WPF Licensing : Good C# obfuscators?

Actipro Software Web Site Forum

Posted 1 year ago by Pascal
Avatar

Hello,

In the WPF docs, there is a page about licensing : https://www.actiprosoftware.com/docs/controls/wpf/licensing#licensing-via-a-registerlicense-call

In the page, I read this :

It is important to protect your licensee and license key combination from decompilers. We highly recommend using some form of string encryption on the licensee and licenseKey values passed into the ActiproLicenseManager.RegisterLicense method. Many obfuscators include string encryption as an option, or you can use other custom logic to scramble/descramble the strings.

Do you recommend a good C# obfuscator that supports WPF?

I tried a couple obfuscators, but some of them do not obfuscate WPF, some break my app, and others just obfuscate almost nothing...

Thanks

[Modified 1 year ago]

Comments (4)

Answer - Posted 1 year ago by Actipro Software Support - Cleveland, OH, USA
Avatar

Hello,

We currently use .NET Reactor for obfuscation.  Regardless of the obfuscator, you may need to watch the obfuscation level you use to minimize the impact it has on your logic and the possible introduction of issues.  Related to licensing, a main focus is ensuring string encryption is enabled on the obfuscator.


Actipro Software Support

Posted 18 days ago by bcs99
Avatar

I've been trying to use the trial version of .NET Reactor to obfuscate my Licensee and LicenseKey values, but so far, I haven’t had any success. Reactor itself seems to be working — I can see many of the security layers applied — but the string values for my license information remain unchanged in the resulting assembly.

Since you use .NET Reactor and this is for your product, I thought you’d be the best person to ask for help. I’ve implemented it in my WPF application exactly as shown in your documentation, with both String Encryption and Obfuscation enabled. After running the Protect process (either manually or during build) and inspecting the output in dotPeek, I can see that the assembly code for these strings is completely unmodified.

This is my first time working with obfuscation, so I suspect it’s just a simple configuration issue that I’m overlooking. Any guidance you can provide would be greatly appreciated.

public partial class App : Application
{
    private static readonly string Licencee = "My Licence";
    private static readonly string LicenceKey = "My Licence Key";

    protected override void OnStartup(StartupEventArgs e)
    {
        ActiproSoftware.Products.ActiproLicenseManager.RegisterLicense(Licencee, LicenceKey);

        base.OnStartup(e);
    }
}​
Thanks,

Bob
Posted 18 days ago by Actipro Software Support - Cleveland, OH, USA
Avatar

Hi Bob,

When I look at our obfuscated assemblies, I do see strings being replaced with method calls to an internal type that .NET Reactor injects.

Our products' .NET Reactor project settings are pretty basic.  Each project's resulting XML contains these lines related to string encryption settings:

<String_Encryption>true</String_Encryption>
<String_Encryption_Mode>All</String_Encryption_Mode>
<String_Encryption_InclusionExclusion_List />

I'm not sure if string encryption is disabled in the trial version or not.  Do you see other strings getting replaced by a method call?  If so, perhaps try changing how the strings are declared, such as put them directly in a method and see if it helps.

Beyond that, contacting .NET Reactor support is probably your best option since they would know why those strings aren't encrypting.


Actipro Software Support

Posted 18 days ago by bcs99
Avatar

Thanks for the reply.  I  actually just stumbled onto the answer. Apparently, dotPeek will use a PDB file if present to decompile.  It was there.  Remove it and viola! The correct result is as you described. 

Add Comment

Please log in to a validated account to post comments.