The Business of Software

My WPF app is almost done, but until today I was totally unaware how easy is to, not only remove protection but also to completely view the source code!

This reflector.exe app will enable anyone to reconstruct my source code... I am completely shocked now and feel like my work which took me many months was almost for nothing. Just by selling my full version I will also give away my source code as the bonus for free, isn't that just great?

Also, since WPF is relatively new technology not many products for .net app protection support WPF apps. I tested one of them (smartassembly) but it seems that reflector still can read my source code. Even if it had been able to protect it well I am on a very tight budget and would be able to afford protection system like this.
It seems that obfuscators type protection doesn't work neither.

Anyway, I am now thinking about some custom protection but I have no idea how should it look like. Maybe I should go with some kind of online activation that is necessarily? Once activated product would download missing parts of the code or even the full .exe version. This wouldn't be too much hassle for the user since I assume they would have internet connection since they purchased it online.

Do you have any other ideas?
Help!

"Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats."

-- Howard Aiken ( http://en.wikipedia.org/wiki/Howard_H._Aiken )

If you use .NET your code can easily be re-assembled with tools like Reflector. Obfuscators and the likes will only make your class/method/variable naming different - not really a challenge for anyone dedicated.
  One option will be to distribute your application pre-compiled by ways of NGen or similar tools.
 You will probably get better answers at stackoverflow.com . Also, since this has surprised you, you might want to do a bit of reading on the how's and what's of the CLR / .NET framework.

 I wouldn't really worry too much about this though - have yet to hear about anybody stealing applications by way of disassembling (would like to be corrected though) - it usually takes a bit more than just code to be successful in this area.

You can use an Obfuscater to make the code harder to read. But unless your system contains some highly confidential algorithms I wouldn't worry. It's not like they can easily rebuild your app from the source and launch it a week later as a competitor. Most applications just have mountains of data access code and proprietary business logic code that is of very little use for anyone. I'll happily hand over most of my application code, if only it wasn't some embarrassing!

I coded a .NET packer application that packs and encodes .NET assemblies into a single native binary for this very reason. It fully supports WPF applications.

I used it to pack the ebookreader application at http://beta.owomi.com.

Would anybody be interested in such a product? It'll take me a few days to get it to a point where I can sell this. How much should I charge for this?

the "simple" approach - obfuscation.

the "belt and braces" appraoch - obfuscation + packer app.

the "two belts,  two braces and pants stitched into your skin" approach - something like xheo code protection, or the kind of stuff skype do to encrypt their app http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf

I also like your idea of not sending all the code until the person has paid. What you're suggesting sounds a little complicated. Would a seperate "trial" and "full version" binary do the same thing?

We recently released a WPF app - used salamander .NET protector. It works very well and is relatively easy to get going.
http://www.remotesoft.com/salamander/protector.html

Don't worry about it. Whatever you do, if someone is motivated ($$$, etc) they will get around any security.

Luckily, the chances of this happening are small.

I guess sometimes .NET is seen as more susceptible to this kind of thing, but it has always been the case, for pretty much any kind of software.

For example, back in the 1980's I made a nice living selling a disassembler/editor for machine code, so that people could see how games worked and discover "pokes" to get infinite lives, etc. It was cool, in that it could re-locate itself in memory so that it wasn't overwritten by the game. It could even hide itself in the video memory. This was supposed to be impossible on a Z80 processor, but I found a way to do it.

Scorpio's post made me think back to when I had one of these
http://www.erik-kunze.de/museum/mf3.html

Complete with the famous red button!

I have used .NET Reactor and Intellilock to protest WPF apps and they are alot cheaper than Salamander was.

http://eziriz.com/

(word of warning is that many people have a problem with getting tech support from the guy that writes it.  I personally do not, but many complain about it.)

@Colin:
There was lots of interesting hardware and software for the ZX Spectrum, back in the day.

I built a few hardware things myself, but mostly I was a machine code hacker ;-)

The most exciting thing I built was an XY Plotter for a school project. It used stepper motors and servos and looked like this one:

http://pictures.kyozou.com/pictures/_9/8094/8093429.jpg

@Colin

>http://www.erik-kunze.de/museum/mf3.html

oh... did i need one of those to get those pokes in 'sinclair user' to work??!  finally the answer.

i feel like homer when marge pointed out that his robot never worked because it didn't have 'all that stuff in there'...