How can I obfuscate my c# code, so it can't be deobfuscated so easily? [closed]

Solution 1:

You could have a look at the many obfuscation tools that are out there, for example these:

  • http://gapotchenko.com/eazfuscator.net
  • http://orangeheap.blogspot.nl
  • http://confuser.codeplex.com (succeeded by https://yck1509.github.io/ConfuserEx/ and then again by https://github.com/XenocodeRCE/neo-ConfuserEx)

  • http://ntoolbox.com)

Solution 2:

Well, the problem with languages like C#/Java is that they are generally much easier to de-obfuscate. The way to secure this is generally to put this stuff into a webservice, but you said you couldn't really do that. What about porting specific non-trivial functions over to a language like C, and obfuscate that. Your C# program could then use reflection to make calls to this external/unmanaged dll. It would increase the difficulty for de-obfuscating, but the problem is that if someone wants it bad enough, they can figure it out as it is client-side.

It may be that legal action is the only real solution here, but this is not a site for legal advice, and I am not qualified to give it if it were.

Additionally, this could be a business decision. Consider Making your software open-source and post a donation link. I am also not qualified to give business advice, but this is worth considering. It may actually increase your revenue, not to mention the other benefits that come with releasing open-source software.

Solution 3:

There's Dotfuscator (http://www.preemptive.com/products/dotfuscator/overview). But the best solution in some cases is to offer what you do as a web site (Software as a Service).

Consider this tool for example to convert VB to C#: http://converter.telerik.com/

Or this tool to format JSON: http://jsonformatter.curiousconcept.com/

This may or may not work for you. I don't know what the nature of the software you're trying to protect is.

Solution 4:

No, your code needs to contain the information needed to decrypt itself, its an impossible problem to solve.

Your best solution is to put your intellectual property on a server in the cloud that only you have access to. Give your customers a unique login, audit their access to check for abuse, off load as much grunt work onto your customers machines, but keep your algorithms locked into the cloud.