.NET decompilation, how easy is it?

Question

I was looking into the best encryption for a license key for an application, and someone said that someone can easily decompile the application and then just skip the test f

Answer 1

Try opening your application with Reflector. You will probably be surprised :-)

And once a cracker has located the right location in your code, they can use a combination of ildasm/ilasm to remove the check from your application - even if the code Reflector generates won't compile.

Answer 2

Even without Reflector, people have been doing this for ages. Basically you watch the app with a debugger - something like WinDBG will do - and then find out when the license check happens. You watch the return value, and then you simply patch the application to jump directly to the "all good" check.

I'd recommend everything that people have posted above. You just have to realize that it is a cat and mouse game, and if your return on investment is going to be worth it. If you have users that aren't trying to game the system, then something simple may do. If you have something where cracking is rampant, then you will have to look at different strategies and go from there.

You don't have to recompile the application to patch it - plenty of binary patch tools exist out there. And it won't stop your most determined crackers if there is enough money to be made.

Answer 3

If this is something you're looking to defend against, you may want to read up on how to attack it.

Exploiting Software by Greg Holland & Gary McGraw is an excellent introduction.