How to prevent reverse engineering to bypass licensing?

I have a trial version of LimeLM started and the demo application and all the files on line are quite clear. I was able to, in very short time, add LimeLM functionality in my application.

My question is...Is there anything in LimeLM which will prevent someone from reverse engineering or otherwise hack my application and remove the LimeLM coding. thus making the application fully available for anyone to use? I know that no software application is fully safe from something like this but since there is no obfuscation, compression or other defenses against debuggers or dumpers, what do you recommend?

Should I also find a good obfuscation utility to run on my application then use LimeLM for licensing?

Should I also find a good obfuscation utility to run on my application then use LimeLM for licensing?

Don't waste any money on one. I wouldn't reccommend any obfuscation (because it can be undone easily), but if you feel you must, then use a free one. ProGuard for Java or Obfuscar for .NET.

My question is...Is there anything in LimeLM which will prevent someone from reverse engineering or otherwise hack my application and remove the LimeLM coding.

Everything can be cracked. But, as we say in the "Why LimeLM" article:

Software licensing allows you to get paid for each copy of your software. The types of software licensing come in a few general forms which I'll be covering in the next section. With few exceptions the hardware-locked licensing is best for businesses because it allows you to have absolute control over where your software is installed.

The point of licensing isn't to stop crackers from cracking your software. The point of licensing is to increase your revenue by preventing casual piracy (using serials over and over again). There is real money to be made by stopping casual piracy.

If you want to add a simple check then just verify the Authenticode signature of the TurboActivate.dll in your app. Or hardcode the CRC32 hash of the TurboActivate.dll and compare it against the "current value" to see if it has been modified. Anything beyond that is just a waste of your time.

Obfuscation has some added bonuses

- Any stack trace you get will be junk unless you pay for a tool with a stack-trace mapping decoder.

- How do you know everything still works? Do your unit tests and integration tests cover everything? Obfuscation can break things like reflection, binding, inter-assembly calls, plugins. You'd have to be very confident with your unit & integration tests (you have these, right?).

I just played with the trials of a few paid obfuscators - they look impressive but I couldn't even get the app I was messing with (MahApps.Metro demo) to start. Try them out on a reasonably complicated app that is a known thing and see if it breaks. See how long it takes you to fix it. Then wonder if you fixed everything. Then keep coding. Then... Then ponder if you want to get yourself into that mess just to annoy some kid who wasn't going to pay anyway.

At least with licensing what you see is what you get, the build doesn't change when you deploy it and you have tested it (right?). If they manage to find all your needles in the haystack then email them a medal.

If your support etc sucks so much that it's not worth paying for then you have bigger problems than script kiddies. Just make it easy for the nice people to do the right thing.

Reply
Discard post