(Q) .NET App Source Code Protection (Silverlight, Windows Phone, Windows 8)

[sendersu]

THere is a tradeoff (as usually )

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection . I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.

[delidolunet]

Quote:

Originally Posted by sendersu

THere is a tradeoff (as usually )

1) either you use pure Sw protection - will be broken/reversed/patched/etc sooner or later
2) you use HW based protection (so called dongle protection) - will be broken/emulated/etc later or more later
both way has pros and cons (as usually)

you see the point...
if you really want to make the time to reverse/break your app long and expensive - look into vm based protectors. I've heard that nowadays some .net protectors use their custom built VM machines to execute the code under VM layer - probably that would be most advanced type of protection. the rest of protectors are just a matter of time/skills to break (just look what de4dot could do....)

2) dongle based protection - will be strong only if you architect to use it as a black box that does smth valuable inside - eg you feed some input data, it executes (!!!) some code inside and produces the answer. I"m not talking about query-response, but a real live user code that does some math/algo, etc
the rest will be dumped/emulated/patched, mate.....

that is my IMHO vision, so probably I'd be wrong in some parts
s.


P.S. there is a 3rd way - the best way to protect is 0 protection . I.E concetrate on the user functionality/features/values instead of putting money/efforts/time into process that will be broken sooner or later.

I got your point and I think so.

There is no any big product that Im talking about. I'll develop a small game and I just dont want to everyone reverse it Actually a noob protection is okay for now. I think double protection could be stronger for noobs (for ex. eziriz + smartassembly protection).

What you think about that? And can you tell me any VM based protection product if you know?