I’m trying to protect my software against cracking. Protection against cracking is crucial before listing the product on market.
Info about the software:
- Built using .NET C# (Framework 4.5.2)
- 32 bit
I have made a several protection layers:
- Obfuscation, Renaming, anti-debugging
- Encrypted communications between software and API server (RSA) public key hard-coded
The client will generate a temporary AES keys and encrypt it with server public key then sends it to server, The server will decrypt the data with his RSA Private key and respond with a new AES keys encrypted with the ones provided by the client at first request. Then any communication from client to server will be signed by server RSA pub key and encrypted by AES Keys provided by the server.
Verify libraries integrity by requesting libraries checksum from API and compare it.
And the most important part is, the application will once request “custom data” from API server and store it in memory, to be used by internal software functions. When a function in the application called it will use the “custom data” as input, so there’s no way for the software to operate correctly without having the “custom data”
The API server provides the “custom data” after verifying software activation code and machine unique ID.
The question is:
- With all of these layers, can the software cracked?
- Can the custom data layer bypassed?
- If a cracker bypassed the protection layers until the “custom data” part, it’s possible to clone the software with the “custom data” meaning the software can operate without need to request the custom data from the API?
What i mean by custom data is making the software hybrid, always needs data from API to function
I am counting on the “custom data” protection layer.
Please let me hear your recommendations. thanks a lot