混淆是一种方法,但它不能防止破坏应用程序的盗版保护安全性。如何确保应用程序不被篡改,如何确保注册机制不会被逆向工程?

此外,还可以将c#应用程序转换为本机代码,而Xenocode的成本太高。

c#提供了很多特性,是编写代码的理想语言,所以用c++重新编写整个代码库是不可能的。

安全证书可以很容易地从. net中的签名程序集中删除。


当前回答

除了购买保护之外,您(或您的开发人员)还可以学习复制保护。

这些想法是:

首先,尝试编写一个将自己写入控制台的程序。这是一个著名的问题。这个任务的主要目的是练习编写自引用代码。

其次,您需要开发一种技术,以某种方式重写一些代码 可依赖于其他方法的CIL。

你可以编写一个虚拟机(但是使用。net)。在这里放一些代码。 最终,虚拟机运行另一个运行代码的虚拟机。 这是针对很少调用的函数的一部分,目的是为了不太降低性能。

将一些逻辑重写为c++ /CLI,并混合托管代码和非托管代码。这将使拆卸变得坚硬。在这种情况下,不要忘记提供x64二进制文件。

其他回答

如果您希望人们能够运行您的代码(如果您不希望,那么为什么要首先编写它?),那么他们的CPU需要能够执行您的代码。为了能够执行代码,CPU需要能够理解它。

由于cpu是愚蠢的,而人类不是,这意味着人类也可以理解代码。

只有一种方法可以确保你的用户不会得到你的代码:不要把你的代码给他们。

这可以通过两种方式实现:软件即服务(SaaS),即在服务器上运行软件,只允许用户远程访问它。例如,这就是Stack Overflow使用的模型。我很确定Stack Overflow不会混淆他们的代码,但是你不能反编译它。

The other way is the appliance model: instead of giving your users your code, you give them a computer containing the code. This is the model that gaming consoles, most mobile phones and TiVo use. Note that this only works if you "own" the entire execution path: you need to build your own CPU, your own computer, write your own operating system and your own CLI implementation. Then, and only then can you protect your code. (But note that even the tiniest mistake will render all of your protections useless. Microsoft, Apple, Sony, the music industry and the movie industry can attest to that.)

或者,您可以什么都不做,这意味着您的代码将自动受到版权法的保护。

Use online update to block those unlicensed copies. Verify serial number from different modules of your application and do not use a single function call to do the verification (so that crackers cannot bypass the verification easily). Not only check serial number at startup, do the verification while saving data, do it every Friday evening, do it when user is idle ... Verify application file check sum, store your security check sum in different places. Don't go too far on these kind of tricks, make sure your application never crash/get into malfunction while verifying registration code. Build a useful app for users is much more important than make a unbreakable binary for crackers.

Here's one idea: you could have a server hosted by your company that all instances of your software need to connect to. Simply having them connect and verify a registration key is not sufficient -- they'll just remove the check. In addition to the key check, you need to also have the server perform some vital task that the client can't perform itself, so it's impossible to remove. This of course would probably mean a lot of heavy processing on the part of your server, but it would make your software difficult to steal, and assuming you have a good key scheme (check ownership, etc), the keys will also be difficult to steal. This is probably more invasive than you want, since it will require your users to be connected to the internet to use your software.

当涉及到。net时,如果你正在发布Windows窗体应用程序(或任何客户端有可移植可执行文件的应用程序),它就有可能被破解。

如果你想坚持使用。net,并且想把你的源代码被窃取的几率降到最低,那么你可以考虑将它部署为ASP。NET应用程序,而不是使它成为一个Windows窗体应用程序。

只需编写一个好的应用程序和一个简单的保护系统。不管你选择什么保护,它都会被逆转……所以不要浪费太多时间/金钱。