I know no matter how you protect your software, It will get cracked
And before saying stop worrying about security, I’ve sold many licenses for my app, It’s time to protect it….
I’m talking about how to make it difficult for users to crack it and Not in one click by using Jetbrains or other easy decompilers
I’ve applied obfuscating from ConfusedEX and added HWID Lock protection and user:pass system licensing.
Any other recommended Obsfucators and method to protect?
Things I’ve tried and I don’t want it
.NET Reactor <= shitty free/paid
I’ve been down your road; I reckon you are developing a program to load cheats into the game.
Firstly, you should use the neo-ConfuserEx fork because it’s updated and supports much more obfuscations.
Secondly, is your HWID Lock Protection client-sided or server-sided? By that, I meant do you validate the HWID against your database via HTTP web request or do you compare it in the program?
Thirdly, how did you implement your user:pass system licensing? Do you read it from a text file online and compare the strings, or do you send an HTTP web request to the server to retrieve authorization token, or do you get a boolean if the login request is valid?
Lastly, do you pin the SSL certificate for your outgoing web requests? It doesn’t matter how well your program is obfuscated if the malicious actor sets a breakpoint on your requests using Fiddler to modify the response.
Forget about checking the existence of Web Debugging Proxy using process name or window name; it doesn’t work. Implement a class to pin your SSL certificate.
As you know, C# obfuscators are probably unpacked and deobfuscated way more you can think of. After all, it’s .NET, and it can always be cracked. I suggest that you pick up C++ and virtualize your program using VMProtect. Unless you are up against some of the most talented reverse engineers who can de-virtualize VMProtect, you are safe.
just to be clear, It’s not cheats It’s used for pentesting, web-site dev testing
Let’s answer your questions
Thanks for neo-confuserex
2.Server-side in my database with SSL
3.Have Anti-Spam and Secure Request protection
4.User:Pass It’s secure API via http, Using auth.gg with couple of editing by my side to the API
You could use a third party packer, or write your own.
Thanks
Don’t use c# if you’re that worried about people reverse engineering your “legitimate program”
Ive used beds protect but I watched someone in a discord call crack my source before. He knew what he was doing though it was a bit more difficult than just dumping it with dnSpy.
