Review: CryptoLicensing for .NET

My blog has moved. You can view this post at the following address: http://www.osherove.com/blog/2009/6/1/review-cryptolicensing-for-net.html
Published Tuesday, June 2, 2009 2:39 AM by RoyOsherove
Filed under: ,

Comments

Tuesday, June 2, 2009 4:06 AM by Alastair

# re: Review: CryptoLicensing for .NET

Nice review.  I like the fact that you have taken the time to discuss any shortcomings with the producer and reported their responses.

Tuesday, June 2, 2009 4:18 AM by FransBouma

# re: Review: CryptoLicensing for .NET

So have you tried to crack it? Have you ran filemon and regmon at the same time you tried or installed a trial-ware app? If so, could you spot the place where it stored the # of times the app had ran?

Regardless, these license systems are pretty meaningless today. with sn.exe being a small tool, crackers ship the hacked exe with sn.exe and simply register the hacked exe as an assembly which shouldn't be verified by the CLR of signature corruption. With sandboxie or even a VM, trialware is really simple to circumvent.

It's sad really, but at the same time it's good to know so spending time and/or money on a protection scheme isn't worth it. It took crack groups 5 years to crack mine but eventually they did. I worked around xheo in 5 minutes and I didn't even try hard. (I did that to see if I should use them as a license system. It was too easy to work around by an office worker so I didn't go for it and wrote my own).

If it's too hard, people will simply use a stolen CC and purchase a valid license and distribute that. I'm sure you've seen the same things happen to typemock as what happened to our work. Next version will have a simpler trial scheme, which might be easier to crack, but so be it. They'll do it anyway eventually, so spending money on this is really not worth it.