Obfuscation vs Packing [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

What is the difference between "Obfuscating" code in my application as opposed to "Packing" it with solutions like Themida?

How are these two terms different when it comes to someone trying to pirate my application?

Edit: Restructured question.

Answer 1

It is quite easy to do this without spending money have a look at Dotfuscator, there is a free edition and comes with Visual Studio.

Answer 2

You're talking about a few separate and unrelated things here. Let's define some terms.

Obfuscation

This generally involves automatically renaming as much non-public code as possible. It's still the same code and will run exactly the same way, and it's just as easy to disassemble your program as it was before, but it may delay someone in understanding exactly what the code is doing while they put the pieces together.

Encryption

This generally involves translating a sequence of information into another sequence of information. Encrypting a file, such as your assembly, will mean that it can no longer be easily inspected but it can also no longer be run. The CLR needs to be able to understand your program, and if it's encrypted then it has no idea what you're trying to say.

So now let's talk about your questions.

What if I use a program to encrypt my program?

This is a very bad idea. Say you have your encrypted program and your encryptor program. What's to stop somebody from just disassembling the encryptor program, using the same encryption algorithm, keys, salt, etc. and just decrypting your program themselves? Your encrypted data is only as secure as your method of encryption.

Then how do I stop people from pirating my program?

That's a good question and that's one that quite a few people have been trying to find a solution to for a while now. There are a few paths you can go down, DRM, Licensing Services, or having something that's not actively running on the computer itself (i.e. web software).

If you have a more specific question along one of these topics, you are welcome to ask a more specific question.

Answer 3

I think you'll need to implement a plugin architecture. The decrypt application plugs into the main application.

The main application has an interface IDecryptor with a Decrypt method.

And the decrypt application has a class Decryptor that implements the interface.

The main application checks whether the IDecryptor service is registered (a.k.a. plugged in). If it is indeed registered, the Decrypt method can be called.

This says nothing about security yet. It involves algorithms like MD5 and SHA. They take a password and some salt. And give you a hash string (looks like random text). You dont save passwords. You save hash strings!

There's a lot to say about security and encryption. This is all I know in a nutshell.