This question already has an answer here:
- Protect .NET code from reverse engineering? 34 answers
We are developing a Desktop Application (Windows Service) with C#. And we are trying to protect our intellectual property and this is why we decided to .Net Reactor
Initially, it looked like a powerful tool. When obfuscating I've selected all available options except of 'Native exe file'. (Necrobit, Anti ILDASM, Anti Tampering, Control Flow obfuscation, Obfuscation, String Encryption, Compress & Encrypt Resources)
I tried to use DotPeek to check the results and was happy with the results
Reactor Startup. A reactor startup is a procedure, that comprises many points and changes of operational parameters and significantly differs according to certain reactor type. For example, any startup of zero-power reactors (e.g. Research reactors) can be classified into three categories.
But it turned out that there is a tool out there that can easily deobfuscates all assemblies (for apparent reasons I'm not going to mention what is it the tool). But I'm curious if anyone has faced similar type of problem. Does anyone know a reliable way to protect C# code that will be running on clients desktops/servers
**Please don't suggest to rewrite the app using C++
marked as duplicate by Wai Ha Lee, Billal Begueradj, DebanjanB, EdChum, greg-449Jan 28 at 9:37
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
2 Answers
In general, the cost of writing software is many orders of magnitude greater than paying for a license to use it. Similarly, it is expensive to maintain. Thus, in most cases, the value of the intellectual property is low compared to the operations cost. Thus, few, if any, users are going to be sophisticated enough and economically advantages enough to reverse-engineer your software for any purpose they might have.
Also, in general, if you hand out physical access to something, whether it’s a phone, a computer, or a compiled piece of software, you no longer have any expectation of security of whatever that is.
Therefore, I think your efforts are misguided. If there is a particularly valuable algorithm or approach, consider hosting on a server as an API, or pursing a patent. If you must distribute this special piece, secure strong non disclosure agreements with your clients. Make it economically risky for them to try to benefit from reverse-engineering.
Option 1)
Extract out an important part (or several - the more the better) of your program to run remotely on your servers - would mean the user would need to be connected to the internet to run your program. Don't just add a remote key check because a cracker will just NOP that out. Instead, run a non-trivial algorithm there.
![Net Reactor Dump Net Reactor Dump](https://i.ytimg.com/vi/8aAeT84j-94/maxresdefault.jpg)
Option 2)
Build a hardware dongle & distribute it with your software. Again, implement one or more key algorithms on the dongle rather than just a key check.
Option 3)
After compiling, compress the resulting DLLs as an archive THEN encrypt it. You will then use assembler to write a hand-coded 'loader' (which attempts to hide what it's doing). Note that the loader will need to include the decryption key somewhere, however there are things you can do to hide it better. The idea being to hide the fact that it's running on the .NET framework (will certainly beat all the off the shelf decryption tools). It won't however disuade crackers (who will see that the process in memory is .NET & will dump the process).
HTH
Not the answer you're looking for? Browse other questions tagged c#obfuscationnet-reactor or ask your own question.
To the Prime Minister, Parliament and the Federal Government
The undersigned organizations have grave concerns about the handling of Canada’s federally-owned nuclear waste by a multinational consortium that includes SNC-Lavalin and corporate partners, some of which have faced criminal charges and/or entered into deferred prosecution agreements.*
● Canada has no adequate federal policies and strategies for the long-term management of radioactive wastes and the consortium has been given a free hand to advocate and implement proposals that, in our view, are unequal to the task of protecting people’s health and the environment.
● Under its 10-year federal contract with Atomic Energy of Canada Limited the consortium intends to spend nearly seven billion of our tax dollars on nuclear waste disposal and reactor decommissioning projects that fail to meet even existing international safety guidelines.
● Its current plans include entombing the radioactive remains of nuclear reactors in cement next to the Ottawa and Winnipeg Rivers, against the explicit advice of international bodies and independent nuclear scientists; these “entombed reactors” would leak radioactivity into the rivers for thousands of years and contaminate drinking water for millions of Canadians.
● The consortium also plans to erect a massive above-ground mound, 5 to 7 stories high, holding more than one million tons of mixed radioactive waste, including very long-lived materials such as PCBs, arsenic, plutonium-239, and radioactive asbestos in a swampy area that drains into the Ottawa River.
● Its plans include transporting thousands of tons of radioactive waste (including extremely toxic irradiated nuclear fuel) along public roads from Pinawa, Manitoba, from Douglas Point, Ontario, and from Gentilly, Quebec, all the way to Chalk River, situated upstream from our nation’s Capital. A program of two thousand truck shipments of radioactive material from Manitoba is planned and may already be underway.
We request that the Federal Government end its “Government-owned Contractor-operated/GoCo” contract with SNC-Lavalin and its corporate partners at the earliest opportunity.
We further request formulation of exemplary policies and projects for Canada’s radioactive waste that meet or exceed international obligations and which would:
● be managed by independent Canadian experts, in consultation with First Nations and the public
● create many long-term, well-paying Canadian jobs
● safely secure nuclear waste in state-of-the art facilities away from sources of drinking water
● re-establish Canadian leadership in the nuclear field with world-class science-based solutions to address the growing global radioactive waste problems
* Membership in the consortium, known as Canadian National Energy Alliance, has changed more than once since the consortium assumed control of Canada’s federally-owned nuclear waste in 2015, when it received all shares of Canadian Nuclear Laboratories, a wholly owned subsidiary of Atomic Energy of Canada Limited. Current consortium members include SNC-Lavalin, which is debarred by the World Bank for 10 years and facing charges in Canada of fraud, bribery and corruption; Texas-based Fluor Corporation, which paid $4 million to resolve allegations of financial fraud related to nuclear waste cleanup work at a U.S. site; and Texas-based Jacobs Engineering, which recently acquired CH2M, an original consortium member that agreed to pay $18.5 million to settle federal criminal charges at a nuclear cleanup site in the U.S.
Signatories:
Alliance of the Anishinabek Nation and the Iroquois Caucus, Canadian Coalition for Nuclear Responsibility, Canadian Association of Physicians for the Environment, Sierra Club Canada Foundation, Ontario Clean Air Alliance, Ecology Ottawa, Friends of the Earth Canada, Greenspace Alliance of Canada’s Capital, Northwatch, Provincial Council of Women of Ontario, Quebec Council of Women, National Council of Women of Canada, Concerned Citizens Committee of Manitoba, Prevent Cancer Now, Watershed Sentinel Educational Society, Action Climat Outaouais, Ralliement contre la pollution radioactive, Concerned Citizens Renfrew County, and Area, Old Fort William Cottagers’ Association, Petawawa Point Cottagers Association, Coalition Against Nuclear Dumps on the Ottawa River, Esprit Whitewater, Durham Nuclear Awareness, Bonnechere River Watershed Project
As it appeared in the Hill Times on April 29, 2019…