There's little use in trying to do something more advanced than hard-coding the key as they key can be dumped no matter what.
http://www.codeproject.com/KB/security/using_cryptostream.aspx

All hard-coded strings should ideally be from a resource file anyway so you can use stream encryption, but if you insist on keeping them in the code then you can probably decrypt them all at application launch. Use any of the built in .NET encryption functions.
0
 

Author Comment

by:jerra
ID: 33578655
Thanks I'll read into that asap, I'll let the question stay overnight and if nothing more happens then I'll close it.
0
 

Author Comment

by:jerra
ID: 33585239
I am going for Salamander Protector . I will have a look into the features but time is money and it encrypts resources as well. Thanks for the input.
0
 

Author Comment

by:jerra
ID: 33586978
I intended to give you 250points for you information because it helped me decide on what software to get. But apparently EE doesn't support that? A request for closure was generated?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question