Monday, May 26, 2008

How to protect your Intellectual Property or some words about next generation obfuscation

Not once customers asking me about protecting their IP (not address). The regular answer was “obfuscation”. You want more, then this? Use third party unmanaged hash providers (such as RemoteSoft, which is the best so far). However it not enough. the best we can do is to provide sensitive code as remote service. The only way to “hack” such protection is by hacking remote server, which is much more complex mission, in comparison to hacking managed or even native code.

© Don Farrall

For a long time Microsoft has no ultimate answer to IP issues of managed code. Sun experienced the same problems with Java. what to do? The answer is to provide comprehensive solution for server side code encoding. This is exactly what was done in Microsoft Software Licensing and Protection Services. This is not free, however it can provide you with comprehensive solution for IP protection, licence management and secure software distribution.

After applying to this service, your code will looks like this

return SLMRuntime.SVMesecMethod(a);

Where SVMesecMethod is server side method, rather then

return MyEncriptor.DecodeString(a);
string DecodeString(string a) {
for ( long offset = 0; offset < a.Length ; offset++ )
                    i = ( i + 1 ) % a.Length ;
                    j = ( j + a[i] ) %  a.Length ;
                    byte temp =  a[i];
                    a[i] = a[j];
                    a[j] = temp;
                    byte a = a[offset];
                    byte b = a[(a[i]+a[j])% a.Length ];
                    a[offset] = (byte)((int)a^(int)b);   

Where DecodeString is maybe complicated (this code actually does not work), but easy reflected source.

SLP service is not new approach. It widely used by different companies to protect their software. Also it’s very common way to distribute Smart Client applications. However this is first time Microsoft provides such service widely for ISVs.

You can request evaluation of this service today, by visiting SLP website.

No comments: