Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
For C# in a winForms environment, I've licensed my classes by writing specifics to the regestry, encrypted.
Under Mono there are some facilities that are not available to you. The Registry is one of those. What method would you use to license your code under Mono?
I don't want a malicious user to be able to delete the application directory, to reset the trial timer or to copy a .LIC file and suddenly have access to the program.
Any ideas would be appreciated.
Any kind of encrypted certificate license ought to be at least as secure on Mono as it is on Windows. Deploy the app without the certificate. If it doesn't detect the certificate, its in 'reduced functionality' mode. If it does, then its in 'full mode'. Only issue certificate on purchase. For full-functionality-time-limited trials you run into a bigger problem, but at the end of the day, there was nothing stopping the user from messing with their registry, even to the extent of running your app in a VM or using System Restore liberally.
The registry is available to you using the standard .Net Registry classes. You can write your encrypted values there, and retrieve them later.
However, the registry on Linux is just a file in the user's home directory, so what you can't really do is modify it from outside Mono, like from a .msi (as an example, .msi's don't exist on Linux).
You could always encrypt a file based on the CPUID and store it in the directory. I am not sure how storing a file on the hard drive is different than storing something in the registr. A user could still find the registry key export / import it as needed. It would be restricted to that machine only if you use the CPUID or Motherboard information to encrypt the data with.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm building a class library with bunch of methods. One of which is for creating File. I want to make it run only 'N' times and after that to throw exceptions that the limit exceeded. Is there any way to embed that 'N' in the dll or how should i store it to be secure from changing that number.
So far i've tried with static field in the class but the static field is reset everytime the application using that dll is run.
Any suggestions ?
The safest solution would be:
Have the local application collect all relevant local data needed to create the file.
Request the file to a web service that knows how to create it with the supplied data.
The server will verify that the user’s credentials allow him to create the file; he’s a valid registered user, has payed his dues and still has file creations to spare.
Create the file on the server side and allow the user to download it.
Anything running locally in your computer is susceptible to being cracked. Professional softwware and game industries have wasted millions in anti piracy devices and they’ve failed miserably, don’t expect to have any better luck.
All of this obviously has a significant cost. If the risk of your average user knowing how to circumvent a basic protection is small and the loss of profit of those few that would know how to decompile, modify and compile your application is tolerable, then who cares?
Moral of the story: stop thinking about safest and start thinking about safe enough. It’s almost always cheaper.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to write a Windows desktop app with C# that virtualizes a certain file system folder basically so that the app stores files in a folder and makes the file system see the files and sub folders in this folder as if they were files/sub folders in another folder somewhere else (the virtualized folder).
Can this be done with C#?
And can it be done without file access performance penalties?
I know some apps written in C++ that do this but I want to use C# (because more modern and I'm more familiar with it). Perhaps there are even some libs available for this? I only came across sharpfilesystem but - without having looked too deep into it yet - I'm not sure it can do what I'm looking for. I'm also not sure if file system virtualization is the right word used for what I want to do so please correct me if this is something else (symlinks, aliases are related).
The technology you are after is called Shell namespace extension (SNE). Unfortunately, there is no (supported) way of creating a managed SNE:
Microsoft recommends against writing managed in-process extensions to Windows Explorer or Windows Internet Explorer and does not consider them a supported scenario.
For your particular scenario, NTFS junction points might be good enough though.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm developing an .NET MVC web app and using a google service account to create/delete calendar events on users personal calendars. I'm not sure what would be the best way to secure my google authentication key so that only my program has access to it. Currently it's just in the solution folder for testing purposes.
"Best" is subjective. All I can tell you are options:
Put it in the Web.config as an App Setting, and then encrypt your appSettings configuration section. This is probably the safest route, if not the most convenient.
Put it in your code. It's not uncommon for developers to create a static Settings class that holds various bits of information the application needs. However, this means it will be plain text in the source. That's really only a problem if you plan to open-source your code or otherwise store it some place that's accessible to others (and that includes malicious others that shouldn't actually be able to access it). For example, I'd recommend only putting the source on a TFS or Git server internally, behind a firewall, rather than something on the Internet or public-facing. Once the code is compiled, you obviously won't have it in plain text anymore. However, if someone gains access to the compiled code, they could still decompile it and potentially find the string. To protect against that, you could use any number of obfuscation programs out there.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have an application which will be used by various users, when user will start using the application it will generate one license file(encrypted) at the location where it is getting installed, and for each time application runs it will decrypt the file, will validate all parameters and update few of them according to the result of validation and will encrypt the updated file.
Here is one real problem giving pain, that every time the application runs it needs encryption keys(AES) to encrypt and decrypt, and the key is hard-coded within my .NET dll. so there is a possibility that user can extract the key and change the license parameters to run the application.
So my concern is how to protect the file from being tampered?
Is there any way that i can put few of important license parameters some other location instead of keeping it in file?
How to keep the encryption keys secure and safe from fraudulent activities?
Application is in purely offline.
Kindly give me your valuable suggestion and insights.
Thanks in advance
Offline applications written in .net cannot be secured. You cannot reasonably "hide secrets" on someone elses machine. You need to provide a location that You control (i.e. a web service endpoint) to store these secrets. Every which way you look, at some point or other the user of your application has all your logic and all your data on their environment; you have given them the lock and the keys and are just hoping they dont have the persistence to open the lock with the key.
Alternatively, as suggested on another thread this week, you could code your file access logic and keys in VB6 and do an interop call to it - VB6 could be decompiled, but its tough. However someone could just pick up SysInternals and watch your file IO occuring and deduce which file or registry key your secrets are in. If its AES encrypted that will make it tough for them, but they will know which process is opening it ... so they now have a target for their efforts to decompile your code. It would be non-trivial to crack that, but I wouldn't call it secure either.
Only way to prevent a user accessing data on their own PC is to not put it on their PC.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am about to setup my first windows application which is built in C# Visual studio 2010 to my customer.
I want to limit usage to only one computer per installation, but I don't know how to do that.
Can anyone guide me on how I might accomplish this?
Typically this is managed by what's called a "product activation" system. When the customer installs your application, they must enter a serial number or key to "activate" it. If they don't do this, the application remains locked. When they activate your product, the system calls back into your server and says "Hey, this key has been used, and this is the machine it was used on. don't let anyone else use this key again."
http://en.wikipedia.org/wiki/Product_activation
You probably don't want to write this yourself, so there are many third party packages you can purchase to make it difficult for your client to install on multiple machines. There's a fine line though between alienating your client by treating them like a criminal, and trying to protect your hard work.
Pirates gonna pirate.
Encrypt the serial number of the hard-drive into your program. It must be saved to a DB of some kind. Name the field something obscure (not related to a HDD serial #). Then check that it matches every time the app is launched. Not super-high tech, not super-secure, but will work in most situatons. If someone copies the app to another PC, display a message not related to copying the app, but you will know what happened. I've been doing it for years in VB and .NET. Works fine.