|
You can't, and your code should not contain secrets.
You can make it "harder" to read by obfuscating it; that means that it will take me more time to read it.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
All security is really about is making something more difficult. The best you can hope for is to make the cost of acquisition higher than the value of acquisition.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Nathan Minier wrote: The best you can hope for is to make the cost of acquisition higher than the value of acquisition.
For a hobbyist, cost is zero; I can remember how many games were pirated, not too long ago - often within days of release, and that was usually not done using .NET reflection 
Given the "genuine" application, I'd say that even Microsoft lost that battle.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
You can try various obfuscation tools that make your code much less readable; some of the expensive ones (and, I mean very expensive) claim to make it extremely hard to reverse-engineer code. But, all .NET apps are to a large extent accessible.
To really get security you need to use extra measures, which may include hardware dongles, or installation software that binds your app to machine specific identification and limits its use.
I suggest you start exploring some of these sites: [^].
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
You're mixing up two subjects here: Protection against reverse engineering (which is what the OP is asking for) and license enforcement. Dongles and hardware keys don't protect against reverse engineering.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
Hi Sascha,
I see your point, but I think my including hardware protection is relevant; if you can't install the whatever containing the code, doesn't that help protect against reverse engineering ?
An academic issue, I know, since skilfully hackers regularly crack the most supposedly secure code and sites in the world.
cheers, Bill
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
If someone can reverse engineer your code, they can remove the Hardware lock validation code from that.
|
|
|
|
|
Hi Bill,
I see two reasons against considering hardware keys as a reverse engineering measure: You wouldn't be able to offer demo versions of your software and buying a license of your software wouldn't be a hindrance to those who think they could really benefit from reverse engineering your software.
cheers, Sascha
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
To elaborate a bit on what Eddy and Bill said: There are different so called obfucscator tools which will take your compiled .NET binaries and apply various kinds of transformations which don't (or: shouldn't) alter the programs behaviour but make the reverse engineering process harder. Ref: Obfuscation (software) - Wikipedia, the free encyclopedia[^] (also follow the links under the section "See also"). Those transformations differ in the increase of required effort for reverse engineering. They can be combined. They can have negative side-effects like braking .NET reflection (or requiring it to be programmed differently) or rendering exception stack-traces useless (because unreadable) unless the obfuscator provides a helper tool to make the stack-trace readable again. The pinnacle (to my knowledge) of those obfuscation methods is code-virtualization[^] which has the drawback of slowing down the code execution. No obfuscation method or combination thereof reliably protects your code against reverse engineering, they just make it harder. And, obviously, the tools vary in price, from free to some thousand bucks. Theoretically, the important question would be: How much effort do you think would someone interested in your source code be willing to invest into reverse engineering? If the required effort exceeds the effort to write a similar software from scratch then they will rather write their own software. Unfortunately, I can't help with estimating the required effort for reverse engineering code protected by this or that obfuscation method as I'm not a "hacker". My best advice is to read up on the various obfuscation methods and develop some sort of gut-feeling for which tool might suffice for you.
If the brain were so simple we could understand it, we would be so simple we couldn't. — Lyall Watson
|
|
|
|
|
Member 12431039 wrote: how can i do it?
Basically, you can't because ultimately, your code will have to conform to a defined language in order to run.
All you can do is make it more difficult to read after decompiling.
With enough will and mean, absolutely anything can be decompiled.
Patrice
“Everything should be made as simple as possible, but no simpler.” Albert Einstein
|
|
|
|
|
Software as a service.
Put your "secrets" in the cloud and provide an API that requires credentials to access your "secret functions"; whether via desktop, mobile or browser.
|
|
|
|
|
Next question; "How do I stop people using tools like Fiddler?"
|
|
|
|
|
The "algorithms" run on the server.
I don't give a twit about the transmission.
|
|
|
|
|
It depends what kind of secrets you are talking about.
If you mean that you have written the best algorithm ever, and don't want people to be able to copy it then you are out of luck. As stated in other answers, you can make it more difficult but not really prevent it.
If you mean you have stored a password or other secret user information, the answer is don't do it.
Passwords should be hashed in a proper way and other information is better kept on a secure server.
|
|
|
|
|
Hi,
I tried to send a message to other user on
modified 14-May-16 22:09pm.
|
|
|
|
|
Just login and post already.
By the time you get this going ... old news is no news.
|
|
|
|
|
Are you sure that the password goes into the URL, without any obfuscation or encryption?
I'd expect a cooky to be passed or similar, not having a password in the browser-history
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I use pictureBox, when my mouse is near a existing point in range which i defined, i want to set mouse on the existing point.
I use:
Cursor.Position = pictureBox1.PointToScreen(Point.Round(point));
pictureBox1.PointToScreen need point pix as a int,but my variable point is a float, where use PointToScreen, i found that the Cursor.Position is not on my existing point because of float to int convertor.
How can i realize this function accuracy?
|
|
|
|
|
Point.Round converts a PointF to a Point - it rounds up / down fractions of a float to the integer equivalent. It doesn't "round" to a "point in a range" it just converts (1.3, 2.7) to an integer (1, 3)
Since the cursor can't move to "parts of a pixel" it won't have any significant effect on the cursor position on it's own!
So show us what you do to create the PointF and explain why you think that should move the mouse to "near a range" and what it does do.
[edit]Typos[/edit]
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
oh, I want to do one effect like AutoCad snap function. I have drawn some graphics, and each graphic have hitpot point, when my mouse is near one point, i hope my mouse can snap it to get the same position.
|
|
|
|
|
You can do it, it's not complex - at least in a simple version:
private Point hotSpot = new Point(50, 50);
private Point lastSnap = new Point(-100, -100);
private void myPictureBox_MouseMove(object sender, MouseEventArgs e)
{
PictureBox pb = sender as PictureBox;
if (pb != null)
{
Point p = e.Location;
int nearX = Math.Abs(p.X - hotSpot.X);
int nearY = Math.Abs(p.Y - hotSpot.Y);
if (nearX <= 10 && nearY <= 10)
{
if (lastSnap != hotSpot)
{
lastSnap = hotSpot;
Cursor.Position = pb.PointToScreen(hotSpot);
}
}
else
{
lastSnap = new Point(-100, -100);
}
}
}
It's not perfect - you probably want to tweek it quite a bit to get it comfortable for the user - but it's a start! 
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Yes,But my hotSpot is pointF,like PointF(50.4,50.6), if that, Cursor.Postion is not the same as hotspot. Because pb.PointToScreen() need Point, so if i use round(PointF),it is not the same....
|
|
|
|
|
If you use Point.Round on a PointF(50.4, 50.6) you will get a Point(50, 51) - which is the closest an integer Point can get to it - you can't position a mouse pointer to .6 of a pixel because a pixel is the smallest unit of drawing!
The only reason PointF exists is to allow multiple scale and transform operations to not lose accuracy - you can't use them for actual drawing, then have to be converted to Point first.
Just try creating a Point hotSpot, and using Point.Round to give it a value from your PointF.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Hello , I need an example of how I use my application behind the nat. In my local network works normal file transfer , sending messages , however I would like to access my external network of my partner. I have a server and used a VPN , however was slow, like an access without relying on my server. I saw some examples UDP hole punching of codes but without success.
I look
|
|
|
|
|
Google for "C# UPNP nat forwarding" for examples.
You can setup NAT stuff if your application is on the inside of the network. You can NOT "punch holes" in a NAT if your code is on the outside of the network the NAT is protecting.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
