Home/ Questions/Q 8264107
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T04:20:39+00:00

Right, I am talking about license validation code in a desktop application, e.g. a

  • 0

Right, I am talking about license validation code in a desktop application, e.g. a method bool ValidateLicense(string licenseCode). Of course, any protection scheme can be reverse engineered by a skilled and determined cracker. However, I’d like to prevent that anyone with some basic programming knowledge can use Reflector to build a keygen in a couple of minutes.

Possible approaches

  1. Obfuscate. My understanding is that obfuscating causes a performance overhead and may hinder (legitimate) debugging. So are there tools that allow obfuscating only selected methods?

  2. Move method to ngen’ed assembly or unmanaged DLL. But isn’t this an invitation to simply replace the DLL? Any ideas how to prevent this (read: make it a bit harder for an attacker)?

  3. Other?

PS: Question is obviously related to Protect .NET code from reverse engineering? trying to put thoughts from there to practice

UPDATE

To 1. A first obfuscation step would surely be to rename the validation method. (Thanks, Jonathan)

To 2. Assuming the application uses Win32 API methods one could re-route the calls through an unmanaged DLL thereby making it an integral part of the application. Fiddling with the method signatures (e.g. change name, swap parameters) would make this less obvious. Do you think the innate drawbacks are justified?

To 3. Don’t distribute validation method belongs here. Keep it on your server and call remotely, i.e. use online validation (Thanks, David Hedlund)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Eazfuscator let you obfuscate your code only in Release, We’re using it a don’t feel any performance problem. It let you obfuscate selected methods too. Note that public methods can’t be obfuscated.

    Any function like your ValidateLicense can be easily modified with a good reflector inserting a return true as the first line 🙁 I recomend you this articule about code injection in assemblies: http://www.codeproject.com/Articles/20565/Assembly-Manipulation-and-C-VB-NET-Code-Injection

    You should sign your assemblies to avoid modifications, but… The signature can also be removed with the propper tools: http://www.nirsoft.net/dot_net_tools/strong_name_remove.html

    Sorry, but there isn’t any trick to avoid reverse engineering in .Net, you can only makes things harder. (by ex. don’t name yout function ValidateLicense and make your validation logic a bit cryptic)

    • 0