Intellectual Property Protection BEYOND OBSFUCATION
-
I've run it all a few more times. Step 1 [Examining] : Successful Step 2 [Protection Layer 1] : Successful Step 3 [Protection Layer 2] : Information: DEMO MODE! Obfuscation(50%). Successful Step 4 [Resign Assembly] : Successful .NET Assembly Successfully Protected New Protected Version Of Your .NET Assembly Created In: C:\VS2005\N\GC\obj\Release\GCControls_N_Secure\GCControls_N.dll As to what this means... "Information: DEMO MODE! Obfuscation(50%)."... I do not know. This is not looking good. It's like all settings are ignored in trial mode, or... ehem. Have you looked at your output with ILDasm? I'm getting the same thing every time -- readable IL, not even obsfucated.
mike montagne wrote:
This is not looking good. It's like all settings are ignored in trial mode, or... ehem. Have you looked at your output with ILDasm? I'm getting the same thing every time -- readable IL, not even obsfucated.
I can send you a screen shot if you like: --------------------------- ERROR --------------------------- error : 'D:\VS2005 Projects\MyClubV2\bin\Debug\myclubv2_Secure\myclubv2.exe' has no valid CLR header and cannot be disassembled --------------------------- OK --------------------------- Cheers,
Glen Harvy
-
mike montagne wrote:
This is not looking good. It's like all settings are ignored in trial mode, or... ehem. Have you looked at your output with ILDasm? I'm getting the same thing every time -- readable IL, not even obsfucated.
I can send you a screen shot if you like: --------------------------- ERROR --------------------------- error : 'D:\VS2005 Projects\MyClubV2\bin\Debug\myclubv2_Secure\myclubv2.exe' has no valid CLR header and cannot be disassembled --------------------------- OK --------------------------- Cheers,
Glen Harvy
I'll get back to you in a bit. I can't send the demo, but... at least it looks like your installation is working. I have no idea why mine won't NR as advertised. BIG THANKS.
-
Send me your test program and I'll NR it for you. I thought the demo output was pretty descriptive - it only obfuscated half your code. Xenocode only obfuscates 10% of the code and only hides 50% of strings in demo mode.
Glen Harvy
No can send the demo, but I sure do appreciate the offer. I can't get a rise out of Denis. I surely would like to know what's going on here. I have the settings tweaked that should be protecting output. I would think NR would like to show that off in demo mode. This stuff is simple. It shouldn't be a big deal.
-
No can send the demo, but I sure do appreciate the offer. I can't get a rise out of Denis. I surely would like to know what's going on here. I have the settings tweaked that should be protecting output. I would think NR would like to show that off in demo mode. This stuff is simple. It shouldn't be a big deal.
I dunno where you are but Denis probably isn't even at work yet - he is in Germany. I don't want to do their technical support but if you send me the .nrpoj file I can glance over that and see if there are any obvious setup problems. Cheers,
Glen Harvy
-
I dunno where you are but Denis probably isn't even at work yet - he is in Germany. I don't want to do their technical support but if you send me the .nrpoj file I can glance over that and see if there are any obvious setup problems. Cheers,
Glen Harvy
I think my first mail should have caught him. Thanks again for the offer again. Maybe you might want to do a little beta *installation* testing for a free license when I get this rolling? That should be more fun. Just for the heck of it I looked things over again and decided to turn Compact Framework compatibility off. (I guess I was stupid to think the option meant extended versatility.) So now when I protect, I get this (different) message string: Step 1 [Examining] : Successful Step 2 [Protection Layer 1] : Successful Step 3 [Protection Layer 2] : Successful Step 4 [Resign Assembly] : Successful .NET Assembly Successfully Protected New Protected Version Of Your .NET Assembly Created In: C:\VS2005\N\GC\obj\Release\GCControls_N_Secure\GCControls_N.dll Please Only Ship Your Protected Assembly Together With 'GCControls_N_nat.dll' ----- What do you know. That's the first I saw a *nat.dll, and *nat.dll cannot be disassembled. Nor does my GCControls_N.dll seem to have but a little information in it now -- and not much at that. I don't know what to make of the resource multiplication yet. We have grown from a 60K library to two libraries, one being 67K and the other (*nat.dll) being a whopping 212. Ouch. I expect that means ultimate distributables will be bloated that much. I am a happier camper however with the arfie dog part barking. Researching what I can do with a license scheme. I think the cleanest thing will be to do as you have -- write your own.
-
I dunno where you are but Denis probably isn't even at work yet - he is in Germany. I don't want to do their technical support but if you send me the .nrpoj file I can glance over that and see if there are any obvious setup problems. Cheers,
Glen Harvy
Wow. Pretty interesting content in *nat.dll, including a string, "This program must be run under Win32" I wonder if that has anything to do with the 64-bit behavior. In any case, some of the widely spaced strings have me wondering what I'm looking at here (in Notepad). Have you looked at this stuff?
-
I think my first mail should have caught him. Thanks again for the offer again. Maybe you might want to do a little beta *installation* testing for a free license when I get this rolling? That should be more fun. Just for the heck of it I looked things over again and decided to turn Compact Framework compatibility off. (I guess I was stupid to think the option meant extended versatility.) So now when I protect, I get this (different) message string: Step 1 [Examining] : Successful Step 2 [Protection Layer 1] : Successful Step 3 [Protection Layer 2] : Successful Step 4 [Resign Assembly] : Successful .NET Assembly Successfully Protected New Protected Version Of Your .NET Assembly Created In: C:\VS2005\N\GC\obj\Release\GCControls_N_Secure\GCControls_N.dll Please Only Ship Your Protected Assembly Together With 'GCControls_N_nat.dll' ----- What do you know. That's the first I saw a *nat.dll, and *nat.dll cannot be disassembled. Nor does my GCControls_N.dll seem to have but a little information in it now -- and not much at that. I don't know what to make of the resource multiplication yet. We have grown from a 60K library to two libraries, one being 67K and the other (*nat.dll) being a whopping 212. Ouch. I expect that means ultimate distributables will be bloated that much. I am a happier camper however with the arfie dog part barking. Researching what I can do with a license scheme. I think the cleanest thing will be to do as you have -- write your own.
There ya go - it worked. I have compression turned on and the .exe that I distribute is 791k verses about 1.8 meg for the executable and three included dll's.
Glen Harvy
-
Wow. Pretty interesting content in *nat.dll, including a string, "This program must be run under Win32" I wonder if that has anything to do with the 64-bit behavior. In any case, some of the widely spaced strings have me wondering what I'm looking at here (in Notepad). Have you looked at this stuff?
That's interesting - perhaps NR will explain it. I haven't bothered with looking at theend result - just as long as no one can easily de-obfuscate it I'm happy.
Glen Harvy
-
Let's break this discussion into two sections - Obfuscation and Licencing. Licencing: From what I can tell the SDK allows you to customize the licence file but not much else. I don't see how any of those customizations can be practically used in determining whether your program works or not. I have not examined the SDK or made any use of it but it may be possible for your program to read the licence file and do something based on the content of that file. You either accept the licencing options NR provides or you don't. BTW: In my testing, the licencing options did work and I was very impressed. I think you must be doing something wrong if it's not working for you :(. My program and it's licencing are linked to the Club's Name. The licence code is generated by the combination of the Club's name and a secret word hardcoded into my program. The 30 day trial period is also "hardcoded" into my program. If the local Womens Association :) have a hacker with heaps of time and the knowledge then I guess I've lost a sale :|. My registration company is ShareIt and they generate the keys by using their key generator software which I have also NR'ed so the all important secret word is obfuscated even to them. In your scenario I don't see how you can use the NR licencing module without using HID.exe. Obfuscation: I tried to run various de-obfuscators on my NR'ed program, ILDasm etc on the output without success. In other words - it works for me :) Cheers,
Glen Harvy
Similarly, I studied .NET licensing classes last night, and it's not really clear just how I'll want to go about writing a licensing scheme -- whether to use file I/O classes. From what I see in the .Net SDK documentation, our license must be marked with a *.LIC extension.
The name of the file must be the fully qualified name, including the namespace, of the class with the file name extension .LIC. For example: Namespace1.Class1.LICThis is not the case for the NR license (.license), so the NR system must be proprietary. That's OK with me -- it may be a much better thing to do, because I find the VS .Net SDK documentation quite ambiguous too. For instance,The content of the license file should contain the following text string: "myClassName is a licensed component." myClassName is the fully qualified name of the class. For example: "Namespace1.Class1 is a licensed component."Personally, I read this stuff and ask myself what it can mean to anyone. I want to know how this string, "Namespace1.Class1 is a licensed component." is processed. You would suppose that if it is removed or altered that this invalidates the license, but how and why -- and what alternate processes take over then? By the time you have deciphered all the cryptic documentation an unexplained issues (by costly experimentation), you can have far too much time in a small bit of functionality. A crux of the design issues is splitting the design time behavior and runtime behavior of distributables. The documentation seems to suggest this happens, but not how. You return a validation value by overriding a method. Unfortunately, I don't see the path as being very clear here either. Like you, I most appreciate the fact that the NR licensing scheme will be hidden by a process beyond obsfucation -- and that is presently the deciding factor in the fork I'm going to take here, especially as I have now heard from Denis, and he's agreed to let me help him improve NR's documentation. My thinking is that I'll get my job done faster with more direct help, and that if we can improve the documentation, it may be very clear what to do with what my intuition tells me is the most promising way to distribute commercial .Net assemblies which require (or benefit from) intellectual property protection. I'll read your other posts now, but will report back in the next few days if I can, on what progress Denis and I have made with his documentation. This should be interesting. m -
Similarly, I studied .NET licensing classes last night, and it's not really clear just how I'll want to go about writing a licensing scheme -- whether to use file I/O classes. From what I see in the .Net SDK documentation, our license must be marked with a *.LIC extension.
The name of the file must be the fully qualified name, including the namespace, of the class with the file name extension .LIC. For example: Namespace1.Class1.LICThis is not the case for the NR license (.license), so the NR system must be proprietary. That's OK with me -- it may be a much better thing to do, because I find the VS .Net SDK documentation quite ambiguous too. For instance,The content of the license file should contain the following text string: "myClassName is a licensed component." myClassName is the fully qualified name of the class. For example: "Namespace1.Class1 is a licensed component."Personally, I read this stuff and ask myself what it can mean to anyone. I want to know how this string, "Namespace1.Class1 is a licensed component." is processed. You would suppose that if it is removed or altered that this invalidates the license, but how and why -- and what alternate processes take over then? By the time you have deciphered all the cryptic documentation an unexplained issues (by costly experimentation), you can have far too much time in a small bit of functionality. A crux of the design issues is splitting the design time behavior and runtime behavior of distributables. The documentation seems to suggest this happens, but not how. You return a validation value by overriding a method. Unfortunately, I don't see the path as being very clear here either. Like you, I most appreciate the fact that the NR licensing scheme will be hidden by a process beyond obsfucation -- and that is presently the deciding factor in the fork I'm going to take here, especially as I have now heard from Denis, and he's agreed to let me help him improve NR's documentation. My thinking is that I'll get my job done faster with more direct help, and that if we can improve the documentation, it may be very clear what to do with what my intuition tells me is the most promising way to distribute commercial .Net assemblies which require (or benefit from) intellectual property protection. I'll read your other posts now, but will report back in the next few days if I can, on what progress Denis and I have made with his documentation. This should be interesting. mYou should move this topic to a new Subject and see if anyone else can help you as well. I didn't know that there was a licencing method in the .Net SDK until you mentioned it. I wrote all my own code which, being obfuscated :) is good enough for my program and it's target market. I did find this interesting [^] which may assist you. There may even be sources available to you on codeproject! Good luck.
Glen Harvy
-
You should move this topic to a new Subject and see if anyone else can help you as well. I didn't know that there was a licencing method in the .Net SDK until you mentioned it. I wrote all my own code which, being obfuscated :) is good enough for my program and it's target market. I did find this interesting [^] which may assist you. There may even be sources available to you on codeproject! Good luck.
Glen Harvy
Denis and I are working on this together now, but I'll look at your link in a second here.
-
You should move this topic to a new Subject and see if anyone else can help you as well. I didn't know that there was a licencing method in the .Net SDK until you mentioned it. I wrote all my own code which, being obfuscated :) is good enough for my program and it's target market. I did find this interesting [^] which may assist you. There may even be sources available to you on codeproject! Good luck.
Glen Harvy
Hey, great article. He says, "While I believe that for completeness I should describe how you use LicFileLicenseProvider, I also believe that anyone serious about licensing their software will most likely avoid such a simple scheme in favor of their own, more creative schemes, one of which I'll introduce to you after describing LicFileLicenseProvider." I was pretty quickly convinced of as much last night as I explored the "documentation." THANKS A BUNCH!
-
You should move this topic to a new Subject and see if anyone else can help you as well. I didn't know that there was a licencing method in the .Net SDK until you mentioned it. I wrote all my own code which, being obfuscated :) is good enough for my program and it's target market. I did find this interesting [^] which may assist you. There may even be sources available to you on codeproject! Good luck.
Glen Harvy
Denis and I are hashing out some ideas about licensing. Hopefully we will come up with a boilerplate which will solve issues right out of the box.