what exactly are you looking for? A way for someone not to de-compile the Binaries? Thats impossible. If you can compile them, someone can de-compile them. its not super easy as it is with .net but any good programmer can do it. Same with any other language, if it can be made it can be cracked. The MS Best practices and security dvd is good but nothing you do will give you 100% security. The best thing to do is to copywrite your code once its completed.

hth,
mcm

Thanks, but what I'm looking for is a way to prevent the application from being cracked--or at least to make it as difficult as possible for crackers. I don't think they'll be deterred by copyrighted code.

well as i said, nothing is 100%. Visual Source Safe is a good approach. You can fuzz your code with an encryption algorithm however it will run slower.

hth,
mcm

Visual Source Safe appears to be for version control. That's not what I'm looking for. Also, it seems to be for Visual Studio, and this app will be in VB.NET. Also, a search on Google indicates that VSS has problems.

what your looking for is obfuscation... .net stuff doesn't compile down to binary bits but down to msil (microsfoft intermediate language). misl can be put back together and it's easy to see what's going on just by using the wincv tool that comes with vs.net (search your machine for wincv.exe)

There are tools that do obfuscation. Search for that +.net or look in any msdn magazine and you'll see plenty advertised there.

Thanks. I looked at some obfuscators--the cheapest one I found was $550. There are a few that are free or cheap, but they seem to have limitations and no support.

How secure is obfuscation? It appears that an obfuscator replaces class names with some other name, making it more difficult for a cracker to see what the program is doing. But if it leaves the rest of the logical flow intact, I imagine someone who knew what the app was supposed to do could still figure it out?

JasperSEO, you're looking for some kind of failsafe anti-cracking mechanism. Yet you want it free or cheaply?

How much are you expecting to lose through piracy? If its less that $550 is it really worth bothering with?

You can use obfuscation but at the end of the day it won't do much more than give you a false sense of security.

As others have said, if an application can be compiled then it can also be decompiled. You seem to be of the opinion that there are uncrackable applications out there. if that is the case, you are the victim of some dodgy marketing.

If an application runs on a computer then the processor has to have access to the code. if the processor has access then the user has access, and a cracker can alter it.

.Net obfuscation can perhaps deter a casual cracker because it'll mean they'll find it easier to use a lower level analysis of the code, but it won't do much more than that.

JasperSEO, you're looking for some kind of failsafe anti-cracking mechanism. Yet you want it free or cheaply?

Well, at a reasonable price for my niche shareware. For example, you can get licensing software for about half that.

How much are you expecting to lose through piracy? If its less that $550 is it really worth bothering with?

Good point, but I don't know yet--the application hasn't gone on sale (or been built). The typical user isn't heavily into programming.

.Net obfuscation can perhaps deter a casual cracker because it'll mean they'll find it easier to use a lower level analysis of the code, but it won't do much more than that.

That may be enough--I'm not looking for industrial strength, although one of the obfuscators does seem to make it impossible to recompile and still works. Here's what I found: www.howtoselectguides.com/dotnet/obfuscators

Thanks.

one of the obfuscators does seem to make it impossible to recompile and still works

The site is requiring authentication when I try and visit it.

I can assure you that it is still possible to re-assemble the application after decompiling it and altering it.

I really wouldn't recommend buying from companies if they have misleading adveertsing. You never really know what you're getting.

If you want to obfuscate your code and that will give you peace of mind then go ahead and buy the obfuscator.

$550 really doesn't seem that expensive to me for specialist software of this nature.

The site owner appears to have implemented password protection in the last day or two--possibly since I emailed to ask him about something related to the site.

What I was referring to was this:

The QND Obfuscator itself takes a simple and unique approach to the problem of obfuscation. It simply finds every private symbol in the string heap in the PE file manifest, and changes them all to the "$" symbol. You can use attributes to prevent this from happening for particular symbols if you need to, but otherwise you effectively overload everything - indeed, to the point where the resulting executable violates the CLI specification (as author Dan Appleman points out in the e-book). This means that code decompiled from the obfuscated assembly has zero chance of compiling, but at the same time, you're depending on undocumented behavior to keep your code running. Our test assemblies seemed to work fine, but this is something to be aware of.

This one is $40--more my style.

This means that code decompiled from the obfuscated assembly has zero chance of compiling

It depends on how it's decompiled.

As has been said before. You can not create an uncrackable app. All you can do is put barriers up to deter the casual cracker.