Code Protection

Programs / Tools / Scripts
Post Reply
User avatar
oldn64
Posts: 256
Joined: Mon May 28, 2018 5:05 pm
cars: Vq Statesman, VE SS wagon, VE Sv6, VY SV8, VL Belina
Location: Country Victoria on a direct road to WINTON

Code Protection

Post by oldn64 »

Hello All,

I have a client I have just thrown together a quick application for there dispatch area. (scans picking slips, picked items and connotes placing the results and processes into sql database for later reporting)

As this is the first time I have done .net applications I have found it is very easy to get the original code back. To protect my IP i think I should obfuscate my code but have no ideas on what I should do.

What does everyone else do or is this a case of you dont bother? I am concerned that they will use the knowledge I have from barcoding technologies and scanning engines to release this to the previous supplier who could not get this working (read sent a cheap programming request overseas)

cheers
oldn64
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Code Protection

Post by antus »

I found confuser to be free and reasonable. Anything can be undone with enough time but you can make it harder. At least with the debug infos stripped its harder to figure out. If you do hard core binary protection with VMs and the like you can make it pretty damn secure but then virus scanners will start alerting with their heuristics engines as they cant validate the code is not malware. Again confuser on moderate settings seems to be a nice balance. ConfuserEX is slightly more updated. I have not used it. https://github.com/yck1509/ConfuserEx
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: Code Protection

Post by Tazzi »

Anything that is free on the web is basically a one clip deobfuscate kinda deal.

A couple of he commercial items out do not fall into that category, some places other services to remove it, or sometimes theres even walkthrough guides to step someone through how to defeat it.

My suggestion.... make your own system. This does mean alot of work/time and effort to go into something for a 'quick application'.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
User avatar
oldn64
Posts: 256
Joined: Mon May 28, 2018 5:05 pm
cars: Vq Statesman, VE SS wagon, VE Sv6, VY SV8, VL Belina
Location: Country Victoria on a direct road to WINTON

Re: Code Protection

Post by oldn64 »

Tazzi wrote:My suggestion.... make your own system. This does mean alot of work/time and effort to go into something for a 'quick application'.
Yes Tazzi,

I understand this 100%. but that is the thing, how much do I value my IP. while I have never written a obfuscator before, plus I am not sure my coding skills are at that level, I am a hobbyist at best it is just that the client presented me an issue and after 4 days I had 1200 lines of code and a solution.

Wish I could trust people in this day and age. But we all know how many people wanted the aapl application with no regards to legal ramifications, in fact 99% of them wanted it for illegal practises.

cheers
oldn64
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: Code Protection

Post by Tazzi »

Don't have to write an obfuscator. For instance, majority of my own public applications don't actually use one of those free (Or paid) obfuscators.

Im speaking very generally here, but the people whom have the ability to break the application down to such a point that they removed all the protection Iv implemented, use it for private use. Im certainly not naive to believe no-one has done that, theres quite alot of very smart cookies out there.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: Code Protection

Post by antus »

confuser and confuser ex are open source and have a plugin architecture. you'd be able to start there and modify an existing module. But really, having any obfuscator will remove your function and variable names and make it harder to understand and debug. that introduces risk for anyone wishing to commercially rip off your product. the more complicated your application is the more confusing it'll be unpacked without that information included. pretty much the effect of the protection increases with the amount of work you put in to writing the application.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
ecuunlock
Posts: 17
Joined: Mon Jun 11, 2018 12:36 pm

Re: Code Protection

Post by ecuunlock »

Convert your code to C++ using an open source tool like AlterNative. C++ is alot harder to decompile to readable code this will protect your code far better than keeping it .net .Then pack it with a free installer like inno setup this will protect against a good 80% of anyone trying to steal your ip. Confuser is just way to easy to remove it would not be worth the time to download it
Post Reply