保护 .NET 代码免遭逆向工程? [英] Protect .NET code from reverse engineering?

问题描述

混淆是一种方法，但它不能防止破坏应用程序的盗版保护安全.如何确保应用程序不被篡改，如何确保注册机制不能被逆向工程?

Obfuscation is one way, but it can't protect from breaking the piracy protection security of the application. How do I make sure that the application is not tampered with, and how do I make sure that the registration mechanism can't be reverse engineered?

还可以将 C# 应用程序转换为本机代码，以及 Xenocode 太贵了.

Also it is possible to convert a C# application to native code, and Xenocode is too costly.

C# 提供了很多特性，是我代码的理想语言，所以用 C++ 再次编写整个代码库是不可能的.

C# provides lot of features, and is the ideal language for my code, so writing the whole codebase again in C++ is out of the question.

可以轻松地从 .NET 中的签名程序集中删除安全证书.

Secure certificates can be easily removed from the signed assemblies in .NET.

推荐答案

你不能.

您可以采取一些步骤使其稍微变得更困难，但最终本地机器上的任何可执行文件都是可破解的.最终，该代码必须转换为本地机器代码，每个可运行的应用程序都容易受到攻击.

There are steps you can take to make it a little more difficult, but ultimately any executable on the local machine is crackable. Eventually, that code has to be converted into native machine code and every application that is runnable is vulnerable.

你要做的只是让破解变得足够困难，让它不值得人们为之苦恼.

What you want to do is just make it difficult enough to crack to make it not worth peoples' trouble.

我有一些建议可以帮助保护您的应用程序:

Some suggestions I have for you to help protect your application:

• 混淆您的代码.Dotfuscator 有免费版，并随附 Visual Studio.
• 使用公钥/私钥或非对称加密来生成您的产品许可证.这确保只有您可以生成您的许可证代码.即使您的应用程序被破解，您可以确定他们不会为您的应用程序发布密钥生成器，因为密钥生成算法是不可能逆转的.
• 使用第三方打包程序将您的 .NET 可执行文件打包到加密的 Win32 包装器应用程序中.Themida 是最好的之一.这会阻止人们在 .NET Reflector 中反映您的应用程序，并使解压变得很痛苦用于倒车.
• 编写您自己的自定义打包程序.如果第三方打包程序太贵，请考虑编写自己的打包程序.有时自定义打包程序可能非常有效，因为没有关于如何解包它们的良好发布方法.教程如何编写自己的打包程序 提供了大量有关编写自己的 Win32 打包程序的好信息.

• Obfuscate your code. Dotfuscator has a free edition and comes with Visual Studio.
• Use public/private key or asymmetric encryption to generate your product licenses. This ensures that only you can generate your license codes. Even if your application is cracked, you can be sure that they won't be releasing a key generator for your application, because it is impossible to reverse the key generating algorithm.
• Use a third-party packer to pack your .NET executable into an encrypted Win32 wrapper application. Themida is one of the better ones. This stops people from reflecting your application in .NET Reflector and makes it a pain to unpack for reversing.
• Write your own custom packer. If the third-party packers are too expensive, consider writing your own. Sometimes custom packers can be very effective, because there aren't well published methods on how to unpack them. The tutorial How to write your own packer gives a ton of good information on writing your own Win32 packer.

但最终，如果人们希望您的应用程序被破解，他们会的.看看所有拥有大量资源来保护其应用程序的商业软件，但它们甚至在应用程序向公众发布之前就已被破解.

Ultimately though, if people want your application cracked they will. Look at all the commercial software out there that has a vast amount of resources to protect their applications and yet they are cracked before the applications are even released to the public.

熟练的逆向工程师可以启动 IDA-Pro 并像黄油一样切开您的应用程序无论你做什么.打包的应用程序可以解包，混淆只会阻止它在公园里散步.您在复杂的许可证代码方面的所有辛勤工作都可以通过一个字节补丁来完成.

A skilled reverse engineer can fire up IDA-Pro and slice through your application like butter no matter what you do. A packed application can be unpacked and obfuscation only prevents it from making it a walk in the park. All your hard work with your complex license code can be undone with a single byte patch.

您只需要接受人们盗版您的软件的可能性非常大.有些人无论如何永远都不会为您的申请付费，而这些人您无需担心.

You just need to accept that there is a very real chance people are going to pirate your software. There are some people who are never going to pay for your application no matter what and these are the people you don't need to worry about.

然而，有许多企业永远不会冒着诉讼的风险而乐于购买软件许可证，而许多计算机用户要么不想冒险，要么发现它错了，要么对技术不够精通，无法进行盗版.这些是您的真正客户，您应该集中精力为他们提供良好的用户体验，而忽略破解您软件的人.

There are however, many businesses out there who would never risk a lawsuit and happily buy software licenses and many computer users who either don't want to risk it, find it wrong or are not tech savvy enough to pirate. These are your true customers, and you should focus your efforts on providing them with a good user experience and ignore the people cracking your software.

我的应用程序以前被盗版过，我认为这是对我个人的侮辱.在这里，我是一个小型开发人员，将我的全心全意投入到一个应用程序中，而这些人竟然敢从我这里盗版?！他们直接从我口袋里拿钱！

I've had my application pirated before, and I took it as a personal affront. Here I was, a small-time developer, pouring my heart and soul into an application and these people had the gall to pirate from me?! They were taking money directly from my pocket!

我立即添加了一堆严酷的 DRM 代码，并试图使用非法或破解副本来破坏任何人.我当然应该一直致力于使我的应用程序更好，而不是试图阻止不可避免的事情.不仅如此，我还伤害了我的真正客户，因为我提供了所有这些额外的保护.

I immediately added in a bunch of draconian DRM code and attempted to sabotage any person using an illegitimate or cracked copy. I should of course have been working on making my application better instead of trying to stop the inevitable. Not only that, but I was hurting my true customers will all these extra protections I was putting in.

经过长时间的战斗，我意识到我正在与潮汐作斗争，而浪费的所有时间都是徒劳的.除了准系统许可证功能外，我取出了所有电话首页代码，再也没有回头.

After a long battle I realized I was fighting the tides and all this time wasted was for naught. I took out all the phone-home code except for the barebones license functions and never looked back.

这篇关于保护 .NET 代码免遭逆向工程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！