Protecting code / login

06/21/2014 15:15 BeginnerDO#1
Hey,

so I have 2 question about security.
Im using visual studio 2010 (vb.net) and so far I have published only .exe files ('cause that way only one file needed to run the program)

Now I'm wondering how to increase programs security...

1) How can I block decomplining? or I mean I tried today decompliler I saw my project's source pretty accuracy. Is there way to hide "main functions", strings, saved settings?

2) Safe login system? Again with decompiler I was able to see all my sql server's data (server, id, name, pass, everything). So if I publish it this way everyone are able to edit it.. How can I fix this?

I quess the exe file may be the problem? Is there any other way to publish single file projects from visual studio? or what should I do? :D
All suggestions are welcome :)
06/21/2014 15:50 tolio#2
Quote:
Originally Posted by BeginnerDO View Post
1) How can I block decomplining? or I mean I tried today decompliler I saw my project's source pretty accuracy. Is there way to hide "main functions", strings, saved settings?
you cant
Quote:
Originally Posted by BeginnerDO View Post
2) Safe login system? Again with decompiler I was able to see all my sql server's data (server, id, name, pass, everything). So if I publish it this way everyone are able to edit it.. How can I fix this?
never ever use a system that requires login details in the code, not sql nor ftp or whatever, use php on a server/webspace as additional layer that creates the database connection

to protect the source there are obfuscators, but all of them are already reversed, so everything they do is to potentially slow down your programm.
06/21/2014 16:43 BeginnerDO#3
I dont know much about file formats so this might be a stubid question but is clickonce application (or any other way?) as easy to decompile as .exe?

and now I'm thinking how its possible to make trial - full version? by decompiling its possible to see full code so anyone can just copy, little edit and paste (make a own editet version of app) it to get "locked" functions available.
06/21/2014 16:59 tolio#4
click once, exe, dll whatever, as long its .Net its very easy to decompile

btw, changing to an other language or platform does not solve this problem, EVERYTHING is crackable; as you see, even the products of big companys are cracked and they can invest enough money in protection and protection research

next question, why do they still earn that much money?
they give support to paying customers and that is a thing even a beginner developer can do, give out licences, use a licence server and give support only to the ppl who can verify they payed.
do not invest to much time in trying to protect your project because it is always crackable, invest this time in developing new features and updates, even when there is a cracked version, the ppl will pay for a good program
06/23/2014 15:21 berkay2578#5
You can modify a .net compiled code's PE. Hence stop most of the "noob crackers who use de4dot". It's the only way to actually stop some people. Although you should note that if someone wants to see your code, they will see it no matter what you do. As long as it's .Net you can DUMP it at runtime or unpack the assembly, again, at runtime.