Hi there!

I got the following problem: I've developed a custom application that is used to manage special sports tournaments. There is no real market for this application except for a few people who organize such events, which aren't many. Now I got the first request to sell a licence. I don't want sell it, but instead get payed for each event that is managed using my software.

The program is written in C#, so cracking it is no problem at all. I'm searching for creative ways to protect it. Piracy is no real problem for me because of the small market. There is no way for me to ever make any money when considering the development time in relation to the money anybody who needs this software could ever pay but I want a fair amount of money (which I badly need at the moment) to share it.

My idea is to allow the custmer to run this software until after his tournament without any problems, but afterwards it should stop working, so he has to buy another licence for the next year or so.

The Software is split into two parts: An admin frontend where you enter competitors, create a competition and export it to a file. A player like interface which can show you the exported tournament schedule, timer, points ... This is where the actual competition is done.

How would you protect it?

Thanks for your ideas ...

First, make a good EULA.

I think paravirtualizating the protection schema will be a good start, later IŽll expand my post.

Hi,

Usually you have:

C# --> CIL (Common Intermediate Language) --> CLR (Common Language Runtime) --> Native Code

The idea could lie somewhere between CIL and Native code. Maybe something like:

C# --> CIL --> New Intermediate Language (NIL) --> CIL --> CLR --> Native Code

Your customers would have only the binary with the 'NIL' opcodes. The binary would also have a kind of VM which would output the CIL from the NIL.

Two options:

1) The whole binary is converted from NIL to CIL on each run (something like an in-memory conversion).

Pros: Fast as original (CIL only) binary.
Cons: Easy to reverse once you have analyzed the VM or once the binary is converted.

2) Only output one CIL instruction from NIL to CIL and pass this instruction to the CLR.

Pros: Harder to reverse than option 1)
Cons: Will be slower than original binary.

Honestly, this is just a thought experiment, since I don't know if any of the proposed options is in fact doable. I've never been in .NET reversing/protection field.

Depending on what the application really does, make it into a web application that runs on your own servers. That's the most secure method of all, if applicable to your application.

I agree with delta, best thing is porting it to be a web application. Then there is no way to crack it and you can implement billing easily by a User/Role/Logging-Mechanism.

Regards,
OHPen.

And for the *really* determined, there's always PHRACK!

Have Phun