0

I have a .net project which has many modules and also have some .jar files. I also created a .msi setup for installation.
This application actually our company's IP(internal Product) which some time get installed on Client Environment for limited period.
We want to secure the product code, so that no one come to know how it is working, for this we have 3rd party licensing (safenet), but the problem is they are not providing the encryption of all methods present in the .jar (have around 1000 methods).

Just I want to know is there any way to protect our application code from De-compiling ? Or is there any way to obfuscate the code so that De-compiling does not work ?
Edit : Or is there any tool (licensing tool) which provide this facilities?

Thanks in Advance.

BhushanK
  • 1,205
  • 6
  • 23
  • 39

2 Answers2

2

I work for a copy protection company. I will try my best not being biased by my work.

Yes, protection is possible and you can make it very hard for the hackers if you wish to. Will it be impossible to break your protection? No, all code can be broken! But the better protection, the harder it is to crack, and the fewer hackers will get their hands on your product.

There are a few ways to stop debuggers. The easiest is a test if the code is handled at a normal speed, if not, it's because some one is debugging your code and executing it with steps. Then your code should terminate the program gracefully to stop the decompiling of your software.

A colleague of mine has written this article about the basics of copy protection: All About Copy Protection Look for "Debug Trapping" if you don't want to read it all :)

Frank Jelstrup
  • 301
  • 2
  • 10
1

Sorry, but it's impossible to hide how programs work. If the machine can run it, it can be decompiled. For example in java the most common methods of obfuscation are:

  • Name Obfuscation
  • Flow Obfuscation
  • Opaque Predicates

At the bytecode level none of these things can stop a person if they are dedicated to figuring out how your product works. Naming is irrelevant at the bytecode level, flow obfuscation can be patched with automated tools, and the same applies for opaque predicates. The same applies to the .Net framework for the most part.

However these features do keep away your average script kiddies. So while they aren't perfect they are worth-while. If you want a free obfuscation alternative you can check out Proguard, although it only offers name obfuscation. Obfuscators that have flow and opaque features usually are costly.

Display Name
  • 942
  • 1
  • 10
  • 20