Monday, April 13, 2009

Key-Gen for .NET Apps!

You all know that .NET generated application convert the high-level codes from source language (e.g. C#) and converts them to IL. Basically, if you could convert the IL code back to the high-level language, you’d have the original source code of the application, and to some extent, you can do this, but this is the story for another post. Today, I’d want to show you how your public licensing API would provide a very easy way to crack open your own application.

Note: I take no responsibility for how you use the piece of information. By reading these instructions you accept the sole responsibility of any illegal use. The names and information provided here are changed to save the innocent.

Suppose you’ve put a lot of energy and time and written your state-of-the-art application and you’ve released it to the market. After a while some junior software developer tries to inspect your assembly to see how you’ve managed to do a special tricks or two. (Mind you, that’s not what I’d suggest you do, dear reader, because you might end-up facing copyright infringement lawsuits). Now when he’s inspecting the API, he encounters your licensing API, and even worst, those API are public:

public class RSALicenseCodec : IEncoder, IDecoder
public class License
public Guid LicenseId = Guid.NewGuid();
public DateTime EndTime; public string LicensedTo;
public DateTime PurchaseDate;
public LicenseType Type;
public DateTime StartTime;

public static string LicenseToKey(IEncoder encoder, License license)

public static License KeyToLicense(IDecoder decoder, string key)

Note: Actual implementation was cut off!


Now with all these public API, only thing between a novice developer with bad intensions and a perfect key-gen to for application, is the copyright infringement lawsuit! Do you think that alone is enough?

I don’t want to give you the idea that by only making these API private you’re safe, no. There are a lot of things you should do before you’re even close to being safe with hackers and crackers, but in my opinion taking all the care would no save you either. Almost nothing can stop a motivated cracker.

Submit this story to DotNetKicks Shout it

No comments: