0

Is there a way or a library that can help me load assembly in memory (dll for example) located on my webpage. I'm trying to figure out a nice crack protection

starblue
  • 55,348
  • 14
  • 97
  • 151
blez
  • 4,939
  • 5
  • 50
  • 82
  • 1
    This is my fav post of the am.... this sounds like the opposite of protection. – Nix Apr 05 '10 at 12:37
  • Why? It's harder to dump the core of the app – blez Apr 05 '10 at 12:39
  • That wouldn't work. Someone can download it and patch it like you do. Your best bet is obfuscation on .NET. – Sedat Kapanoglu Apr 05 '10 at 12:40
  • My idea was the main app, and the dll core that's located on server. Every time the module is loaded in memory, and both of the main and dll are obfuscated. – blez Apr 05 '10 at 12:42
  • how about just using clickonce? – kenny Apr 05 '10 at 12:43
  • How does loading an assembly from a web server make it harder to dump core? – Marcelo Cantos Apr 05 '10 at 12:43
  • If the main part of the program is located on a remote dll and on bad auth of server it's not loaded (ex: trial expired), I guess it will be harder to dump that dll from memory and patch the application to use it from hard drive. – blez Apr 05 '10 at 12:46
  • 3
    Make the core execute on the server — that's the only way you can get real protection. – Anton Tykhyy Apr 05 '10 at 12:51
  • It must be executed on client side. – blez Apr 05 '10 at 12:53
  • Then there's no way you can protect it reliably — provided it is useful enough for crackers to devote time to. – Anton Tykhyy Apr 05 '10 at 12:55
  • I think obfuscating + this is the best that can be done. – blez Apr 05 '10 at 13:00
  • I wouldn't bother with the download, it won't add much to obfuscation and there's extra server traffic to consider as well. Separate obfuscation+watermarking for every client might be a good idea, though. – Anton Tykhyy Apr 05 '10 at 13:34
  • 1
    Anton knows what he's talking about, once you give code to a client, then all bets are off. DRM/license keys/whatever simply do not work too stop a determined attacker. – Robert Davis Apr 05 '10 at 13:49
  • It's fairly simple to set up your own proxy to mimic your server's configuration and behavior. Loading from an external server offers no protection if the execution must be done client-side. – Dan Herbert Apr 05 '10 at 16:29
  • Yes, but not much people will install a patch that runs proxy on their computer. – blez Apr 05 '10 at 16:31
  • Again it depends on what your program is. Suppose, purely for argument's sake, that it is the much-anticipated game VAPORWARE II — any protection shall be broken as fast as humanly possible, probably within 24 hours of release, and tons of people won't mind installing cracks even if it means turning their machine into a DDOS network bot. OTOH if your program is a new notepad clone, nobody will bother either to crack it or to install cracks. – Anton Tykhyy Apr 05 '10 at 17:02

3 Answers3

1

Assembly.Load (byte[])

Anton Tykhyy
  • 19,370
  • 5
  • 54
  • 56
0

One could download the file locally, then load it via AssemlblyLoad/reflection....and you would be off to the races. Not sure this is a good idea though.

kenny
  • 21,522
  • 8
  • 49
  • 87
0

Did you try..

C# LoadFrom

Nix
  • 57,072
  • 29
  • 149
  • 198