How to implement paid add-ons. options in C# application (schema)?

W

wlastas2021-09-10 14:27:38

C++ / C#

wlastas, 2021-09-10 14:27:38

There is an open source C# application (github.com) that implements the basic functionality.
User support is provided through the Discord channel (~200 subscriptions). 99% of users don't commit anything.
The application is very often updated - conditionally - every day. The new functionality is tested by users, and part of it becomes available under a paid subscription (from 10 per month)
. , could not use them on 10 computers.
I understand that any protection breaks - I'm interested in the option with "protection from the fool" with minimal labor.
Perhaps, in my case, a simple obfuscation of the private part of the code is sufficient, but I don’t want to mess with it - paranoia?.

The option that I'm testing now and which seems to work is very laborious for me, since I have extremely poor knowledge in C ++.
1. The user generates a unique uid of his computer (virtual machine) with an open c# function and sends it to me.
2. On this uid I generate and send back a key by which I will identify the user.
3. Native release C ++ dlls are thrown into the C # folder, in which paid options are implemented, the functionality of which is twitched through DllImport in the main c # application.
At the same time, inside the C ++ dll, the validity of the user key is checked for the presence of connected options and the correspondence of key => PC (WM) for which it was generated, and depending on this, they work or give out garbage.

Is it possible (if so, how) to implement point 3 according to this scheme:

3. After starting the C # application, it requests additional options from the server (signing with a key) in Runtime, and receives them in "byte code" that turns into working functions on the fly .
Perhaps somehow through the AssemblyLoadContext - unfortunately I am not at all familiar with these C# features.
Will it be very difficult to turn this received "byte code" into C # and use it in the main application bypassing the license?
And if it's really quite simple, maybe there are some options with the same obfuscation or something else.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

d-stream, 2021-09-10
@d-stream

Actually, as one of the options:
a certain hardware-key (for example, the serial number of the motherboard, BIOS, hdd) from the user's machine, participating in the decryption of the module,
and the "paid" assembly itself is encrypted,
that is, the currentDomain.AssemblyResolve handler is set += new ResolveEventHandler (MyResolveEventHandler);
and in it decryption and AssemblyLoad from the decryption stream
ps is a free and greatly simplified retelling of the implementation from commercial licensing systems for sharp

G

Griboks, 2021-09-10
@Griboks

Now the trend is that you require a constant connection to the Internet, where you constantly check the license. Moreover, the binding of the license goes to a specific device + IP. It is also impossible to work with two different prints at the same time. Changing fingerprints requires some complicated actions, for example, through a personal account or a call to support. If you have any suspicions, simply cut off the user - the way is to contact the support service or wait an hour until the Internet is given.