1

I built a C# WPF (.NET Core 3.1) application using that has got some interest and I'm about to monetize it. However, building any kind of license check in C# is pretty much useless, and any user would be able to use a decompiler such as ILSpy to crack it, thus rendering my work pretty much useless.

I took a long hard look on the .NET obfuscators, but ultimately concluded they did not fit my requirements because there are decompilers that can still retrieve the code from Dotfuscator, Babel, Obfuscar, etc. Simply obfuscating names and whatnot isn't really useful, as one could simple debug the code to the point where a license is required.

What I'm trying to do now is build a C/C++ launcher that will execute my .NET from memory. My plan is to stream the bytes from a server, load them in memory, and run the program. I, however, don't know a whole lot about how I could achieve this.

I've tried VirtualAlloc to allocate all the bytes and changed set memory page to be executable, but it didn't work.

I've tried adjustments based on a few pieces of code that run PE from memory: https://github.com/aaaddress1/RunPE-In-Memory https://github.com/codecrack3/Run-PE---Run-Portable-Executable-From-Memory/blob/master/RunPE.cpp https://www.codeproject.com/Articles/13897/Load-an-EXE-File-and-Run-It-from-Memory

The closes I got was a 0xc0000005 error when trying to run the executable from memory (an array of bytes that makeup my program).

How can this be done? I'd really like to avoid having to rewrite the whole thing in C/C++, specially because of the complex UI.

victor
  • 1,532
  • 1
  • 13
  • 32
  • 1
    "My plan is to stream the bytes from a server, load them in memory, and run the program." -- Memory can be dumped too and disassembled if necessary... That said, does the application really appeal to such a broad audience that it promises enough gain for someone to sell cracked versions? Or is it likely the audience is skilled enough to do it for themselves and the application expensive and also worthy enough that they'll invest that effort? – sticky bit May 08 '21 at 23:01
  • 1
    You're going in the wrong direction. Anything on the user's machine is owned by the user. Period. Obfuscation, encryption, creating launchers or runtimes, using a different language, or putting a paper bag over your head won't change that. If you want to control your application you can't put it on the user's machine. Create a web service you own. Create a user application the user owns. Create accounts, data, executables or whatever on your server so you own it. The user application can submit requests or whatever, but the server app decides what to send the user. – Dour High Arch May 08 '21 at 23:04
  • A considerable part of the audience is skilled enough when it comes to dragging the exe to a decompiler and rebuilding it, specially the competition. The application is not expansive to the customers, but since effort required to crack it is minimal, it would take maybe 2 days before a cracked version appeared, even if it cost 10 cents a month. – victor May 08 '21 at 23:07
  • @DourHighArch I don't think so. I'm trying to make it difficult enough so that people would rather pay or not use it. I think this kind of mindset is wrong, otherwise 100% of the softwares would be open source, since "there is no point in trying to secure it". Try cracking visual studio, photoshop, coreldraw, etc... Can it be done? Definitely. Effort and knowledge required? Well, orders of magnitude above dragging an exe into a decompiler and saving it as .cpp. Think about it. – victor May 08 '21 at 23:10
  • Dour's right. A big part of my job involves reverse-engineering software produced by certain other companies. Fully legal, in my particular case...it's for security auditing...but without said companies help. Trust me, the minute you let the user download it, you've lost control of it. And the mentality of "it'll be more work to crack than to pay for it" is completely misguided, there are plenty of people out there who love a challenge and will do it just for the fun of it. – Mark Feldman May 08 '21 at 23:24
  • @MarkFeldman Since it is not publicly available for download, and it is not in the user interest to redistribute it, the main goal is to not make it as easy as sending the source code along with the product. It also quite niched, and it wouldn't (most likely) be a target for the kind of people you are talking about. If trying to protect it is useless, then what is the point of your job? Why test security at all? It doesn't need to be as protected as Windows source code, but not as open as an open source project either. Themida and VMProtect wouldn't exist if this wasn't a legitimate goal. – victor May 08 '21 at 23:33
  • 1
    @victor valid points, and difficult to answer without knowing more of the specifics around your particular product. Generally speaking though, it's not your clients you have to worry about directly, it's the junior working for them who has an uncle running a software studio in Shenzhen who will literally take your product, crack it and offer it to your other clients for 10% cheaper. Don't think this doesn't happen...it can, and it does. All the time. – Mark Feldman May 08 '21 at 23:42
  • 1
    @victor One other point to consider is that the more you try to obfuscate it, the more fragile it becomes, and the more it will raise all kinds of red flags with defender and anti-viruses. Be careful *not* to aggravate your legit clients with over-the-top protection schemes, since there is a price to pay if that happens, too. – dxiv May 09 '21 at 00:06
  • At least related, if not duplicate: https://stackoverflow.com/questions/2019923/executing-machine-code-in-memory – Aconcagua May 09 '21 at 00:17
  • @Aconcagua Apparently, there are other particularities when it comes to a .NET executable, otherwise the other solutions I mentioned would have worked. – victor May 09 '21 at 00:58

0 Answers0