3) Since we call TurboActivate.dll functions importing them in c# (your TurboActivate.cs) (es: IsActivated() or IsGenuine()), it seems quite simple to just provide a dummy TurboActivate.dll with the same functions signatures that just returns "true" when needed. So, no need to crack or deobfuscate the main program.
If you're worried about a dummy TurboActivate.dll files you have a couple choices:
- Write your app in C++ and use the static library version of TurboActivate.
- Continue using your current language, but add a verification of TurboActivate (e.g. check the Authenticode signature of TurboActivate, or hardcode the md5 of TurboActivate and check that before runnig your app)
Tell me if that helps.
2) hardware fingerprinting fuzzy-matching: does it allow any change in any component? or are there some components that must remain the same?
It allows changing of frequently changed components (RAM, harddrive, network adapter, etc.)
1) where/how does LimeLM secures the received data from the activation server? So, the information that the activation process is valid? Is it in the registry?
It's in a file, on the disk. The hardware fingerprint is cryptographically signed alongside the "activation" meaning the user can only use the activation file on that one computer.
We describe in detail how LimeLM works, here: How hardware-locked licensing works.