Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Reverse Engineering Protection


  • Please log in to reply
10 replies to this topic

#1 mohd

mohd

    CC Lurker

  • Just Joined
  • Pip
  • 3 posts

Posted 15 December 2010 - 08:50 PM

I'm new to this, but I'm wondering if anyone knows a good way to help protect programs from reverse engineering and decompilation. I've seen some software but not all of it looks that good and if it somehow works the exe is no longer working or just too slow to do anything, or freezes the computer completely. Thanks in advance!

Edited by Alexander, 15 December 2010 - 09:18 PM.
(removed spam link sig)

  • 0

#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts
  • Location:Upstate, South Carolina
  • Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
  • Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Posted 17 December 2010 - 07:52 PM

Ultimately, the functionality of a program can almost ALWAYS be reverse-engineered. It may take a while for some items, but the code is simply there. In addition, a decompiler just works. You program is ultimately in a readable form, even though most people don't know machine language. You would probably do better to put your energy into adding features, not obfuscating your compiled code.
  • 0

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 Generic

Generic

    CC Regular

  • Just Joined
  • PipPipPip
  • 25 posts

Posted 27 December 2010 - 12:33 AM

I have heard only reverse engineering about the .net. We use .net reflector.

If you use .net reflector or a java decompiler you can get the source code if you're disassembling an exe that doesn't run off of some sort of VM you'll get assembly
If you want to see a higher level view of assembly there's something called Hexrays that's a plugin for IDA that will give you C(I believe) code.

@OP:
I've heard of chunks of assembly you can add that would crash common disassemblers like Olly, or IDA. But like what WingedPanther said there's always going to be a way that your code can be reverse engineered. There's also other solutions that can help deter reverse engineering attempts like Themida or packers.

  • 0

#4 gregwarner

gregwarner

    Obi Wan of Programming

  • Expert Member
  • PipPipPipPipPipPipPip
  • 1586 posts
  • Location:Arkansas
  • Programming Language:C, Java, C++, C#, PHP, Transact-SQL

Posted 04 March 2011 - 11:28 AM

It's similar to the problem with trying to prevent digital movies and songs from being copied. The media is simply there, and it has to be executed/played at some point. If you have some IP or trade secrets in your code that you don't want to be discovered, consider a hosted service in which your customers download some client software which interfaces with your servers. That way, your sensitive algorithms can be protected by keeping them and executing them on your machines while providing just the I/O for those algorithms to your customers.
  • 0

#5 Smilex

Smilex

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 76 posts
  • Location:Faroe Islands
  • Programming Language:C, C++, PHP, Python, JavaScript, Lua, Others
  • Learning:Objective-C, PHP, Python, Assembly, Bash

Posted 07 March 2011 - 04:00 PM

There's no use in trying to prevent reverse engineering, by any digital protection system. Although some indie games have managed to get people from illegally downloading the game and instead buying it, using marketing and whatnot. Since torrents are the main source for illegal products, Wolfire games actually got some more buyers by simply releasing their indie bundle in a torrent format, supposedly that worked.
  • 0

#6 lethalwire

lethalwire

    while(false){ ... }

  • Senior Member
  • PipPipPipPipPipPip
  • 766 posts
  • Programming Language:C, Java, PHP, JavaScript
  • Learning:PHP

Posted 07 March 2011 - 04:59 PM

It's similar to the problem with trying to prevent digital movies and songs from being copied. The media is simply there, and it has to be executed/played at some point. If you have some IP or trade secrets in your code that you don't want to be discovered, consider a hosted service in which your customers download some client software which interfaces with your servers. That way, your sensitive algorithms can be protected by keeping them and executing them on your machines while providing just the I/O for those algorithms to your customers.


Using a real-world example: some form of digital rights management. Some game companies are requiring that you register your game online and STAY online while playing it.
It's rather ironic because I can see how adding this type of drm can influence the usage of illegal torrents.

I agree with everyone, reverse engineering your software can take time, but it can be done.
You could try to make your software really cheap and easily accessible ( via d/l instead of buying in-store ).

I like the idea Steam or Direct2Drive has setup. You can simply pop your credit card # in and buy/download/play a game almost instantly. And they'll usually have good/decent sales on games, so it's really worth buying over pirating.

In any case, think of the preventative measures you'll take against pirating/cracking your software.
  • 0

#7 Smilex

Smilex

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 76 posts
  • Location:Faroe Islands
  • Programming Language:C, C++, PHP, Python, JavaScript, Lua, Others
  • Learning:Objective-C, PHP, Python, Assembly, Bash

Posted 08 March 2011 - 01:09 AM

Steam games are being reverse-engineered all the time. Making you stay online does not prevent the reverse engineers from doing what they do, I can imagine it encouraging them more, as only the best can do it, so you can easily get recognition if you can do it.
  • 0

#8 lethalwire

lethalwire

    while(false){ ... }

  • Senior Member
  • PipPipPipPipPipPip
  • 766 posts
  • Programming Language:C, Java, PHP, JavaScript
  • Learning:PHP

Posted 10 March 2011 - 06:00 PM

Steam games are being reverse-engineered all the time. Making you stay online does not prevent the reverse engineers from doing what they do, I can imagine it encouraging them more, as only the best can do it, so you can easily get recognition if you can do it.


The point was that Steam has some ridiculous sales where I'd rather buy than pirate.
  • 0

#9 alma111

alma111

    CC Lurker

  • Just Joined
  • Pip
  • 3 posts

Posted 07 April 2011 - 03:38 AM

Code Signing as Reverse Engineering Protection
In my last post I spoke about reverse engineering .NET assemblies upon which Gregory asked how to protect his code against it.

Initially I thought signing an assembly would be the easiest way to prevent this, and my first tests confirmed this. I signed the CrackMe from my previous post and tried modifying it again, unsuccessfully.

But in the end Code Signing your assembly proved to be useless against reverse engineering.
  • 0

#10 bbqroast

bbqroast

    Codecall Addict

  • Senior Member
  • PipPipPipPipPipPip
  • 564 posts
  • Location:/etc/passwd

Posted 08 June 2011 - 01:23 PM

Be nice, Be nice, Be nice
Thats the only way you can do it, if I see someone with Flash 8 I'll live on but when I see pirated Minecraft it makes me sad! Why? Because Notch is a one person developer who deserves the money, all I see when I look at Adobe is a giant corporate logo- When someone says Mojang I think of the pictures of people ripping up the offices dirty carpets.

Also make features only registered players can use (for example most big servers can only be played by registered users who have paid- otherwise the server admins could have fakes logging in under their name!).
  • 0
Please, write clearly with proper structure. Double spacing makes the text feel un-jointed, Capitalizing Every Word Means People Stop Before Every Word Sub-Consciously Which Is A Pain In The Backside, and use code tags! (The right most styling box).

#11 LogicNP

LogicNP

    CC Lurker

  • Just Joined
  • Pip
  • 2 posts

Posted 18 July 2011 - 12:18 AM

In the .Net universe, decompiling is especially easy given the well documented .Net metadata format. There are even ready-made tools which can view the entire source code in the exe/dll . So obfuscating your .net exes and dlls using something like Crypto Obfuscator is extremely crucial. Obfuscation offers reasonably good protection - in the end, nothing is RE-proof, but this is as good as it gets.
  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download