{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 兄弟一词,经得起流年. 的问题《C#: How to Make it Harder for Hacker/Cracker to Ge》','https://www.manongdao.com/q-26136.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
First of all, I understand that almost all applications can be cracked (especially written in C#). My question here is to make it a little bit harder to crack.
Suppose that the user has saved the License file under the Application.StartupPath, where all users can read.
And then, every time when the application starts, it will check if it can find and verify the license file.
If the application can find and verify, we let the user to continue with full functionalities.
If not, we prompt a MessageBox showing "Unlicensed, continue to use with trial version, functionalities limited."
My question is, if I'm a hacker/cracker, I would try to get around or bypass the licensing check instead of cracking the license file, because, if we use RSA signature, it's very difficult to crack a license file.
So where should we put the license check?
P.S.: and also, is it safe if I put a global variable IsLicensed (true / false) to limit the functionalities? Is it easy for a hacker to change IsLicensed = true?
I think that check should be done in several different places in the source code; it is much harder to catch all of them than only one. Also, if wants to protect program written in C# (or any other .NET language), one should consider to use some obfuscator. In counterpart a cracker or even lamer will be able to crack a program using some software like .NET Reflector
You can obfuscate the code (make it harder to decompile/use the reflector on it), but with enough energy and knowledge, it will get broken, after that it's quite easy to change the bytecode of the assembly, thus circumventing the license check. Also, you could invest the money to make it possible for you to sign your assemblies, which would make it harder to change the assembly itself, but with enough energy (more than just breaking the obfuscation) this can also be circumvented.
Your goal shouldn't be to make the license process unbreakable, but to make your software itself worth to buy. This is a much better protection. Crackers (and only them, hackers are something completely different, see this article for more) won't be hindered by that, but with the software being worth it, much more people would buy it.
As mentioned previously, one can simply use .NET reflector to get the entire source code of your software (in fact, it can even get it in VB.NET or other languages even if you're written it in C#!). You must obfuscate your assembly if you hope to have even a chance at slowing a cracker's progress.
What is to stop people from directly copying licenses? If you have a license which is signed, it will then just be signed in two places -- what have you put in place to stop this? Never mind whether a global variable would further weaken your protection without taking into account trivial "cracks."
There really is no good answer to this as Ben Voigt pointed out. If you need something that is uncopyable, make it a closed-source web application. Astalavista will show you that most things have been cracked. Adobe products which cost thousands of dollars have been cracked and I'm sure their employees are quite well versed in copy protection techniques.
The #1 law of software licensing: You don't control your software once you allow it to be installed on a computer you don't control.
If you want to keep control over your code, you need to make it a web service and give the end user just a thin client that interfaces to that web service.
In many scenarios, this is unacceptable, because users want to be able to use their software even when they don't have an internet connection.
In almost all cases, you should focus on making the user experience better, and all forms of copy protection make it worse instead. Once you get to the point where the experience of downloading from a warez site and running it through several virus scans is better than doing the license setup for the legit version, you've lost.