Protect against reverse engineer
Hey everyone, what do you use to protect your C# executables from reverse engineering? Iβm looking for something that makes it as uncrackable as possible. Any recommendations?
16 Replies
Also how can I make it unflagged from windows security
What kind of program are you trying to make?
yeah make it a web app
anything u give to the user can be cracked regardless of the language
$obfuscation
"Then finally, there is that question of code privacy. This is a lost cause. There is no transformation that will keep a determined hacker from understanding your program. This turns out to be true for all programs in all languages, it is just more obviously true with JavaScript because it is delivered in source form. The privacy benefit provided by obfuscation is an illusion. If you donβt want people to see your programs, unplug your server."
- Douglas Crockford
https://softwareengineering.stackexchange.com/a/155133
* Spend your effort on putting proprietary things in your api, and keeping the distributed code as empty as possible
* Use AuthN/AuthZ to control who/what/when/etc...
* Free obfuscation is worth the amount your paid for it -- it's already broken and most decompilers out there can make sense of it.
* Paid ofbuscation will bankrupt you unless you have a very strong revenue stream and can justify the additional cost with gained sales
* The "threat" of someone hijacking your UI and shimming it to make it provide them money is not a real threat. If this is legitimate software, you can ruin their business with lawsuits
- Cisien
Software Engineering Stack Exchange
Is it important to obfuscate C++ application code?
In the Java world, sometimes it seems to be a problem, but what about C++? Are there different solutions?
I was thinking about the fact that someone can replace the C++ library of a specific OS wit...
what are u making?
Iβve made a program closer to ExitLag
Using C#.net
Framework
But I wanna protect it
Idk what are good protectors out there that is hard for reverse engineering
I dont see much value in reverse eng something like exitlag because the important information comes from a server which requires user authentication
like the socket/proxy information which is the key element for it to work
but the point is if your app is popular enough to attract people to reverse eng it nothing u can do, making it harder wont stop them
using a paid solution wont stop them
the best you can do is protect important information behind authentication coming from a server
so in your scenario u would provide proxy / server information they would connect to but handle it server side so they have no credentials on their end to steal etc
obfuscation is a red flag for something like that. ppl will think you're just using their home internet as a botnet for your personal vpn
On the question, Defender uses a combination of heuristics and reputation to flag apps.
the only people that would know your app is obfuscated in first place are those trying to break into it anyway
in regards the defender u can do app certification
but to pass windows defender its not very cheap
the normal azure app sig is not enough for that
virustotal, any.run shodan scans
people do them
if your app is signed it doesnt get caught to most of them
because it traces back to a real verified company that is liable for damages
anyrun and shodan still catches them
it still reports tags of an executable
detect it easy also
nope
you're free to disagree
anyway making it harder to prevent people from viewing your source code wont help u much.
best you can do is do a light obfuscation that doesnt make it get caught by avs to scramble the code
and handle what is important server side
and read the quoted message carefully
I've worked in a contract some years ago where they wanted to protect their app from being cracked, it was used by many chains of restaurants around here and they tried many paid solutions that costs 1000USD + which is rather expensive in my country.
In the end they just moved the whole important parts of the app to web based / APIs and left the cask for say scan codes etc on the client with a simple wpf app.
can you make it difficult? yes.
it will cost u performance, time and they will still crack it.
Its a real cat and mouse game dont you see big companies like blizzard/activision for example? they've been fighting bot for multiple decades and their solution to it was lawyers
it was the only way they could bring down big bot apps like glider and honorbuddy and still there are many bots for world of warcraft and other games of theirs
i see
alright bro ty for the info
The only way is not to distribute it
like @leowest said