.Net realtime software licensing [closed]

Question

I've made a program that I need to license before selling it to customers. Since I'm not sure, that it will gain me at least the cost of commercial licensing software, I would not like to buy one.

So I'm looking for advice on how to implement licensing feature with following logic:

• All license keys are validated on server side each time application starts (no licensing info is stored at userside except the license number).
• There is only one application running with one license key at the same time.

What I do not know is how to protect my program from simple decompiling/disassembling and just removing a call to check license? Or making own server that will make a response true on each license? How does such security normally made?

I've searched for free SDKs or something like that, but could not find anything. I'll be very thankful for your help!

P.S: I do not aspire to make the system "indestructible", but I would like to receive the protection that is more expensive to crack than paying $5.10 for a copy of the program.

P.P.S: Sorry for my bad english.

Answer 1

What I do not know is how to protect my program from simple decompiling/disassembling and just removing a call to check license? Or making own server that will make a response true on each license? How does such security normally made?

You are confusing licensing and obfuscation. To prevent the above, you will need to obfuscate your exes and dlls using an obfuscator.

Since I'm not sure, that it will gain me at least the cost of commercial licensing software, I would not like to buy one.

IMHO you are much better off focusing and spending time on your actual software than in developing a licensing scheme from scratch (re-inventing the wheel as they say).

If you do open up to paid solutions, take a look at CryptoLicensing (for licensing and copy-protection) and Crypto Obfuscator (for obfuscation and code-protection).

DISCLAIMER: I work for LogicNP Software, the developer of above mentioned products.

Answer 2

(Sorry can't comment on other people's posts???)

It depends on what your application is doing.

I'm currently faced with the same problem as you. I'm going for a log in system, simply fetch and compare to what's in the database. If not present do not launch app. Not that I need more, the application relies on my database and without it it is useless.

Then they can spend a couple of hours figuring out what my database looks like based on what they see on queries or practically rewriting my entire product. I'm going to spend little on in app security. The only protection I wish to have is not to show my server's data.