How to protect your Intellectual Property or some words about next generation obfuscation
Not once customers asking me about protecting their IP (not address). The regular answer was “obfuscation”. You want more, then this? Use third party unmanaged hash providers (such as RemoteSoft, which is the best so far). However it not enough. the best we can do is to provide sensitive code as remote service. The only way to “hack” such protection is by hacking remote server, which is much more complex mission, in comparison to hacking managed or even native code.
For a long time Microsoft has no ultimate answer to IP issues of managed code. Sun experienced the same problems with Java. what to do? The answer is to provide comprehensive solution for server side code encoding. This is exactly what was done in Microsoft Software Licensing and Protection Services. This is not free, however it can provide you with comprehensive solution for IP protection, licence management and secure software distribution.
After applying to this service, your code will looks like this
return SLMRuntime.SVMesecMethod(a);
Where SVMesecMethod is server side method, rather then
return MyEncriptor.DecodeString(a);
string DecodeString(string a) {
for ( long offset = 0; offset < a.Length ; offset++ )
{
i = ( i + 1 ) % a.Length ;
j = ( j + a[i] ) % a.Length ;
byte temp = a[i];
a[i] = a[j];
a[j] = temp;
byte a = a[offset];
byte b = a[(a[i]+a[j])% a.Length ];
a[offset] = (byte)((int)a^(int)b);
}
}
Where DecodeString is maybe complicated (this code actually does not work), but easy reflected source.
SLP service is not new approach. It widely used by different companies to protect their software. Also it’s very common way to distribute Smart Client applications. However this is first time Microsoft provides such service widely for ISVs.
You can request evaluation of this service today, by visiting SLP website.
You may also be interested with:
- How to calculate CRC in C#?
- Windows 7 – dry run or how things should be done to correct old mistakes
May 25th, 2008 · Comments (3)
3 Responses to “How to protect your Intellectual Property or some words about next generation obfuscation”
Leave a Reply
Discover other tags
My tools
- .NET Framework Detector
- Duplicate images finder
- Exchange Security Policy for Windows Mobile Devices Fix
- Gas Price Windows Vista SideBar gadget
- Israel Traffic Information Windows Vista SideBar gadget
- Localization fix for SAP ES Explorer for Visual Studio
- LocTester
- RTL and LTR in Windows Live Writer
- Silverlight controls library
- Snipping tool integration plugin for WLW
- USB FM receiver library
- Vista Battery Saver
- WebCam control for WPF
- Windows Live SkyDrive attachment for Windows Live Writer
- Wireless Migrator
- WPF Virtual Keyboard
January 1st, 2009 at 12:50 am
More about obfuscation and protection:
blogs.microsoft.co.il/…/protecting-your-managed-code.aspx
January 1st, 2009 at 12:50 am
Obfuscation is possible way to make reverese engineering more complicated, however it does not make it impossible. Thus, the only real way to protect source code – remove it from the client (S+S model for example)
January 1st, 2009 at 12:50 am
Thanks for the link to "the best obfuscator". I gave it a look, and it seems better than dotfuscator (but I’m quite a newbie). Is this the one you are using ? Does anyone know a better one ? Code is never obfuscated enough right ?
Protecting our IP is *really important* in our business. But we are still writing client-only software… for now.